[2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 160 [2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0xa0 [2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) Transaction 345 of length 164 [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22081 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=93 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 EF 00 00 ........ .L...... [020] 00 34 00 00 00 00 00 40 00 E0 41 09 00 07 00 00 .4.....@ ..A..... [030] 00 00 00 00 00 07 00 00 00 5C 00 5C 00 45 00 4C ........ .\.\.E.L [040] 00 4C 00 49 00 00 00 26 00 30 00 00 00 01 00 00 .L.I...& .0...... [050] 00 01 00 00 00 03 00 00 00 00 00 00 00 ........ ..... [2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (1019, 1000) - sec_ctx_stack_ndx = 0 [2006/02/01 14:10:54, 5] auth/auth_util.c:debug_nt_user_token(457) NT user token of user S-1-5-21-2044582568-1589646193-1504741369-3038 contains 10 SIDs SID[ 0]: S-1-5-21-2044582568-1589646193-1504741369-3038 SID[ 1]: S-1-5-21-2044582568-1589646193-1504741369-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2044582568-1589646193-1504741369-1000 SID[ 6]: S-1-5-21-2044582568-1589646193-1504741369-10 SID[ 7]: S-1-5-21-2044582568-1589646193-1504741369-512 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-5-21-2044582568-1589646193-1504741369-5011 SE_PRIV 0x1f0 0x0 0x0 0x0 [2006/02/01 14:10:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 1019 Primary group is 1000 and contains 6 supplementary groups Group[ 0]: 1000 Group[ 1]: 10 Group[ 2]: 512 Group[ 3]: 513 Group[ 4]: 544 Group[ 5]: 2005 [2006/02/01 14:10:54, 5] smbd/uid.c:change_to_user(304) change_to_user uid=(1019,1019) gid=(0,1000) [2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 76 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 76 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 004c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000ef [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 00000034 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0040 [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x40 - unknown [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 23 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0020 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000ef [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_rpc_hdr_fault fault [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0018 status : NT code 0x1c010002 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 001c reserved: 00000000 [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 60 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) read_from_pipe: samr: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22081 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 EF 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 148 [2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x94 [2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) Transaction 346 of length 152 [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22145 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=81 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 40 00 00 00 F0 00 00 ........ .@...... [020] 00 28 00 00 00 00 00 3E 00 E0 41 09 00 07 00 00 .(.....> ..A..... [030] 00 00 00 00 00 07 00 00 00 5C 00 5C 00 45 00 4C ........ .\.\.E.L [040] 00 4C 00 49 00 00 00 26 00 02 00 00 00 30 00 00 .L.I...& .....0.. [050] 00 . [2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=64 params=0 setup=2 [2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 64 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 64 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 64 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 48 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 48 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0040 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f0 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 48 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 48, incoming data = 48 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 00000028 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 003e [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x3e - api_rpcTNP: rpc command: SAMR_CONNECT4 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[47].fn == 0x800ee158 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_connect4 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 ptr_srv_name: 000941e0 [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_unistr2 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 uni_max_len: 00000007 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0008 offset : 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c uni_str_len: 00000007 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(843) 0010 buffer : \.\.E.L.L.I... [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0020 unk_0: 00000002 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0024 access_mask: 00000030 [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2204) _samr_connect4: 2204 [2006/02/01 14:10:54, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000030, for NT token with 10 entries and first sid S-1-5-21-2044582568-1589646193-1504741369-3038. [2006/02/01 14:10:54, 3] lib/util_seaccess.c:se_access_check(250) [2006/02/01 14:10:54, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2044582568-1589646193-1504741369-3038 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-1000 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-10 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-512 se_access_check: also S-1-5-32-544 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-5011 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20031, current desired = 30 [2006/02/01 14:10:54, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (30) granted. [2006/02/01 14:10:54, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(182) _samr_connect4: access GRANTED (requested: 0x00000030, granted: 0x00000030) [2006/02/01 14:10:54, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(240) get_samr_info_by_sid: created new info for sid (NULL) [2006/02/01 14:10:54, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(244) get_samr_info_by_sid: created new info for NULL sid. [2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[6] [000] 00 00 00 00 4B 00 00 00 00 00 00 00 6E C1 E0 43 ....K... ....n..C [010] 61 52 00 00 aR.. [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2236) _samr_connect: 2236 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_connect4 [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd connect_pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 0000004b [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 6e c1 e0 43 61 52 00 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0014 status: NT_STATUS_OK [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 970 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 48 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0030 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f0 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000018 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22145 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 F0 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 4B 00 00 ........ .....K.. [020] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 00 00 00 .....n.. CaR..... [030] 00 . [2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 136 [2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x88 [2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) Transaction 347 of length 140 [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22209 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=69 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 F1 00 00 ........ .4...... [020] 00 1C 00 00 00 00 00 06 00 00 00 00 00 4B 00 00 ........ .....K.. [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 00 00 00 .....n.. CaR..... [040] 00 00 20 00 00 .. .. [2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=52 params=0 setup=2 [2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 52 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 52 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0034 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f1 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 0000001c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0006 [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS [2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[3].fn == 0x800ee3f2 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_enum_domains [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 0000004b [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 6e c1 e0 43 61 52 00 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0014 start_idx: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0018 max_size : 00002000 [2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 4B 00 00 00 00 00 00 00 6E C1 E0 43 ....K... ....n..C [010] 61 52 00 00 aR.. [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) _samr_enum_domains: access check ((granted: 0x00000030; required: 0x00000010) [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:make_enum_domains(2291) make_enum_domains [2006/02/01 14:10:54, 10] rpc_parse/parse_samr.c:init_sam_entry(1291) init_sam_entry: 0 [2006/02/01 14:10:54, 10] rpc_parse/parse_samr.c:init_sam_entry(1291) init_sam_entry: 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_samr.c:init_samr_r_enum_domains(3109) init_samr_r_enum_domains [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_enum_domains [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 next_idx : 00000002 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 ptr_entries1: 00000001 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0008 num_entries2: 00000002 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c ptr_entries2: 00000001 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 num_entries3: 00000002 [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000014 sam_io_sam_entry dom[0] [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0014 rid: 00000000 [2006/02/01 14:10:54, 7] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_unihdr unihdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0018 uni_str_len: 0010 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 001a uni_max_len: 0010 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 001c buffer : 00000001 [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000020 sam_io_sam_entry dom[1] [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0020 rid: 00000000 [2006/02/01 14:10:54, 7] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_unihdr unihdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0024 uni_str_len: 000e [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0026 uni_max_len: 000e [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0028 buffer : 00000001 [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002c smb_io_unistr2 dom[0] [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 002c uni_max_len: 00000008 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0030 offset : 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0034 uni_str_len: 00000008 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(843) 0038 buffer : U.4.E.A.T.E.C.H. [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000048 smb_io_unistr2 dom[1] [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0048 uni_max_len: 00000007 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 004c offset : 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0050 uni_str_len: 00000007 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(843) 0054 buffer : B.u.i.l.t.i.n. [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0064 num_entries4: 00000002 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0068 status: NT_STATUS_OK [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 90 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 36 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 108. [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0084 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f1 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 0000006c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..132] [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=188 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22209 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 132 (0x84) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 132 (0x84) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 84 00 00 00 F1 00 00 ........ ........ [010] 00 6C 00 00 00 00 00 00 00 02 00 00 00 01 00 00 .l...... ........ [020] 00 02 00 00 00 01 00 00 00 02 00 00 00 00 00 00 ........ ........ [030] 00 10 00 10 00 01 00 00 00 00 00 00 00 0E 00 0E ........ ........ [040] 00 01 00 00 00 08 00 00 00 00 00 00 00 08 00 00 ........ ........ [050] 00 55 00 34 00 45 00 41 00 54 00 45 00 43 00 48 .U.4.E.A .T.E.C.H [060] 00 07 00 00 00 00 00 00 00 07 00 00 00 42 00 75 ........ .....B.u [070] 00 69 00 6C 00 74 00 69 00 6E 00 00 00 02 00 00 .i.l.t.i .n...... [080] 00 00 00 00 00 ..... [2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 164 [2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0xa4 [2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) Transaction 348 of length 168 [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22273 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=97 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 50 00 00 00 F2 00 00 ........ .P...... [020] 00 38 00 00 00 00 00 05 00 00 00 00 00 4B 00 00 .8...... .....K.. [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 10 00 10 .....n.. CaR..... [040] 00 50 2F 09 00 08 00 00 00 00 00 00 00 08 00 00 .P/..... ........ [050] 00 55 00 34 00 45 00 41 00 54 00 45 00 43 00 48 .U.4.E.A .T.E.C.H [060] 00 . [2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=80 params=0 setup=2 [2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 80 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 80 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 64 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0050 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f2 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 64 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 64, incoming data = 64 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 00000038 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0005 [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN [2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[41].fn == 0x800ee296 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_lookup_domain [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd connect_pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 0000004b [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 6e c1 e0 43 61 52 00 00 [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000014 smb_io_unihdr hdr_domain [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 uni_str_len: 0010 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0016 uni_max_len: 0010 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0018 buffer : 00092f50 [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_unistr2 uni_domain [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 001c uni_max_len: 00000008 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0020 offset : 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0024 uni_str_len: 00000008 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(843) 0028 buffer : U.4.E.A.T.E.C.H. [2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 4B 00 00 00 00 00 00 00 6E C1 E0 43 ....K... ....n..C [010] 61 52 00 00 aR.. [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) _samr_lookup_domain: access check ((granted: 0x00000030; required: 0x00000020) [2006/02/01 14:10:54, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2273) Returning domain sid for domain U4EATECH -> S-1-5-21-2044582568-1589646193-1504741369 [2006/02/01 14:10:54, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_domain(138) init_samr_r_lookup_domain [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_lookup_domain [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 ptr: 00000001 [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000004 smb_io_dom_sid2 sid [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 num_auths: 00000004 [2006/02/01 14:10:54, 7] rpc_parse/parse_prs.c:prs_debug(82) 000008 smb_io_dom_sid sid [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0008 sid_rev_num: 01 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0009 num_auths : 04 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 000a id_auth[0] : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 000b id_auth[1] : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 000c id_auth[2] : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 000d id_auth[3] : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 000e id_auth[4] : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 000f id_auth[5] : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32s(898) 0010 sub_auths : 00000015 79dddaa8 5ec01371 59b087f9 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0020 status: NT_STATUS_OK [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 16 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 64 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 003c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f2 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000024 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..60] [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22273 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 F2 00 00 ........ .<...... [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 04 00 00 .$...... ........ [020] 00 01 04 00 00 00 00 00 05 15 00 00 00 A8 DA DD ........ ........ [030] 79 71 13 C0 5E F9 87 B0 59 00 00 00 00 yq..^... Y.... [2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 160 [2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0xa0 [2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) Transaction 349 of length 164 [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22337 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=93 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 F3 00 00 ........ .L...... [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 4B 00 00 .4...... .....K.. [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 00 02 00 .....n.. CaR..... [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 A8 DA DD 79 71 13 C0 5E F9 87 B0 59 ....yq.. ^...Y [2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=76 params=0 setup=2 [2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 76 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 76 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 004c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f3 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 60 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 00000034 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0007 [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[39].fn == 0x800ec984 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_domain [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 0000004b [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 6e c1 e0 43 61 52 00 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0014 flags: 00000200 [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_dom_sid2 sid [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0018 num_auths: 00000004 [2006/02/01 14:10:54, 7] rpc_parse/parse_prs.c:prs_debug(82) 00001c smb_io_dom_sid sid [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 001c sid_rev_num: 01 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 001d num_auths : 04 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 001e id_auth[0] : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 001f id_auth[1] : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0020 id_auth[2] : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0021 id_auth[3] : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0022 id_auth[4] : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0023 id_auth[5] : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32s(898) 0024 sub_auths : 00000015 79dddaa8 5ec01371 59b087f9 [2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 4B 00 00 00 00 00 00 00 6E C1 E0 43 ....K... ....n..C [010] 61 52 00 00 aR.. [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) _samr_open_domain: access check ((granted: 0x00000030; required: 0x00000020) [2006/02/01 14:10:54, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(151) access_check_samr_object: user rights access mask [0xd047a] [2006/02/01 14:10:54, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000200, for NT token with 10 entries and first sid S-1-5-21-2044582568-1589646193-1504741369-3038. [2006/02/01 14:10:54, 3] lib/util_seaccess.c:se_access_check(250) [2006/02/01 14:10:54, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2044582568-1589646193-1504741369-3038 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-1000 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-10 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-512 se_access_check: also S-1-5-32-544 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-5011 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 200 [2006/02/01 14:10:54, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (200) granted. [2006/02/01 14:10:54, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(182) _samr_open_domain: access GRANTED (requested: 0x00000200, granted: 0x000d067a) [2006/02/01 14:10:54, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(240) get_samr_info_by_sid: created new info for sid S-1-5-21-2044582568-1589646193-1504741369 [2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[7] [000] 00 00 00 00 4C 00 00 00 00 00 00 00 6E C1 E0 43 ....L... ....n..C [010] 61 52 00 00 aR.. [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) samr_open_domain: 390 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_domain [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 0000004c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 6e c1 e0 43 61 52 00 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0014 status: NT_STATUS_OK [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 956 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 60 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0030 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f3 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000018 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22337 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 F3 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 4C 00 00 ........ .....L.. [020] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 00 00 00 .....n.. CaR..... [030] 00 . [2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 188 [2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0xbc [2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) Transaction 350 of length 192 [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=188 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22401 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 104 (0x68) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=121 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 68 00 00 00 F4 00 00 ........ .h...... [020] 00 50 00 00 00 00 00 11 00 00 00 00 00 4C 00 00 .P...... .....L.. [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 01 00 00 .....n.. CaR..... [040] 00 E8 03 00 00 00 00 00 00 01 00 00 00 18 00 1A ........ ........ [050] 00 48 9E 26 00 0D 00 00 00 00 00 00 00 0C 00 00 .H.&.... ........ [060] 00 44 00 6F 00 6D 00 61 00 69 00 6E 00 20 00 55 .D.o.m.a .i.n. .U [070] 00 73 00 65 00 72 00 73 00 .s.e.r.s . [2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=104 params=0 setup=2 [2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 104 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 104 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 104 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 104, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 88 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 88 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0068 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f4 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 88 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 88, incoming data = 88 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 00000050 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0011 [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUP_NAMES [2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[19].fn == 0x800ed4c8 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_lookup_names [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 0000004c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 6e c1 e0 43 61 52 00 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0014 num_names1: 00000001 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0018 flags : 000003e8 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 001c ptr : 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0020 num_names2: 00000001 [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000024 smb_io_unihdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0024 uni_str_len: 0018 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0026 uni_max_len: 001a [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0028 buffer : 00269e48 [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 00002c smb_io_unistr2 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 002c uni_max_len: 0000000d [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0030 offset : 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0034 uni_str_len: 0000000c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(843) 0038 buffer : D.o.m.a.i.n. .U.s.e.r.s. [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1095) _samr_lookup_names: 1095 [2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 4C 00 00 00 00 00 00 00 6E C1 E0 43 ....L... ....n..C [010] 61 52 00 00 aR.. [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) _samr_lookup_names: access check ((granted: 0x000d067a; required: 0000000000) [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1114) _samr_lookup_names: looking name on SID S-1-5-21-2044582568-1589646193-1504741369 [2006/02/01 14:10:54, 10] passdb/util_sam_sid.c:map_name_to_wellknown_sid(289) map_name_to_wellknown_sid: looking up Domain Users [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1019, 1000) : sec_ctx_stack_ndx = 1 [2006/02/01 14:10:54, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/02/01 14:10:54, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/02/01 14:10:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/02/01 14:10:54, 5] lib/smbldap.c:smbldap_search_ext(980) smbldap_search_ext: base => [dc=u4eatech,dc=com], filter => [(&(uid=Domain Users)(objectclass=sambaSamAccount))], scope => [2] [2006/02/01 14:10:54, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1335) ldapsam_getsampwnam: Unable to locate user [Domain Users] count=0 [2006/02/01 14:10:54, 5] lib/smbldap.c:smbldap_search_ext(980) smbldap_search_ext: base => [ou=Group,dc=u4eatech,dc=com], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=Domain Users)(cn=Domain Users)))], scope => [2] [2006/02/01 14:10:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2001) init_group_from_ldap: Entry found for group: 513 [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1019, 1000) - sec_ctx_stack_ndx = 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_names(4691) init_samr_r_lookup_names [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1158) _samr_lookup_names: 1158 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_lookup_names [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 num_rids1: 00000001 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 ptr_rids : 00000001 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0008 num_rids2: 00000001 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c rid[00] : 00000201 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 num_types1: 00000001 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0014 ptr_types : 00000001 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0018 num_types2: 00000001 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 001c type[00] : 00000002 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0020 status: NT_STATUS_OK [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 58 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 88 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 003c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f4 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000024 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..60] [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22401 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 F4 00 00 ........ .<...... [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .$...... ........ [020] 00 01 00 00 00 01 02 00 00 01 00 00 00 01 00 00 ........ ........ [030] 00 01 00 00 00 02 00 00 00 00 00 00 00 ........ ..... [2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 136 [2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x88 [2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) Transaction 351 of length 140 [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22465 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=69 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 F5 00 00 ........ .4...... [020] 00 1C 00 00 00 00 00 13 00 00 00 00 00 4C 00 00 ........ .....L.. [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 03 00 00 .....n.. CaR..... [040] 00 01 02 00 00 ..... [2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=52 params=0 setup=2 [2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 52 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 52 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0034 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f5 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 0000001c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0013 [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x13 - api_rpcTNP: rpc command: SAMR_OPEN_GROUP [2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[38].fn == 0x800efccd [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_group [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd domain_pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 0000004c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 6e c1 e0 43 61 52 00 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0014 access_mask: 00000003 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0018 rid_group: 00000201 [2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 4C 00 00 00 00 00 00 00 6E C1 E0 43 ....L... ....n..C [010] 61 52 00 00 aR.. [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) _samr_open_group: access check ((granted: 0x000d067a; required: 0x00000200) [2006/02/01 14:10:54, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(151) access_check_samr_object: user rights access mask [0xd000e] [2006/02/01 14:10:54, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 10 entries and first sid S-1-5-21-2044582568-1589646193-1504741369-3038. [2006/02/01 14:10:54, 3] lib/util_seaccess.c:se_access_check(250) [2006/02/01 14:10:54, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2044582568-1589646193-1504741369-3038 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-1000 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-10 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-512 se_access_check: also S-1-5-32-544 se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-5011 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20011, current desired = 1 [2006/02/01 14:10:54, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2006/02/01 14:10:54, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(182) _samr_open_group: access GRANTED (requested: 0x00000001, granted: 0x000d000f) [2006/02/01 14:10:54, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(240) get_samr_info_by_sid: created new info for sid S-1-5-21-2044582568-1589646193-1504741369-513 [2006/02/01 14:10:54, 10] rpc_server/srv_samr_nt.c:_samr_open_group(4099) _samr_open_group:Opening SID: S-1-5-21-2044582568-1589646193-1504741369-513 [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1019, 1000) : sec_ctx_stack_ndx = 1 [2006/02/01 14:10:54, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/02/01 14:10:54, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/02/01 14:10:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(799) get_domain_group_from_sid [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/02/01 14:10:54, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(101) : conn_ctx_stack_ndx = 1 [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/02/01 14:10:54, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/02/01 14:10:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/02/01 14:10:54, 5] lib/smbldap.c:smbldap_search_ext(980) smbldap_search_ext: base => [ou=Group,dc=u4eatech,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2044582568-1589646193-1504741369-513))], scope => [2] [2006/02/01 14:10:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2001) init_group_from_ldap: Entry found for group: 513 [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(810) get_domain_group_from_sid: SID found in the TDB [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(817) get_domain_group_from_sid: SID is a domain group [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(823) get_domain_group_from_sid: SID is mapped to gid:513 [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(831) get_domain_group_from_sid: gid exists in UNIX security [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1019, 1000) - sec_ctx_stack_ndx = 0 [2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[8] [000] 00 00 00 00 4D 00 00 00 00 00 00 00 6E C1 E0 43 ....M... ....n..C [010] 61 52 00 00 aR.. [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_group [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 0000004d [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 6e c1 e0 43 61 52 00 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0014 status: NT_STATUS_OK [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 956 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 36 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0030 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f5 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000018 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22465 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 F5 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 4D 00 00 ........ .....M.. [020] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 00 00 00 .....n.. CaR..... [030] 00 . [2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 192 [2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0xc0 [2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) Transaction 352 of length 196 [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22529 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=125 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 6C 00 00 00 F6 00 00 ........ .l...... [020] 00 54 00 00 00 00 00 15 00 00 00 00 00 4D 00 00 .T...... .....M.. [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 04 00 04 .....n.. CaR..... [040] 00 28 00 2A 00 00 8C 26 00 15 00 00 00 00 00 00 .(.*...& ........ [050] 00 14 00 00 00 4E 00 65 00 74 00 62 00 69 00 6F .....N.e .t.b.i.o [060] 00 73 00 20 00 44 00 6F 00 6D 00 61 00 69 00 6E .s. .D.o .m.a.i.n [070] 00 20 00 55 00 73 00 65 00 72 00 73 00 . .U.s.e .r.s. [2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=108 params=0 setup=2 [2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 108 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 108 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 108 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 108, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 92 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 92 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 006c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f6 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 92 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 92, incoming data = 92 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 00000054 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0015 [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x15 - api_rpcTNP: rpc command: SAMR_SET_GROUPINFO [2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[31].fn == 0x800ef919 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_set_groupinfo [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 0000004d [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 6e c1 e0 43 61 52 00 00 [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000014 samr_group_info_ctr ctr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 switch_value1: 0004 [2006/02/01 14:10:54, 7] rpc_parse/parse_prs.c:prs_debug(82) 000016 samr_io_group_info4 group_info4 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0016 hdr_level: 0004 [2006/02/01 14:10:54, 8] rpc_parse/parse_prs.c:prs_debug(82) 000018 smb_io_unihdr hdr_acct_desc [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0018 uni_str_len: 0028 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 001a uni_max_len: 002a [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 001c buffer : 00268c00 [2006/02/01 14:10:54, 8] rpc_parse/parse_prs.c:prs_debug(82) 000020 smb_io_unistr2 uni_acct_desc [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0020 uni_max_len: 00000015 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0024 offset : 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0028 uni_str_len: 00000014 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(843) 002c buffer : N.e.t.b.i.o.s. .D.o.m.a.i.n. .U.s.e.r.s. [2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 4D 00 00 00 00 00 00 00 6E C1 E0 43 ....M... ....n..C [010] 61 52 00 00 aR.. [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) _samr_set_groupinfo: access check ((granted: 0x000d000f; required: 0x00000002) [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(799) get_domain_group_from_sid [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1019, 1000) : sec_ctx_stack_ndx = 1 [2006/02/01 14:10:54, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/02/01 14:10:54, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/02/01 14:10:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/02/01 14:10:54, 5] lib/smbldap.c:smbldap_search_ext(980) smbldap_search_ext: base => [ou=Group,dc=u4eatech,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2044582568-1589646193-1504741369-513))], scope => [2] [2006/02/01 14:10:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2001) init_group_from_ldap: Entry found for group: 513 [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1019, 1000) - sec_ctx_stack_ndx = 0 [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(810) get_domain_group_from_sid: SID found in the TDB [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(817) get_domain_group_from_sid: SID is a domain group [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(823) get_domain_group_from_sid: SID is mapped to gid:513 [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(831) get_domain_group_from_sid: gid exists in UNIX security [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1019, 1000) : sec_ctx_stack_ndx = 1 [2006/02/01 14:10:54, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/02/01 14:10:54, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/02/01 14:10:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/02/01 14:10:54, 5] lib/smbldap.c:smbldap_search_ext(980) smbldap_search_ext: base => [ou=Group,dc=u4eatech,dc=com], filter => [(&(|(objectClass=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=513))], scope => [2] [2006/02/01 14:10:54, 10] lib/smbldap.c:smbldap_make_mod(434) smbldap_make_mod: attribute |sambaSID| not changed. [2006/02/01 14:10:54, 10] lib/smbldap.c:smbldap_make_mod(434) smbldap_make_mod: attribute |sambaGroupType| not changed. [2006/02/01 14:10:54, 10] lib/smbldap.c:smbldap_make_mod(434) smbldap_make_mod: attribute |displayName| not changed. [2006/02/01 14:10:54, 10] lib/smbldap.c:smbldap_make_mod(434) smbldap_make_mod: attribute |description| not changed. [2006/02/01 14:10:54, 4] passdb/pdb_ldap.c:ldapsam_update_group_mapping_entry(2705) ldapsam_update_group_mapping_entry: mods is empty: nothing to do [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1019, 1000) - sec_ctx_stack_ndx = 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_set_groupinfo [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0000 status: NT_STATUS_OK [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 102 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 92 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 001c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f6 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000004 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..28] [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22529 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 F6 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 128 [2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x80 [2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) Transaction 353 of length 132 [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22593 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=61 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 F7 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 4D 00 00 ........ .....M.. [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 .....n.. CaR.. [2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 44 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 002c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f7 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 00000014 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0001 [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[0].fn == 0x800ec84c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 0000004d [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 6e c1 e0 43 61 52 00 00 [2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 4D 00 00 00 00 00 00 00 6E C1 E0 43 ....M... ....n..C [010] 61 52 00 00 aR.. [2006/02/01 14:10:54, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) samr_reply_close_hnd: 334 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 00 00 00 00 00 00 00 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0014 status: NT_STATUS_OK [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0030 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f7 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000018 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22593 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 F7 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 128 [2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x80 [2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) Transaction 354 of length 132 [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22657 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=61 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 F8 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 4C 00 00 ........ .....L.. [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 .....n.. CaR.. [2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 44 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 002c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f8 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 00000014 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0001 [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[0].fn == 0x800ec84c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 0000004c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 6e c1 e0 43 61 52 00 00 [2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 4C 00 00 00 00 00 00 00 6E C1 E0 43 ....L... ....n..C [010] 61 52 00 00 aR.. [2006/02/01 14:10:54, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) samr_reply_close_hnd: 334 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 00 00 00 00 00 00 00 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0014 status: NT_STATUS_OK [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0030 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f8 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000018 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22657 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 F8 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 128 [2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x80 [2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) Transaction 355 of length 132 [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22721 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=61 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 F9 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 4B 00 00 ........ .....K.. [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 .....n.. CaR.. [2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 44 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 002c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f9 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 00000014 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0001 [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[0].fn == 0x800ec84c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 0000004b [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 6e c1 e0 43 61 52 00 00 [2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 4B 00 00 00 00 00 00 00 6E C1 E0 43 ....K... ....n..C [010] 61 52 00 00 aR.. [2006/02/01 14:10:54, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) samr_reply_close_hnd: 334 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 00 00 00 00 00 00 00 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0014 status: NT_STATUS_OK [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0030 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000f9 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000018 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22721 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 F9 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 136 [2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x88 [2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) Transaction 356 of length 140 [2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) [2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22785 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=69 [2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 FA 00 00 ........ .4...... [020] 00 1C 00 00 00 00 00 16 00 00 00 00 00 3E 00 00 ........ .....>.. [030] 00 00 00 00 00 FB C0 E0 43 61 52 00 00 6A 08 00 ........ CaR..j.. [040] 00 05 00 00 00 ..... [2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=52 params=0 setup=2 [2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 52 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 52 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0034 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000fa [2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 36 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 [2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 0000001c [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0016 [2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x16 - api_rpcTNP: rpc command: SAMR_ADD_GROUPMEM [2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[12].fn == 0x800eef2f [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_add_groupmem [2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 0000003e [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: fb c0 e0 43 61 52 00 00 [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0014 rid : 0000086a [2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0018 unknown: 00000005 [2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 3E 00 00 00 00 00 00 00 FB C0 E0 43 ....>... .......C [010] 61 52 00 00 aR.. [2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) _samr_add_groupmem: access check ((granted: 0x000d001f; required: 0x00000004) [2006/02/01 14:10:54, 10] rpc_server/srv_samr_nt.c:_samr_add_groupmem(3292) sid is S-1-5-21-2044582568-1589646193-1504741369-513 [2006/02/01 14:10:54, 10] rpc_server/srv_samr_nt.c:_samr_add_groupmem(3297) lookup on Domain SID [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(799) get_domain_group_from_sid [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(1019, 1000) : sec_ctx_stack_ndx = 1 [2006/02/01 14:10:54, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/02/01 14:10:54, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/02/01 14:10:54, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/02/01 14:10:54, 5] lib/smbldap.c:smbldap_search_ext(980) smbldap_search_ext: base => [ou=Group,dc=u4eatech,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2044582568-1589646193-1504741369-513))], scope => [2] [2006/02/01 14:10:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2001) init_group_from_ldap: Entry found for group: 513 [2006/02/01 14:10:54, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1019, 1000) - sec_ctx_stack_ndx = 0 [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(810) get_domain_group_from_sid: SID found in the TDB [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(817) get_domain_group_from_sid: SID is a domain group [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(823) get_domain_group_from_sid: SID is mapped to gid:513 [2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(831) get_domain_group_from_sid: gid exists in UNIX security [2006/02/01 14:10:54, 5] lib/smbldap.c:smbldap_search_ext(980) smbldap_search_ext: base => [dc=u4eatech,dc=com], filter => [(&(sambaSID=S-1-5-21-2044582568-1589646193-1504741369-2154)(objectclass=sambaSamAccount))], scope => [2] [2006/02/01 14:10:54, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:10:54, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 1 try! [2006/02/01 14:10:55, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:10:55, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 2 try! [2006/02/01 14:10:56, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:10:56, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 3 try! [2006/02/01 14:10:57, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:10:57, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 4 try! [2006/02/01 14:10:58, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:10:58, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 5 try! [2006/02/01 14:10:59, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:10:59, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 6 try! [2006/02/01 14:11:00, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:11:00, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 7 try! [2006/02/01 14:11:01, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:11:01, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 8 try! [2006/02/01 14:11:02, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:11:02, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 9 try! [2006/02/01 14:11:03, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:11:03, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 10 try! [2006/02/01 14:11:04, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:11:04, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 11 try! [2006/02/01 14:11:05, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:11:05, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 12 try! [2006/02/01 14:11:06, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:11:06, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 13 try! [2006/02/01 14:11:07, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:11:07, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 14 try! [2006/02/01 14:11:08, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:11:08, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 15 try! [2006/02/01 14:11:09, 0] lib/smbldap.c:smbldap_open(822) smbldap_open: cannot access LDAP when not root.. [2006/02/01 14:11:09, 0] lib/smbldap.c:smbldap_search_suffix(1246) smbldap_search_suffix: Problem during the LDAP search: (Time limit exceeded) [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_add_groupmem [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0000 status: NT_STATUS_NO_SUCH_USER [2006/02/01 14:11:09, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:11:09, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:11:09, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 36 [2006/02/01 14:11:09, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:11:09, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 001c [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000fa [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000004 [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:11:09, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..28] [2006/02/01 14:11:09, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:09, 5] lib/util.c:show_msg(464) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22785 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2006/02/01 14:11:09, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 FA 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 64 00 00 C0 ........ .d... [2006/02/01 14:11:11, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 128 [2006/02/01 14:11:11, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x80 [2006/02/01 14:11:11, 3] smbd/process.c:process_smb(1114) Transaction 357 of length 132 [2006/02/01 14:11:11, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:11, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22849 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=61 [2006/02/01 14:11:11, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 FB 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 3E 00 00 ........ .....>.. [030] 00 00 00 00 00 FB C0 E0 43 61 52 00 00 ........ CaR.. [2006/02/01 14:11:11, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:11:11, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:11:11, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2006/02/01 14:11:11, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:11:11, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:11:11, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:11:11, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:11:11, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:11:11, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:11:11, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:11:11, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:11:11, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 44 [2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 002c [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000fb [2006/02/01 14:11:11, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 00000014 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0001 [2006/02/01 14:11:11, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:11:11, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:11:11, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2006/02/01 14:11:11, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[0].fn == 0x800ec84c [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2006/02/01 14:11:11, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 0000003e [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: fb c0 e0 43 61 52 00 00 [2006/02/01 14:11:11, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 3E 00 00 00 00 00 00 00 FB C0 E0 43 ....>... .......C [010] 61 52 00 00 aR.. [2006/02/01 14:11:11, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/02/01 14:11:11, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) samr_reply_close_hnd: 334 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2006/02/01 14:11:11, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 00000000 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 00 00 00 00 00 00 00 00 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0014 status: NT_STATUS_OK [2006/02/01 14:11:11, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:11:11, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2006/02/01 14:11:11, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0030 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000fb [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000018 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:11:11, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/02/01 14:11:11, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:11, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22849 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/02/01 14:11:11, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 FB 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/02/01 14:11:12, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 128 [2006/02/01 14:11:12, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x80 [2006/02/01 14:11:12, 3] smbd/process.c:process_smb(1114) Transaction 358 of length 132 [2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22913 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=61 [2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 FC 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 05 00 00 ........ ........ [030] 00 00 00 00 00 5B BE E0 43 61 52 00 00 .....[.. CaR.. [2006/02/01 14:11:12, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:11:12, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:11:12, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2006/02/01 14:11:12, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:11:12, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:11:12, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:11:12, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:11:12, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 44 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 002c [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000fc [2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 00000014 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0001 [2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:11:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2006/02/01 14:11:12, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[0].fn == 0x800ec84c [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 00000005 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 5b be e0 43 61 52 00 00 [2006/02/01 14:11:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[3] [000] 00 00 00 00 05 00 00 00 00 00 00 00 5B BE E0 43 ........ ....[..C [010] 61 52 00 00 aR.. [2006/02/01 14:11:12, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/02/01 14:11:12, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) samr_reply_close_hnd: 334 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 00000000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 00 00 00 00 00 00 00 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0014 status: NT_STATUS_OK [2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0030 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000fc [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000018 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:11:12, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22913 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 FC 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/02/01 14:11:12, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 128 [2006/02/01 14:11:12, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x80 [2006/02/01 14:11:12, 3] smbd/process.c:process_smb(1114) Transaction 359 of length 132 [2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22977 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=61 [2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 FD 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 12 00 00 ........ ........ [030] 00 00 00 00 00 5B BE E0 43 61 52 00 00 .....[.. CaR.. [2006/02/01 14:11:12, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:11:12, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:11:12, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2006/02/01 14:11:12, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:11:12, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:11:12, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:11:12, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:11:12, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 44 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 002c [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000fd [2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 00000014 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0001 [2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:11:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2006/02/01 14:11:12, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[0].fn == 0x800ec84c [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 00000012 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 5b be e0 43 61 52 00 00 [2006/02/01 14:11:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 12 00 00 00 00 00 00 00 5B BE E0 43 ........ ....[..C [010] 61 52 00 00 aR.. [2006/02/01 14:11:12, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/02/01 14:11:12, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) samr_reply_close_hnd: 334 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 00000000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 00 00 00 00 00 00 00 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0014 status: NT_STATUS_OK [2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0030 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000fd [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000018 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:11:12, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=22977 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 FD 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/02/01 14:11:12, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 128 [2006/02/01 14:11:12, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x80 [2006/02/01 14:11:12, 3] smbd/process.c:process_smb(1114) Transaction 360 of length 132 [2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=23041 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29759 (0x743F) smb_bcc=61 [2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 FE 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 11 00 00 ........ ........ [030] 00 00 00 00 00 5B BE E0 43 61 52 00 00 .....[.. CaR.. [2006/02/01 14:11:12, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:11:12, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:11:12, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2006/02/01 14:11:12, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:11:12, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:11:12, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:11:12, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "samr" (pnum 743f) [2006/02/01 14:11:12, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 [2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 743f name: samr open: Yes len: 44 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 002c [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000fe [2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 00000014 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0001 [2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\samr [2006/02/01 14:11:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2006/02/01 14:11:12, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[0].fn == 0x800ec84c [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_close_hnd [2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 00000011 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 5b be e0 43 61 52 00 00 [2006/02/01 14:11:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 11 00 00 00 00 00 00 00 5B BE E0 43 ........ ....[..C [010] 61 52 00 00 aR.. [2006/02/01 14:11:12, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/02/01 14:11:12, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) samr_reply_close_hnd: 334 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_close_hnd [2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd pol [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 00000000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 00 00 00 00 00 00 00 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0014 status: NT_STATUS_OK [2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called samr successfully [2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 743f name: samr len: 4280 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0030 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 000000fe [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000018 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:11:12, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=23041 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 FE 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/02/01 14:11:12, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 41 [2006/02/01 14:11:12, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x29 [2006/02/01 14:11:12, 3] smbd/process.c:process_smb(1114) Transaction 361 of length 45 [2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=23105 smt_wct=3 smb_vwv[ 0]=29759 (0x743F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/02/01 14:11:12, 3] smbd/process.c:switch_message(900) switch message SMBclose (pid 21089) conn 0x80340138 [2006/02/01 14:11:12, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=743f [2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=2) [2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name samr pnum=743f (pipes_open=2) [2006/02/01 14:11:12, 5] smbd/pipes.c:reply_pipe_close(272) reply_pipe_close: pnum:743f [2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1082) closed pipe name samr pnum=743f (pipes_open=1) [2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=23105 smt_wct=0 smb_bcc=0 [2006/02/01 14:11:12, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 128 [2006/02/01 14:11:12, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x80 [2006/02/01 14:11:12, 3] smbd/process.c:process_smb(1114) Transaction 362 of length 132 [2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=23169 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29760 (0x7440) smb_bcc=61 [2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0F 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 10 00 00 ........ ........ [030] 00 00 00 00 00 5B BE E0 43 61 52 00 00 .....[.. CaR.. [2006/02/01 14:11:12, 3] smbd/process.c:switch_message(900) switch message SMBtrans (pid 21089) conn 0x80340138 [2006/02/01 14:11:12, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:11:12, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=44 params=0 setup=2 [2006/02/01 14:11:12, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/02/01 14:11:12, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/02/01 14:11:12, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7440 [2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=1) [2006/02/01 14:11:12, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7440) [2006/02/01 14:11:12, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x80343c30 max_trans_reply: 1024 [2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) write_to_pipe: 7440 name: lsarpc open: Yes len: 44 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 44 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 16 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 002c [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 0000000f [2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) unmarshall_rpc_header: using little-endian RPC [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) unmarshall_rpc_header: type = 0, flags = 3 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 0 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) write_to_pipe: data_left = 28 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) process_complete_pdu: processing packet type 0 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 alloc_hint: 00000014 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0004 context_id: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0006 opnum : 0000 [2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) Requested \PIPE\lsarpc [2006/02/01 14:11:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2006/02/01 14:11:12, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) api_rpc_cmds[4].fn == 0x800bcc6b [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_q_close [2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 00000010 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 5b be e0 43 61 52 00 00 [2006/02/01 14:11:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 10 00 00 00 00 00 00 00 5B BE E0 43 ........ ....[..C [010] 61 52 00 00 aR.. [2006/02/01 14:11:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 10 00 00 00 00 00 00 00 5B BE E0 43 ........ ....[..C [010] 61 52 00 00 aR.. [2006/02/01 14:11:12, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 lsa_io_r_close [2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_pol_hnd [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0000 data1: 00000000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0004 data2: 00000000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 data3: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a data4: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) 000c data5: 00 00 00 00 00 00 00 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) 0014 status: NT_STATUS_OK [2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) api_rpcTNP: called lsarpc successfully [2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) free_pipe_context: destroying talloc pool of size 0 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) write_to_pipe: data_used = 28 [2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) read_from_pipe: 7440 name: lsarpc len: 1024 [2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0000 major : 05 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0001 minor : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0002 pkt_type : 02 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0003 flags : 03 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0004 pack_type0: 10 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0005 pack_type1: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0006 pack_type2: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0007 pack_type3: 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0008 frag_len : 0030 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 000a auth_len : 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 000c call_id : 0000000f [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) 0010 alloc_hint: 00000018 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) 0014 context_id: 0000 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0016 cancel_ct : 00 [2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) 0017 reserved : 00 [2006/02/01 14:11:12, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=3496 smb_uid=101 smb_mid=23169 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0F 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/02/01 14:11:12, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 41 [2006/02/01 14:11:12, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x29 [2006/02/01 14:11:12, 3] smbd/process.c:process_smb(1114) Transaction 363 of length 45 [2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=23233 smt_wct=3 smb_vwv[ 0]=29760 (0x7440) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/02/01 14:11:12, 3] smbd/process.c:switch_message(900) switch message SMBclose (pid 21089) conn 0x80340138 [2006/02/01 14:11:12, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) search for pipe pnum=7440 [2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) pipe name lsarpc pnum=7440 (pipes_open=1) [2006/02/01 14:11:12, 5] smbd/pipes.c:reply_pipe_close(272) reply_pipe_close: pnum:7440 [2006/02/01 14:11:12, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1082) closed pipe name lsarpc pnum=7440 (pipes_open=0) [2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=23233 smt_wct=0 smb_bcc=0 [2006/02/01 14:11:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 39 [2006/02/01 14:11:24, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x27 [2006/02/01 14:11:24, 3] smbd/process.c:process_smb(1114) Transaction 364 of length 43 [2006/02/01 14:11:24, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:24, 5] lib/util.c:show_msg(464) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=23297 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2006/02/01 14:11:24, 3] smbd/process.c:switch_message(900) switch message SMBulogoffX (pid 21089) conn 0x0 [2006/02/01 14:11:24, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/02/01 14:11:24, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/02/01 14:11:24, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/02/01 14:11:24, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/02/01 14:11:24, 5] auth/auth_util.c:free_server_info(1387) attempting to free (and zero) a server_info structure [2006/02/01 14:11:24, 3] smbd/reply.c:reply_ulogoffX(1560) ulogoffX vuid=101 [2006/02/01 14:11:24, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:24, 5] lib/util.c:show_msg(464) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=23297 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2006/02/01 14:11:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) got smb length of 35 [2006/02/01 14:11:24, 6] smbd/process.c:process_smb(1113) got message type 0x0 of len 0x23 [2006/02/01 14:11:24, 3] smbd/process.c:process_smb(1114) Transaction 365 of length 39 [2006/02/01 14:11:24, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:24, 5] lib/util.c:show_msg(464) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=23361 smt_wct=0 smb_bcc=0 [2006/02/01 14:11:24, 3] smbd/process.c:switch_message(900) switch message SMBtdis (pid 21089) conn 0x80340138 [2006/02/01 14:11:24, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/02/01 14:11:24, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/02/01 14:11:24, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/02/01 14:11:24, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/02/01 14:11:24, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/02/01 14:11:24, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/02/01 14:11:24, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/02/01 14:11:24, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/02/01 14:11:24, 3] smbd/service.c:close_cnum(835) phobos (172.30.20.126) closed connection to service IPC$ [2006/02/01 14:11:24, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2006/02/01 14:11:24, 4] smbd/vfs.c:vfs_ChDir(737) vfs_ChDir to / [2006/02/01 14:11:24, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/02/01 14:11:24, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/02/01 14:11:24, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/02/01 14:11:24, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/02/01 14:11:24, 5] lib/util.c:show_msg(454) [2006/02/01 14:11:24, 5] lib/util.c:show_msg(464) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=23361 smt_wct=0 smb_bcc=0 [2006/02/01 14:11:24, 10] lib/util_sock.c:read_data(517) read_data: read of 4 returned 0. Error = Success [2006/02/01 14:11:24, 10] lib/util_sock.c:receive_smb_raw(666) receive_smb_raw: length < 0! [2006/02/01 14:11:24, 3] smbd/process.c:timeout_processing(1366) timeout_processing: End of file from client (client has disconnected). [2006/02/01 14:11:24, 5] lib/gencache.c:gencache_shutdown(88) Closing cache file [2006/02/01 14:11:24, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2006/02/01 14:11:24, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/02/01 14:11:24, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2006/02/01 14:11:24, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/02/01 14:11:24, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/02/01 14:11:24, 2] smbd/server.c:exit_server(612) Closing connections [2006/02/01 14:11:24, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2006/02/01 14:11:24, 5] smbd/oplock.c:receive_local_message(110) receive_local_message: doing select with timeout of 1 ms [2006/02/01 14:11:24, 3] smbd/server.c:exit_server(656) Server exit (normal exit)