The Samba-Bugzilla – Attachment 1719 Details for
Bug 3477
Users w/ SeAddUsersPrivilege not able to use UserManager without error
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Level 10 log taken while the issue was recreated.
log.tmp (text/plain), 219.41 KB, created by
James Cort
on 2006-02-02 09:13:45 UTC
(
hide
)
Description:
Level 10 log taken while the issue was recreated.
Filename:
MIME Type:
Creator:
James Cort
Created:
2006-02-02 09:13:45 UTC
Size:
219.41 KB
patch
obsolete
>[2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 160 >[2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0xa0 >[2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) > Transaction 345 of length 164 >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22081 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=93 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 EF 00 00 ........ .L...... > [020] 00 34 00 00 00 00 00 40 00 E0 41 09 00 07 00 00 .4.....@ ..A..... > [030] 00 00 00 00 00 07 00 00 00 5C 00 5C 00 45 00 4C ........ .\.\.E.L > [040] 00 4C 00 49 00 00 00 26 00 30 00 00 00 01 00 00 .L.I...& .0...... > [050] 00 01 00 00 00 03 00 00 00 00 00 00 00 ........ ..... >[2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (1019, 1000) - sec_ctx_stack_ndx = 0 >[2006/02/01 14:10:54, 5] auth/auth_util.c:debug_nt_user_token(457) > NT user token of user S-1-5-21-2044582568-1589646193-1504741369-3038 > contains 10 SIDs > SID[ 0]: S-1-5-21-2044582568-1589646193-1504741369-3038 > SID[ 1]: S-1-5-21-2044582568-1589646193-1504741369-513 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2044582568-1589646193-1504741369-1000 > SID[ 6]: S-1-5-21-2044582568-1589646193-1504741369-10 > SID[ 7]: S-1-5-21-2044582568-1589646193-1504741369-512 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-5-21-2044582568-1589646193-1504741369-5011 > SE_PRIV 0x1f0 0x0 0x0 0x0 >[2006/02/01 14:10:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 1019 > Primary group is 1000 and contains 6 supplementary groups > Group[ 0]: 1000 > Group[ 1]: 10 > Group[ 2]: 512 > Group[ 3]: 513 > Group[ 4]: 544 > Group[ 5]: 2005 >[2006/02/01 14:10:54, 5] smbd/uid.c:change_to_user(304) > change_to_user uid=(1019,1019) gid=(0,1000) >[2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=76 params=0 setup=2 >[2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 76 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 76 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 004c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000ef >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 00000034 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0040 >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x40 - unknown >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 23 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0020 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000ef >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_rpc_hdr_fault fault >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0018 status : NT code 0x1c010002 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 001c reserved: 00000000 >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 60 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(969) > read_from_pipe: samr: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..32] >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22081 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 EF 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 148 >[2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x94 >[2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) > Transaction 346 of length 152 >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=148 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22145 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 64 (0x40) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=81 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 40 00 00 00 F0 00 00 ........ .@...... > [020] 00 28 00 00 00 00 00 3E 00 E0 41 09 00 07 00 00 .(.....> ..A..... > [030] 00 00 00 00 00 07 00 00 00 5C 00 5C 00 45 00 4C ........ .\.\.E.L > [040] 00 4C 00 49 00 00 00 26 00 02 00 00 00 30 00 00 .L.I...& .....0.. > [050] 00 . >[2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=64 params=0 setup=2 >[2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 64 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 64 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 64 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 48 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 48 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0040 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f0 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 48 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 48, incoming data = 48 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 00000028 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 003e >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x3e - api_rpcTNP: rpc command: SAMR_CONNECT4 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[47].fn == 0x800ee158 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_connect4 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 ptr_srv_name: 000941e0 >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_unistr2 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 uni_max_len: 00000007 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0008 offset : 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c uni_str_len: 00000007 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(843) > 0010 buffer : \.\.E.L.L.I... >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0020 unk_0: 00000002 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0024 access_mask: 00000030 >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2204) > _samr_connect4: 2204 >[2006/02/01 14:10:54, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000030, for NT token with 10 entries and first sid S-1-5-21-2044582568-1589646193-1504741369-3038. >[2006/02/01 14:10:54, 3] lib/util_seaccess.c:se_access_check(250) >[2006/02/01 14:10:54, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2044582568-1589646193-1504741369-3038 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-1000 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-10 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-512 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-5011 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20031, current desired = 30 >[2006/02/01 14:10:54, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (30) granted. >[2006/02/01 14:10:54, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(182) > _samr_connect4: access GRANTED (requested: 0x00000030, granted: 0x00000030) >[2006/02/01 14:10:54, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(240) > get_samr_info_by_sid: created new info for sid (NULL) >[2006/02/01 14:10:54, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(244) > get_samr_info_by_sid: created new info for NULL sid. >[2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[6] [000] 00 00 00 00 4B 00 00 00 00 00 00 00 6E C1 E0 43 ....K... ....n..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2236) > _samr_connect: 2236 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_connect4 >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd connect_pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 0000004b >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 6e c1 e0 43 61 52 00 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0014 status: NT_STATUS_OK >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 970 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 48 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0030 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000018 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22145 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 F0 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 4B 00 00 ........ .....K.. > [020] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 00 00 00 .....n.. CaR..... > [030] 00 . >[2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 136 >[2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x88 >[2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) > Transaction 347 of length 140 >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22209 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=69 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 F1 00 00 ........ .4...... > [020] 00 1C 00 00 00 00 00 06 00 00 00 00 00 4B 00 00 ........ .....K.. > [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 00 00 00 .....n.. CaR..... > [040] 00 00 20 00 00 .. .. >[2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=52 params=0 setup=2 >[2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 52 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 52 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0034 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f1 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 0000001c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0006 >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[3].fn == 0x800ee3f2 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_enum_domains >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 0000004b >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 6e c1 e0 43 61 52 00 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0014 start_idx: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0018 max_size : 00002000 >[2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 4B 00 00 00 00 00 00 00 6E C1 E0 43 ....K... ....n..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) > _samr_enum_domains: access check ((granted: 0x00000030; required: 0x00000010) >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:make_enum_domains(2291) > make_enum_domains >[2006/02/01 14:10:54, 10] rpc_parse/parse_samr.c:init_sam_entry(1291) > init_sam_entry: 0 >[2006/02/01 14:10:54, 10] rpc_parse/parse_samr.c:init_sam_entry(1291) > init_sam_entry: 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_samr.c:init_samr_r_enum_domains(3109) > init_samr_r_enum_domains >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_enum_domains >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 next_idx : 00000002 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 ptr_entries1: 00000001 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0008 num_entries2: 00000002 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c ptr_entries2: 00000001 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 num_entries3: 00000002 >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000014 sam_io_sam_entry dom[0] >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0014 rid: 00000000 >[2006/02/01 14:10:54, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_unihdr unihdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0018 uni_str_len: 0010 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 001a uni_max_len: 0010 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 001c buffer : 00000001 >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000020 sam_io_sam_entry dom[1] >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0020 rid: 00000000 >[2006/02/01 14:10:54, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_unihdr unihdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0024 uni_str_len: 000e >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0026 uni_max_len: 000e >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0028 buffer : 00000001 >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00002c smb_io_unistr2 dom[0] >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 002c uni_max_len: 00000008 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0030 offset : 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0034 uni_str_len: 00000008 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(843) > 0038 buffer : U.4.E.A.T.E.C.H. >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000048 smb_io_unistr2 dom[1] >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0048 uni_max_len: 00000007 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 004c offset : 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0050 uni_str_len: 00000007 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(843) > 0054 buffer : B.u.i.l.t.i.n. >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0064 num_entries4: 00000002 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0068 status: NT_STATUS_OK >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 90 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 36 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 108. >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0084 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f1 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 0000006c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..132] >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=188 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22209 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 132 (0x84) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 132 (0x84) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=133 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 84 00 00 00 F1 00 00 ........ ........ > [010] 00 6C 00 00 00 00 00 00 00 02 00 00 00 01 00 00 .l...... ........ > [020] 00 02 00 00 00 01 00 00 00 02 00 00 00 00 00 00 ........ ........ > [030] 00 10 00 10 00 01 00 00 00 00 00 00 00 0E 00 0E ........ ........ > [040] 00 01 00 00 00 08 00 00 00 00 00 00 00 08 00 00 ........ ........ > [050] 00 55 00 34 00 45 00 41 00 54 00 45 00 43 00 48 .U.4.E.A .T.E.C.H > [060] 00 07 00 00 00 00 00 00 00 07 00 00 00 42 00 75 ........ .....B.u > [070] 00 69 00 6C 00 74 00 69 00 6E 00 00 00 02 00 00 .i.l.t.i .n...... > [080] 00 00 00 00 00 ..... >[2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 164 >[2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0xa4 >[2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) > Transaction 348 of length 168 >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22273 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=97 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 50 00 00 00 F2 00 00 ........ .P...... > [020] 00 38 00 00 00 00 00 05 00 00 00 00 00 4B 00 00 .8...... .....K.. > [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 10 00 10 .....n.. CaR..... > [040] 00 50 2F 09 00 08 00 00 00 00 00 00 00 08 00 00 .P/..... ........ > [050] 00 55 00 34 00 45 00 41 00 54 00 45 00 43 00 48 .U.4.E.A .T.E.C.H > [060] 00 . >[2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=80 params=0 setup=2 >[2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 80 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 80 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 64 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0050 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f2 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 64 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 64, incoming data = 64 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 00000038 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0005 >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[41].fn == 0x800ee296 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_lookup_domain >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd connect_pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 0000004b >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 6e c1 e0 43 61 52 00 00 >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000014 smb_io_unihdr hdr_domain >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 uni_str_len: 0010 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0016 uni_max_len: 0010 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0018 buffer : 00092f50 >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_unistr2 uni_domain >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 001c uni_max_len: 00000008 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0020 offset : 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0024 uni_str_len: 00000008 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(843) > 0028 buffer : U.4.E.A.T.E.C.H. >[2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 4B 00 00 00 00 00 00 00 6E C1 E0 43 ....K... ....n..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) > _samr_lookup_domain: access check ((granted: 0x00000030; required: 0x00000020) >[2006/02/01 14:10:54, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2273) > Returning domain sid for domain U4EATECH -> S-1-5-21-2044582568-1589646193-1504741369 >[2006/02/01 14:10:54, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_domain(138) > init_samr_r_lookup_domain >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_lookup_domain >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 ptr: 00000001 >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000004 smb_io_dom_sid2 sid >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 num_auths: 00000004 >[2006/02/01 14:10:54, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000008 smb_io_dom_sid sid >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0008 sid_rev_num: 01 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0009 num_auths : 04 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 000a id_auth[0] : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 000b id_auth[1] : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 000c id_auth[2] : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 000d id_auth[3] : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 000e id_auth[4] : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 000f id_auth[5] : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32s(898) > 0010 sub_auths : 00000015 79dddaa8 5ec01371 59b087f9 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0020 status: NT_STATUS_OK >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 16 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 64 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 003c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f2 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000024 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..60] >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22273 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 F2 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 04 00 00 .$...... ........ > [020] 00 01 04 00 00 00 00 00 05 15 00 00 00 A8 DA DD ........ ........ > [030] 79 71 13 C0 5E F9 87 B0 59 00 00 00 00 yq..^... Y.... >[2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 160 >[2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0xa0 >[2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) > Transaction 349 of length 164 >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22337 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=93 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 F3 00 00 ........ .L...... > [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 4B 00 00 .4...... .....K.. > [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 00 02 00 .....n.. CaR..... > [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [050] 00 A8 DA DD 79 71 13 C0 5E F9 87 B0 59 ....yq.. ^...Y >[2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=76 params=0 setup=2 >[2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 76 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 76 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 004c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f3 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 60 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 60, incoming data = 60 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 00000034 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0007 >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[39].fn == 0x800ec984 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_domain >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 0000004b >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 6e c1 e0 43 61 52 00 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0014 flags: 00000200 >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_dom_sid2 sid >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0018 num_auths: 00000004 >[2006/02/01 14:10:54, 7] rpc_parse/parse_prs.c:prs_debug(82) > 00001c smb_io_dom_sid sid >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 001c sid_rev_num: 01 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 001d num_auths : 04 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 001e id_auth[0] : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 001f id_auth[1] : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0020 id_auth[2] : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0021 id_auth[3] : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0022 id_auth[4] : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0023 id_auth[5] : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32s(898) > 0024 sub_auths : 00000015 79dddaa8 5ec01371 59b087f9 >[2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 4B 00 00 00 00 00 00 00 6E C1 E0 43 ....K... ....n..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) > _samr_open_domain: access check ((granted: 0x00000030; required: 0x00000020) >[2006/02/01 14:10:54, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(151) > access_check_samr_object: user rights access mask [0xd047a] >[2006/02/01 14:10:54, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000200, for NT token with 10 entries and first sid S-1-5-21-2044582568-1589646193-1504741369-3038. >[2006/02/01 14:10:54, 3] lib/util_seaccess.c:se_access_check(250) >[2006/02/01 14:10:54, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2044582568-1589646193-1504741369-3038 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-1000 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-10 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-512 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-5011 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 200 >[2006/02/01 14:10:54, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (200) granted. >[2006/02/01 14:10:54, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(182) > _samr_open_domain: access GRANTED (requested: 0x00000200, granted: 0x000d067a) >[2006/02/01 14:10:54, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(240) > get_samr_info_by_sid: created new info for sid S-1-5-21-2044582568-1589646193-1504741369 >[2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[7] [000] 00 00 00 00 4C 00 00 00 00 00 00 00 6E C1 E0 43 ....L... ....n..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(390) > samr_open_domain: 390 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_domain >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 0000004c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 6e c1 e0 43 61 52 00 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0014 status: NT_STATUS_OK >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 956 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 60 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0030 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f3 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000018 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22337 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 F3 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 4C 00 00 ........ .....L.. > [020] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 00 00 00 .....n.. CaR..... > [030] 00 . >[2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 188 >[2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0xbc >[2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) > Transaction 350 of length 192 >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=188 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22401 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 104 (0x68) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=121 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 68 00 00 00 F4 00 00 ........ .h...... > [020] 00 50 00 00 00 00 00 11 00 00 00 00 00 4C 00 00 .P...... .....L.. > [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 01 00 00 .....n.. CaR..... > [040] 00 E8 03 00 00 00 00 00 00 01 00 00 00 18 00 1A ........ ........ > [050] 00 48 9E 26 00 0D 00 00 00 00 00 00 00 0C 00 00 .H.&.... ........ > [060] 00 44 00 6F 00 6D 00 61 00 69 00 6E 00 20 00 55 .D.o.m.a .i.n. .U > [070] 00 73 00 65 00 72 00 73 00 .s.e.r.s . >[2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=104 params=0 setup=2 >[2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 104 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 104 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 104 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 104, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 88 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 88 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0068 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f4 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 88 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 88, incoming data = 88 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 00000050 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0011 >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUP_NAMES >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[19].fn == 0x800ed4c8 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_lookup_names >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 0000004c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 6e c1 e0 43 61 52 00 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0014 num_names1: 00000001 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0018 flags : 000003e8 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 001c ptr : 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0020 num_names2: 00000001 >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000024 smb_io_unihdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0024 uni_str_len: 0018 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0026 uni_max_len: 001a >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0028 buffer : 00269e48 >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 00002c smb_io_unistr2 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 002c uni_max_len: 0000000d >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0030 offset : 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0034 uni_str_len: 0000000c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(843) > 0038 buffer : D.o.m.a.i.n. .U.s.e.r.s. >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1095) > _samr_lookup_names: 1095 >[2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 4C 00 00 00 00 00 00 00 6E C1 E0 43 ....L... ....n..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) > _samr_lookup_names: access check ((granted: 0x000d067a; required: 0000000000) >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1114) > _samr_lookup_names: looking name on SID S-1-5-21-2044582568-1589646193-1504741369 >[2006/02/01 14:10:54, 10] passdb/util_sam_sid.c:map_name_to_wellknown_sid(289) > map_name_to_wellknown_sid: looking up Domain Users >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1019, 1000) : sec_ctx_stack_ndx = 1 >[2006/02/01 14:10:54, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/02/01 14:10:54, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2006/02/01 14:10:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/02/01 14:10:54, 5] lib/smbldap.c:smbldap_search_ext(980) > smbldap_search_ext: base => [dc=u4eatech,dc=com], filter => [(&(uid=Domain Users)(objectclass=sambaSamAccount))], scope => [2] >[2006/02/01 14:10:54, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1335) > ldapsam_getsampwnam: Unable to locate user [Domain Users] count=0 >[2006/02/01 14:10:54, 5] lib/smbldap.c:smbldap_search_ext(980) > smbldap_search_ext: base => [ou=Group,dc=u4eatech,dc=com], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=Domain Users)(cn=Domain Users)))], scope => [2] >[2006/02/01 14:10:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2001) > init_group_from_ldap: Entry found for group: 513 >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1019, 1000) - sec_ctx_stack_ndx = 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_names(4691) > init_samr_r_lookup_names >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1158) > _samr_lookup_names: 1158 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_lookup_names >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 num_rids1: 00000001 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 ptr_rids : 00000001 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0008 num_rids2: 00000001 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c rid[00] : 00000201 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 num_types1: 00000001 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0014 ptr_types : 00000001 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0018 num_types2: 00000001 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 001c type[00] : 00000002 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0020 status: NT_STATUS_OK >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 58 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 88 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 003c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f4 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000024 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..60] >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22401 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 F4 00 00 ........ .<...... > [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .$...... ........ > [020] 00 01 00 00 00 01 02 00 00 01 00 00 00 01 00 00 ........ ........ > [030] 00 01 00 00 00 02 00 00 00 00 00 00 00 ........ ..... >[2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 136 >[2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x88 >[2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) > Transaction 351 of length 140 >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22465 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=69 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 F5 00 00 ........ .4...... > [020] 00 1C 00 00 00 00 00 13 00 00 00 00 00 4C 00 00 ........ .....L.. > [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 03 00 00 .....n.. CaR..... > [040] 00 01 02 00 00 ..... >[2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=52 params=0 setup=2 >[2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 52 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 52 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0034 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f5 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 0000001c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0013 >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x13 - api_rpcTNP: rpc command: SAMR_OPEN_GROUP >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[38].fn == 0x800efccd >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_group >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd domain_pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 0000004c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 6e c1 e0 43 61 52 00 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0014 access_mask: 00000003 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0018 rid_group: 00000201 >[2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 4C 00 00 00 00 00 00 00 6E C1 E0 43 ....L... ....n..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) > _samr_open_group: access check ((granted: 0x000d067a; required: 0x00000200) >[2006/02/01 14:10:54, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(151) > access_check_samr_object: user rights access mask [0xd000e] >[2006/02/01 14:10:54, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000001, for NT token with 10 entries and first sid S-1-5-21-2044582568-1589646193-1504741369-3038. >[2006/02/01 14:10:54, 3] lib/util_seaccess.c:se_access_check(250) >[2006/02/01 14:10:54, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2044582568-1589646193-1504741369-3038 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-513 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-1000 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-10 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-512 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-5-21-2044582568-1589646193-1504741369-5011 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20011, current desired = 1 >[2006/02/01 14:10:54, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (1) granted. >[2006/02/01 14:10:54, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(182) > _samr_open_group: access GRANTED (requested: 0x00000001, granted: 0x000d000f) >[2006/02/01 14:10:54, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(240) > get_samr_info_by_sid: created new info for sid S-1-5-21-2044582568-1589646193-1504741369-513 >[2006/02/01 14:10:54, 10] rpc_server/srv_samr_nt.c:_samr_open_group(4099) > _samr_open_group:Opening SID: S-1-5-21-2044582568-1589646193-1504741369-513 >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1019, 1000) : sec_ctx_stack_ndx = 1 >[2006/02/01 14:10:54, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/02/01 14:10:54, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2006/02/01 14:10:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(799) > get_domain_group_from_sid >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2006/02/01 14:10:54, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 1 >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2006/02/01 14:10:54, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2006/02/01 14:10:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/02/01 14:10:54, 5] lib/smbldap.c:smbldap_search_ext(980) > smbldap_search_ext: base => [ou=Group,dc=u4eatech,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2044582568-1589646193-1504741369-513))], scope => [2] >[2006/02/01 14:10:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2001) > init_group_from_ldap: Entry found for group: 513 >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(810) > get_domain_group_from_sid: SID found in the TDB >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(817) > get_domain_group_from_sid: SID is a domain group >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(823) > get_domain_group_from_sid: SID is mapped to gid:513 >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(831) > get_domain_group_from_sid: gid exists in UNIX security >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1019, 1000) - sec_ctx_stack_ndx = 0 >[2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[8] [000] 00 00 00 00 4D 00 00 00 00 00 00 00 6E C1 E0 43 ....M... ....n..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_group >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 0000004d >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 6e c1 e0 43 61 52 00 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0014 status: NT_STATUS_OK >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 956 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 36 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0030 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f5 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000018 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22465 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 F5 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 4D 00 00 ........ .....M.. > [020] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 00 00 00 .....n.. CaR..... > [030] 00 . >[2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 192 >[2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0xc0 >[2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) > Transaction 352 of length 196 >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=192 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22529 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 108 (0x6C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 108 (0x6C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=125 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 6C 00 00 00 F6 00 00 ........ .l...... > [020] 00 54 00 00 00 00 00 15 00 00 00 00 00 4D 00 00 .T...... .....M.. > [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 04 00 04 .....n.. CaR..... > [040] 00 28 00 2A 00 00 8C 26 00 15 00 00 00 00 00 00 .(.*...& ........ > [050] 00 14 00 00 00 4E 00 65 00 74 00 62 00 69 00 6F .....N.e .t.b.i.o > [060] 00 73 00 20 00 44 00 6F 00 6D 00 61 00 69 00 6E .s. .D.o .m.a.i.n > [070] 00 20 00 55 00 73 00 65 00 72 00 73 00 . .U.s.e .r.s. >[2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=108 params=0 setup=2 >[2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 108 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 108 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 108 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 108, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 92 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 92 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 006c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f6 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 92 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 92, incoming data = 92 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 00000054 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0015 >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x15 - api_rpcTNP: rpc command: SAMR_SET_GROUPINFO >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[31].fn == 0x800ef919 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_set_groupinfo >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 0000004d >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 6e c1 e0 43 61 52 00 00 >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000014 samr_group_info_ctr ctr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 switch_value1: 0004 >[2006/02/01 14:10:54, 7] rpc_parse/parse_prs.c:prs_debug(82) > 000016 samr_io_group_info4 group_info4 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0016 hdr_level: 0004 >[2006/02/01 14:10:54, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_unihdr hdr_acct_desc >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0018 uni_str_len: 0028 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 001a uni_max_len: 002a >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 001c buffer : 00268c00 >[2006/02/01 14:10:54, 8] rpc_parse/parse_prs.c:prs_debug(82) > 000020 smb_io_unistr2 uni_acct_desc >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0020 uni_max_len: 00000015 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0024 offset : 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0028 uni_str_len: 00000014 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:dbg_rw_punival(843) > 002c buffer : N.e.t.b.i.o.s. .D.o.m.a.i.n. .U.s.e.r.s. >[2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 4D 00 00 00 00 00 00 00 6E C1 E0 43 ....M... ....n..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) > _samr_set_groupinfo: access check ((granted: 0x000d000f; required: 0x00000002) >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(799) > get_domain_group_from_sid >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1019, 1000) : sec_ctx_stack_ndx = 1 >[2006/02/01 14:10:54, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/02/01 14:10:54, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2006/02/01 14:10:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/02/01 14:10:54, 5] lib/smbldap.c:smbldap_search_ext(980) > smbldap_search_ext: base => [ou=Group,dc=u4eatech,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2044582568-1589646193-1504741369-513))], scope => [2] >[2006/02/01 14:10:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2001) > init_group_from_ldap: Entry found for group: 513 >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1019, 1000) - sec_ctx_stack_ndx = 0 >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(810) > get_domain_group_from_sid: SID found in the TDB >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(817) > get_domain_group_from_sid: SID is a domain group >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(823) > get_domain_group_from_sid: SID is mapped to gid:513 >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(831) > get_domain_group_from_sid: gid exists in UNIX security >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1019, 1000) : sec_ctx_stack_ndx = 1 >[2006/02/01 14:10:54, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/02/01 14:10:54, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2006/02/01 14:10:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/02/01 14:10:54, 5] lib/smbldap.c:smbldap_search_ext(980) > smbldap_search_ext: base => [ou=Group,dc=u4eatech,dc=com], filter => [(&(|(objectClass=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=513))], scope => [2] >[2006/02/01 14:10:54, 10] lib/smbldap.c:smbldap_make_mod(434) > smbldap_make_mod: attribute |sambaSID| not changed. >[2006/02/01 14:10:54, 10] lib/smbldap.c:smbldap_make_mod(434) > smbldap_make_mod: attribute |sambaGroupType| not changed. >[2006/02/01 14:10:54, 10] lib/smbldap.c:smbldap_make_mod(434) > smbldap_make_mod: attribute |displayName| not changed. >[2006/02/01 14:10:54, 10] lib/smbldap.c:smbldap_make_mod(434) > smbldap_make_mod: attribute |description| not changed. >[2006/02/01 14:10:54, 4] passdb/pdb_ldap.c:ldapsam_update_group_mapping_entry(2705) > ldapsam_update_group_mapping_entry: mods is empty: nothing to do >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1019, 1000) - sec_ctx_stack_ndx = 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_set_groupinfo >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0000 status: NT_STATUS_OK >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 102 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 92 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 001c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f6 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000004 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..28] >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22529 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 F6 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 128 >[2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x80 >[2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) > Transaction 353 of length 132 >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22593 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=61 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 F7 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 4D 00 00 ........ .....M.. > [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 .....n.. CaR.. >[2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 44 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 002c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f7 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 00000014 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0001 >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[0].fn == 0x800ec84c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 0000004d >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 6e c1 e0 43 61 52 00 00 >[2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 4D 00 00 00 00 00 00 00 6E C1 E0 43 ....M... ....n..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:10:54, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) > samr_reply_close_hnd: 334 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0014 status: NT_STATUS_OK >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0030 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f7 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000018 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22593 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 F7 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 128 >[2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x80 >[2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) > Transaction 354 of length 132 >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22657 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=61 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 F8 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 4C 00 00 ........ .....L.. > [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 .....n.. CaR.. >[2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 44 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 002c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f8 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 00000014 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0001 >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[0].fn == 0x800ec84c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 0000004c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 6e c1 e0 43 61 52 00 00 >[2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 4C 00 00 00 00 00 00 00 6E C1 E0 43 ....L... ....n..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:10:54, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) > samr_reply_close_hnd: 334 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0014 status: NT_STATUS_OK >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0030 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f8 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000018 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22657 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 F8 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 128 >[2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x80 >[2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) > Transaction 355 of length 132 >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22721 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=61 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 F9 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 4B 00 00 ........ .....K.. > [030] 00 00 00 00 00 6E C1 E0 43 61 52 00 00 .....n.. CaR.. >[2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 44 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 002c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f9 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 00000014 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0001 >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[0].fn == 0x800ec84c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 0000004b >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 6e c1 e0 43 61 52 00 00 >[2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 4B 00 00 00 00 00 00 00 6E C1 E0 43 ....K... ....n..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:10:54, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) > samr_reply_close_hnd: 334 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0014 status: NT_STATUS_OK >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0030 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000f9 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000018 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:10:54, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22721 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 F9 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/02/01 14:10:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 136 >[2006/02/01 14:10:54, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x88 >[2006/02/01 14:10:54, 3] smbd/process.c:process_smb(1114) > Transaction 356 of length 140 >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(454) >[2006/02/01 14:10:54, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22785 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=69 >[2006/02/01 14:10:54, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 FA 00 00 ........ .4...... > [020] 00 1C 00 00 00 00 00 16 00 00 00 00 00 3E 00 00 ........ .....>.. > [030] 00 00 00 00 00 FB C0 E0 43 61 52 00 00 6A 08 00 ........ CaR..j.. > [040] 00 05 00 00 00 ..... >[2006/02/01 14:10:54, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:10:54, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:10:54, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=52 params=0 setup=2 >[2006/02/01 14:10:54, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:10:54, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:10:54, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:10:54, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:10:54, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 52 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 52 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0034 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000fa >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 36 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, incoming data = 36 >[2006/02/01 14:10:54, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 0000001c >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0016 >[2006/02/01 14:10:54, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:10:54, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:10:54, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x16 - api_rpcTNP: rpc command: SAMR_ADD_GROUPMEM >[2006/02/01 14:10:54, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[12].fn == 0x800eef2f >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_add_groupmem >[2006/02/01 14:10:54, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 0000003e >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: fb c0 e0 43 61 52 00 00 >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0014 rid : 0000086a >[2006/02/01 14:10:54, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0018 unknown: 00000005 >[2006/02/01 14:10:54, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 3E 00 00 00 00 00 00 00 FB C0 E0 43 ....>... .......C > [010] 61 52 00 00 aR.. >[2006/02/01 14:10:54, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(194) > _samr_add_groupmem: access check ((granted: 0x000d001f; required: 0x00000004) >[2006/02/01 14:10:54, 10] rpc_server/srv_samr_nt.c:_samr_add_groupmem(3292) > sid is S-1-5-21-2044582568-1589646193-1504741369-513 >[2006/02/01 14:10:54, 10] rpc_server/srv_samr_nt.c:_samr_add_groupmem(3297) > lookup on Domain SID >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(799) > get_domain_group_from_sid >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(1019, 1000) : sec_ctx_stack_ndx = 1 >[2006/02/01 14:10:54, 3] smbd/uid.c:push_conn_ctx(388) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/02/01 14:10:54, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2006/02/01 14:10:54, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/02/01 14:10:54, 5] lib/smbldap.c:smbldap_search_ext(980) > smbldap_search_ext: base => [ou=Group,dc=u4eatech,dc=com], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2044582568-1589646193-1504741369-513))], scope => [2] >[2006/02/01 14:10:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2001) > init_group_from_ldap: Entry found for group: 513 >[2006/02/01 14:10:54, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1019, 1000) - sec_ctx_stack_ndx = 0 >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(810) > get_domain_group_from_sid: SID found in the TDB >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(817) > get_domain_group_from_sid: SID is a domain group >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(823) > get_domain_group_from_sid: SID is mapped to gid:513 >[2006/02/01 14:10:54, 10] groupdb/mapping.c:get_domain_group_from_sid(831) > get_domain_group_from_sid: gid exists in UNIX security >[2006/02/01 14:10:54, 5] lib/smbldap.c:smbldap_search_ext(980) > smbldap_search_ext: base => [dc=u4eatech,dc=com], filter => [(&(sambaSID=S-1-5-21-2044582568-1589646193-1504741369-2154)(objectclass=sambaSamAccount))], scope => [2] >[2006/02/01 14:10:54, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:10:54, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 1 try! >[2006/02/01 14:10:55, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:10:55, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 2 try! >[2006/02/01 14:10:56, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:10:56, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 3 try! >[2006/02/01 14:10:57, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:10:57, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 4 try! >[2006/02/01 14:10:58, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:10:58, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 5 try! >[2006/02/01 14:10:59, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:10:59, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 6 try! >[2006/02/01 14:11:00, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:11:00, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 7 try! >[2006/02/01 14:11:01, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:11:01, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 8 try! >[2006/02/01 14:11:02, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:11:02, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 9 try! >[2006/02/01 14:11:03, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:11:03, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 10 try! >[2006/02/01 14:11:04, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:11:04, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 11 try! >[2006/02/01 14:11:05, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:11:05, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 12 try! >[2006/02/01 14:11:06, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:11:06, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 13 try! >[2006/02/01 14:11:07, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:11:07, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 14 try! >[2006/02/01 14:11:08, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:11:08, 1] lib/smbldap.c:another_ldap_try(951) > Connection to LDAP server failed for the 15 try! >[2006/02/01 14:11:09, 0] lib/smbldap.c:smbldap_open(822) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 14:11:09, 0] lib/smbldap.c:smbldap_search_suffix(1246) > smbldap_search_suffix: Problem during the LDAP search: (Time limit exceeded) >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_add_groupmem >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0000 status: NT_STATUS_NO_SUCH_USER >[2006/02/01 14:11:09, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:11:09, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:11:09, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 36 >[2006/02/01 14:11:09, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:11:09, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 001c >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000fa >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000004 >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:11:09, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:11:09, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..28] >[2006/02/01 14:11:09, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:09, 5] lib/util.c:show_msg(464) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22785 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2006/02/01 14:11:09, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 FA 00 00 ........ ........ > [010] 00 04 00 00 00 00 00 00 00 64 00 00 C0 ........ .d... >[2006/02/01 14:11:11, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 128 >[2006/02/01 14:11:11, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x80 >[2006/02/01 14:11:11, 3] smbd/process.c:process_smb(1114) > Transaction 357 of length 132 >[2006/02/01 14:11:11, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:11, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22849 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=61 >[2006/02/01 14:11:11, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 FB 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 3E 00 00 ........ .....>.. > [030] 00 00 00 00 00 FB C0 E0 43 61 52 00 00 ........ CaR.. >[2006/02/01 14:11:11, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:11:11, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:11:11, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/02/01 14:11:11, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:11:11, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:11:11, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:11:11, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:11:11, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:11:11, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:11:11, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:11:11, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:11:11, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 44 >[2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 002c >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000fb >[2006/02/01 14:11:11, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 00000014 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0001 >[2006/02/01 14:11:11, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:11:11, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:11:11, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2006/02/01 14:11:11, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[0].fn == 0x800ec84c >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2006/02/01 14:11:11, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 0000003e >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: fb c0 e0 43 61 52 00 00 >[2006/02/01 14:11:11, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 3E 00 00 00 00 00 00 00 FB C0 E0 43 ....>... .......C > [010] 61 52 00 00 aR.. >[2006/02/01 14:11:11, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/02/01 14:11:11, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) > samr_reply_close_hnd: 334 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2006/02/01 14:11:11, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 00000000 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0014 status: NT_STATUS_OK >[2006/02/01 14:11:11, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:11:11, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2006/02/01 14:11:11, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:11:11, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0030 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000fb >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000018 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:11:11, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:11:11, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/02/01 14:11:11, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:11, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22849 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/02/01 14:11:11, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 FB 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/02/01 14:11:12, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 128 >[2006/02/01 14:11:12, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x80 >[2006/02/01 14:11:12, 3] smbd/process.c:process_smb(1114) > Transaction 358 of length 132 >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22913 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=61 >[2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 FC 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 05 00 00 ........ ........ > [030] 00 00 00 00 00 5B BE E0 43 61 52 00 00 .....[.. CaR.. >[2006/02/01 14:11:12, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:11:12, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:11:12, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/02/01 14:11:12, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:11:12, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:11:12, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:11:12, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:11:12, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 44 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 002c >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000fc >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 00000014 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0001 >[2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:11:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2006/02/01 14:11:12, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[0].fn == 0x800ec84c >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 00000005 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 5b be e0 43 61 52 00 00 >[2006/02/01 14:11:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[3] [000] 00 00 00 00 05 00 00 00 00 00 00 00 5B BE E0 43 ........ ....[..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:11:12, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/02/01 14:11:12, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) > samr_reply_close_hnd: 334 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 00000000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0014 status: NT_STATUS_OK >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0030 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000fc >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000018 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:11:12, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22913 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 FC 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/02/01 14:11:12, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 128 >[2006/02/01 14:11:12, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x80 >[2006/02/01 14:11:12, 3] smbd/process.c:process_smb(1114) > Transaction 359 of length 132 >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22977 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=61 >[2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 FD 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 12 00 00 ........ ........ > [030] 00 00 00 00 00 5B BE E0 43 61 52 00 00 .....[.. CaR.. >[2006/02/01 14:11:12, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:11:12, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:11:12, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/02/01 14:11:12, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:11:12, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:11:12, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:11:12, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:11:12, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 44 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 002c >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000fd >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 00000014 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0001 >[2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:11:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2006/02/01 14:11:12, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[0].fn == 0x800ec84c >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 00000012 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 5b be e0 43 61 52 00 00 >[2006/02/01 14:11:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 12 00 00 00 00 00 00 00 5B BE E0 43 ........ ....[..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:11:12, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/02/01 14:11:12, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) > samr_reply_close_hnd: 334 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 00000000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0014 status: NT_STATUS_OK >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0030 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000fd >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000018 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:11:12, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=22977 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 FD 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/02/01 14:11:12, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 128 >[2006/02/01 14:11:12, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x80 >[2006/02/01 14:11:12, 3] smbd/process.c:process_smb(1114) > Transaction 360 of length 132 >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=23041 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29759 (0x743F) > smb_bcc=61 >[2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 FE 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 11 00 00 ........ ........ > [030] 00 00 00 00 00 5B BE E0 43 61 52 00 00 .....[.. CaR.. >[2006/02/01 14:11:12, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:11:12, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:11:12, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/02/01 14:11:12, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:11:12, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:11:12, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:11:12, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "samr" (pnum 743f) >[2006/02/01 14:11:12, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x8033ef78 max_trans_reply: 4280 >[2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 743f name: samr open: Yes len: 44 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 002c >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000fe >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 00000014 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0001 >[2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\samr >[2006/02/01 14:11:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2006/02/01 14:11:12, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[0].fn == 0x800ec84c >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 00000011 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 5b be e0 43 61 52 00 00 >[2006/02/01 14:11:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 11 00 00 00 00 00 00 00 5B BE E0 43 ........ ....[..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:11:12, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/02/01 14:11:12, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(334) > samr_reply_close_hnd: 334 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd pol >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 00000000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0014 status: NT_STATUS_OK >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called samr successfully >[2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 743f name: samr len: 4280 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0030 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 000000fe >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000018 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:11:12, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=23041 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 FE 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/02/01 14:11:12, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 41 >[2006/02/01 14:11:12, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x29 >[2006/02/01 14:11:12, 3] smbd/process.c:process_smb(1114) > Transaction 361 of length 45 >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=23105 > smt_wct=3 > smb_vwv[ 0]=29759 (0x743F) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2006/02/01 14:11:12, 3] smbd/process.c:switch_message(900) > switch message SMBclose (pid 21089) conn 0x80340138 >[2006/02/01 14:11:12, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=743f >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=2) >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name samr pnum=743f (pipes_open=2) >[2006/02/01 14:11:12, 5] smbd/pipes.c:reply_pipe_close(272) > reply_pipe_close: pnum:743f >[2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1082) > closed pipe name samr pnum=743f (pipes_open=1) >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=23105 > smt_wct=0 > smb_bcc=0 >[2006/02/01 14:11:12, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 128 >[2006/02/01 14:11:12, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x80 >[2006/02/01 14:11:12, 3] smbd/process.c:process_smb(1114) > Transaction 362 of length 132 >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=23169 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29760 (0x7440) > smb_bcc=61 >[2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0F 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 10 00 00 ........ ........ > [030] 00 00 00 00 00 5B BE E0 43 61 52 00 00 .....[.. CaR.. >[2006/02/01 14:11:12, 3] smbd/process.c:switch_message(900) > switch message SMBtrans (pid 21089) conn 0x80340138 >[2006/02/01 14:11:12, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:11:12, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=44 params=0 setup=2 >[2006/02/01 14:11:12, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/02/01 14:11:12, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/02/01 14:11:12, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7440 >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=1) >[2006/02/01 14:11:12, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7440) >[2006/02/01 14:11:12, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x80343c30 max_trans_reply: 1024 >[2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(853) > write_to_pipe: 7440 name: lsarpc open: Yes len: 44 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 44 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(399) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 16 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 002c >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 0000000f >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486) > unmarshall_rpc_header: using little-endian RPC >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 0 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(875) > write_to_pipe: data_left = 28 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 28, incoming data = 28 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(721) > process_complete_pdu: processing packet type 0 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 alloc_hint: 00000014 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0004 context_id: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0006 opnum : 0000 >[2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1509) > Requested \PIPE\lsarpc >[2006/02/01 14:11:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2006/02/01 14:11:12, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569) > api_rpc_cmds[4].fn == 0x800bcc6b >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_close >[2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 00000010 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 5b be e0 43 61 52 00 00 >[2006/02/01 14:11:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 10 00 00 00 00 00 00 00 5B BE E0 43 ........ ....[..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:11:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 10 00 00 00 00 00 00 00 5B BE E0 43 ........ ....[..C > [010] 61 52 00 00 aR.. >[2006/02/01 14:11:12, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_close >[2006/02/01 14:11:12, 6] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_pol_hnd >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0000 data1: 00000000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0004 data2: 00000000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 data3: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a data4: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8s(758) > 000c data5: 00 00 00 00 00 00 00 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(701) > 0014 status: NT_STATUS_OK >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1590) > api_rpcTNP: called lsarpc successfully >[2006/02/01 14:11:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(543) > free_pipe_context: destroying talloc pool of size 0 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(879) > write_to_pipe: data_used = 28 >[2006/02/01 14:11:12, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(910) > read_from_pipe: 7440 name: lsarpc len: 1024 >[2006/02/01 14:11:12, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(983) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0000 major : 05 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0001 minor : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0002 pkt_type : 02 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0003 flags : 03 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0004 pack_type0: 10 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0005 pack_type1: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0006 pack_type2: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0007 pack_type3: 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0008 frag_len : 0030 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 000a auth_len : 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 000c call_id : 0000000f >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint32(671) > 0010 alloc_hint: 00000018 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint16(642) > 0014 context_id: 0000 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0016 cancel_ct : 00 >[2006/02/01 14:11:12, 5] rpc_parse/parse_prs.c:prs_uint8(582) > 0017 reserved : 00 >[2006/02/01 14:11:12, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=3496 > smb_uid=101 > smb_mid=23169 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/02/01 14:11:12, 10] lib/util.c:dump_data(2053) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0F 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [030] 00 . >[2006/02/01 14:11:12, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 41 >[2006/02/01 14:11:12, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x29 >[2006/02/01 14:11:12, 3] smbd/process.c:process_smb(1114) > Transaction 363 of length 45 >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=23233 > smt_wct=3 > smb_vwv[ 0]=29760 (0x7440) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2006/02/01 14:11:12, 3] smbd/process.c:switch_message(900) > switch message SMBclose (pid 21089) conn 0x80340138 >[2006/02/01 14:11:12, 4] smbd/uid.c:change_to_user(217) > change_to_user: Skipping user change - already user >[2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169) > search for pipe pnum=7440 >[2006/02/01 14:11:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1173) > pipe name lsarpc pnum=7440 (pipes_open=1) >[2006/02/01 14:11:12, 5] smbd/pipes.c:reply_pipe_close(272) > reply_pipe_close: pnum:7440 >[2006/02/01 14:11:12, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe lsarpc >[2006/02/01 14:11:12, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1082) > closed pipe name lsarpc pnum=7440 (pipes_open=0) >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:12, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=23233 > smt_wct=0 > smb_bcc=0 >[2006/02/01 14:11:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 39 >[2006/02/01 14:11:24, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x27 >[2006/02/01 14:11:24, 3] smbd/process.c:process_smb(1114) > Transaction 364 of length 43 >[2006/02/01 14:11:24, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:24, 5] lib/util.c:show_msg(464) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=23297 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2006/02/01 14:11:24, 3] smbd/process.c:switch_message(900) > switch message SMBulogoffX (pid 21089) conn 0x0 >[2006/02/01 14:11:24, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/02/01 14:11:24, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2006/02/01 14:11:24, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/02/01 14:11:24, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/02/01 14:11:24, 5] auth/auth_util.c:free_server_info(1387) > attempting to free (and zero) a server_info structure >[2006/02/01 14:11:24, 3] smbd/reply.c:reply_ulogoffX(1560) > ulogoffX vuid=101 >[2006/02/01 14:11:24, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:24, 5] lib/util.c:show_msg(464) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=23297 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2006/02/01 14:11:24, 10] lib/util_sock.c:read_smb_length_return_keepalive(615) > got smb length of 35 >[2006/02/01 14:11:24, 6] smbd/process.c:process_smb(1113) > got message type 0x0 of len 0x23 >[2006/02/01 14:11:24, 3] smbd/process.c:process_smb(1114) > Transaction 365 of length 39 >[2006/02/01 14:11:24, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:24, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=23361 > smt_wct=0 > smb_bcc=0 >[2006/02/01 14:11:24, 3] smbd/process.c:switch_message(900) > switch message SMBtdis (pid 21089) conn 0x80340138 >[2006/02/01 14:11:24, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/02/01 14:11:24, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2006/02/01 14:11:24, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/02/01 14:11:24, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/02/01 14:11:24, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/02/01 14:11:24, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2006/02/01 14:11:24, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/02/01 14:11:24, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/02/01 14:11:24, 3] smbd/service.c:close_cnum(835) > phobos (172.30.20.126) closed connection to service IPC$ >[2006/02/01 14:11:24, 3] smbd/connection.c:yield_connection(69) > Yielding connection to IPC$ >[2006/02/01 14:11:24, 4] smbd/vfs.c:vfs_ChDir(737) > vfs_ChDir to / >[2006/02/01 14:11:24, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/02/01 14:11:24, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2006/02/01 14:11:24, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/02/01 14:11:24, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/02/01 14:11:24, 5] lib/util.c:show_msg(454) >[2006/02/01 14:11:24, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=23361 > smt_wct=0 > smb_bcc=0 >[2006/02/01 14:11:24, 10] lib/util_sock.c:read_data(517) > read_data: read of 4 returned 0. Error = Success >[2006/02/01 14:11:24, 10] lib/util_sock.c:receive_smb_raw(666) > receive_smb_raw: length < 0! >[2006/02/01 14:11:24, 3] smbd/process.c:timeout_processing(1366) > timeout_processing: End of file from client (client has disconnected). >[2006/02/01 14:11:24, 5] lib/gencache.c:gencache_shutdown(88) > Closing cache file >[2006/02/01 14:11:24, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2006/02/01 14:11:24, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/02/01 14:11:24, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) >[2006/02/01 14:11:24, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/02/01 14:11:24, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/02/01 14:11:24, 2] smbd/server.c:exit_server(612) > Closing connections >[2006/02/01 14:11:24, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2006/02/01 14:11:24, 5] smbd/oplock.c:receive_local_message(110) > receive_local_message: doing select with timeout of 1 ms >[2006/02/01 14:11:24, 3] smbd/server.c:exit_server(656) > Server exit (normal exit)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 3477
: 1719