Extract from log: [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint32(635) 001c type[00] : 00000001 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0020 status: NT_STATUS_OK [2003/10/13 10:45:11, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called samr successfully [2003/10/13 10:45:11, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 48 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 003c [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 000000e2 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000024 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/13 10:45:11, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..60] [2003/10/13 10:45:11, 5] lib/util.c:show_msg(456) [2003/10/13 10:45:11, 5] lib/util.c:show_msg(466) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=708 smb_uid=100 smb_mid=16577 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2003/10/13 10:45:11, 3] smbd/process.c:process_smb(890) Transaction 261 of length 140 [2003/10/13 10:45:11, 5] lib/util.c:show_msg(456) [2003/10/13 10:45:11, 5] lib/util.c:show_msg(466) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=708 smb_uid=100 smb_mid=16640 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=30184 (0x75E8) smb_bcc=69 [2003/10/13 10:45:11, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 12508) [2003/10/13 10:45:11, 4] smbd/uid.c:change_to_user(122) change_to_user: Skipping user change - already user [2003/10/13 10:45:11, 3] smbd/ipc.c:reply_trans(514) trans <\PIPE\> data=52 params=0 setup=2 [2003/10/13 10:45:11, 5] smbd/ipc.c:reply_trans(533) calling named_pipe [2003/10/13 10:45:11, 3] smbd/ipc.c:named_pipe(326) named pipe command on <> name [2003/10/13 10:45:11, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2003/10/13 10:45:11, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) search for pipe pnum=75e8 [2003/10/13 10:45:11, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name lsarpc pnum=75e9 (pipes_open=2) [2003/10/13 10:45:11, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) pipe name samr pnum=75e8 (pipes_open=2) [2003/10/13 10:45:11, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe "samr" (pnum 75e8)000000 smb_io_rpc_hdr [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0034 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 000000e3 [2003/10/13 10:45:11, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) unmarshall_rpc_header: using little-endian RPC [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr_req req [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 alloc_hint: 0000001c [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0004 context_id: 0000 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0006 opnum : 0013 [2003/10/13 10:45:11, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 0 [2003/10/13 10:45:11, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) Requested \PIPE\samr [2003/10/13 10:45:11, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) api_rpcTNP: samr op 0x13 - api_rpcTNP: rpc command: SAMR_OPEN_GROUP [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_q_open_group [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000010 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 3b 65 8a 3f dc 30 00 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0014 access_mask: 0000001f [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0018 rid_group: 000007d2 [2003/10/13 10:45:11, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 10 00 00 00 00 00 00 00 3B 65 8A 3F ........ ....;e.? [010] DC 30 00 00 Ü0.. [2003/10/13 10:45:11, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) _samr_open_group: access check ((granted: 0x000203f3; required: 0x00000200) [2003/10/13 10:45:11, 3] lib/util_seaccess.c:se_access_check(251) [2003/10/13 10:45:11, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-2244014245-3637982190-3323613867-1000 se_access_check: also S-1-5-21-2244014245-3637982190-3323613867-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 [2003/10/13 10:45:11, 5] lib/util_seaccess.c:se_access_check(315) se_access_check: access (1f) denied. [2003/10/13 10:45:11, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(87) _samr_open_group: ACCESS should be DENIED (requested: 0x0000001f) but overritten by euid == sec_initial_uid() [2003/10/13 10:45:11, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2244014245-3637982190-3323613867-2002))] [2003/10/13 10:45:11, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1760) ldapsam_getgroup: Did not find group [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_open_group [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0000 data1: 00000000 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0004 data2: 00000000 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 data3: 0000 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a data4: 0000 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8s(722) 000c data5: 00 00 00 00 00 00 00 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0014 status: NT_STATUS_NO_SUCH_GROUP [2003/10/13 10:45:11, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) api_rpcTNP: called samr successfully [2003/10/13 10:45:11, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 732 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 smb_io_rpc_hdr hdr [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0000 major : 05 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0001 minor : 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0002 pkt_type : 02 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0003 flags : 03 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0004 pack_type0: 10 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0005 pack_type1: 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0006 pack_type2: 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0007 pack_type3: 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0008 frag_len : 0030 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint16(606) 000a auth_len : 0000 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint32(635) 000c call_id : 000000e3 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_debug(82) 000010 smb_io_rpc_hdr_resp resp [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint32(635) 0010 alloc_hint: 00000018 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint16(606) 0014 context_id: 0000 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0016 cancel_ct : 00 [2003/10/13 10:45:11, 5] rpc_parse/parse_prs.c:prs_uint8(577) 0017 reserved : 00 [2003/10/13 10:45:11, 5] smbd/ipc.c:copy_trans_params_and_data(62) copy_trans_params_and_data: params[0..0] data[0..48] [2003/10/13 10:45:11, 5] lib/util.c:show_msg(456) [2003/10/13 10:45:11, 5] lib/util.c:show_msg(466) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=708 smb_uid=100 smb_mid=16640 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2003/10/13 10:46:11, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/13 10:46:11, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/10/13 10:46:11, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/10/13 10:46:11, 5] smbd/uid.c:change_to_root_user(218) change_to_root_user: now uid=(0,0) gid=(0,0) # pdbedit3 -L -v -u bgmilne Unix username: bgmilne NT username: bgmilne Account Flags: [U ] User SID: S-1-5-21-2244014245-3637982190-3323613867-2002 Primary Group SID: S-1-5-21-2244014245-3637982190-3323613867-512 Full Name: Buchan Milne Home Directory: \\%N\bgmilne HomeDir Drive: Z: Logon Script: Profile Path: \\cm3-samba3\Profiles\bgmilne Domain: CMDOM Account desc: Workstations: Munged dial: Logon time: Fri, 13 Dec 1901 22:45:51 GMT Logoff time: Fri, 13 Dec 1901 22:45:51 GMT Kickoff time: Fri, 13 Dec 1901 22:45:51 GMT Password last set: Mon, 29 Sep 2003 11:54:34 GMT Password can change: Mon, 29 Sep 2003 11:54:34 GMT Password must change: Mon, 20 Oct 2003 11:54:34 GMT # net groupmap list verbose bgmilne SID : S-1-5-21-2244014245-3637982190-3323613867-2003 Unix group: bgmilne Group type: Domain group Comment : milne SID : S-1-5-21-2244014245-3637982190-3323613867-2009 Unix group: milne Group type: Domain group Comment : Local Unix group mom SID : S-1-5-21-2244014245-3637982190-3323613867-2011 Unix group: mom Group type: Domain group Comment : home SID : S-1-5-21-2244014245-3637982190-3323613867-3001 Unix group: home Group type: Domain group Comment : Domain Admins SID : S-1-5-21-2244014245-3637982190-3323613867-512 Unix group: adm Group type: Domain group Comment : Domain Users SID : S-1-5-21-2244014245-3637982190-3323613867-513 Unix group: users Group type: Domain group Comment : Domain Guests SID : S-1-5-21-2244014245-3637982190-3323613867-132069 Unix group: nogroup Group type: Domain group Comment : Machine accounts SID : S-1-5-21-2244014245-3637982190-3323613867-1843 Unix group: machines Group type: Domain group Comment : usb SID : S-1-5-21-2244014245-3637982190-3323613867-1087 Unix group: usb Group type: Domain group Comment : nttest SID : S-1-5-21-2244014245-3637982190-3323613867-3005 Unix group: nttest Group type: Domain group Comment : root SID : S-1-5-21-2244014245-3637982190-3323613867-1001 Unix group: root Group type: Domain group Comment : Local Unix group # getent group bgmilne milne mom home adm users nogroup machines usb nttest root bgmilne:x:501:bgmilne milne:x:504: mom:x:505: home:x:1000:mom,milne,bgmilne adm:x:4:admin,ldap,bgmilne users:x:100:bgmilne nogroup:x:65534: machines:x:421: usb:x:43:bgmilne nttest:x:1002: root:x:0: