[2006/06/20 18:16:30, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:40, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. [2006/06/20 18:16:40, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1150820190) - last(1150819908) < 900 [2006/06/20 18:16:40, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:40, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:50, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. [2006/06/20 18:16:50, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1150820200) - last(1150819908) < 900 [2006/06/20 18:16:50, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) dump_workgroups() dump workgroup on subnet 192.168.68.1: netmask= 255.255.255.0: ANDOLAN(1) current master browser = SERVER SERVER 400c9b0b (AndoBurg B.V.) WS035 40001003 () [2006/06/20 18:16:50, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.68.1: ANDOLAN(1) current master browser = UNKNOWN SERVER 40099b0b (AndoBurg B.V.) [2006/06/20 18:16:50, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:50, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:53, 10] lib/util_sock.c:read_udp_socket(289) read_udp_socket: lastip 192.168.68.22 lastport 138 read: 231 [2006/06/20 18:16:53, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 231 from (192.168.68.22) port 138 [2006/06/20 18:16:53, 10] lib/util_sock.c:read_udp_socket(289) read_udp_socket: lastip 192.168.68.22 lastport 138 read: 231 [2006/06/20 18:16:53, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 231 from (192.168.68.22) port 138 [2006/06/20 18:16:53, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() 1 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1b>", 84 ) [2006/06/20 18:16:53, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() 0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) [2006/06/20 18:16:53, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 [2006/06/20 18:16:53, 4] nmbd/nmbd_packets.c:process_dgram(1268) process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=57 [2006/06/20 18:16:53, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 192.168.68.22: code = 0x12 [2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) process_logon_packet: SAMLOGON sidsize 0, len = 57 [2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) process_logon_packet: len = 57 PTR_DIFF(q, buf) = 49 [2006/06/20 18:16:53, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) process_logon_packet: SAMLOGON sidsize 0 ntv 11 [2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) process_logon_packet: SAMLOGON user [2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) process_logon_packet: SAMLOGON request from ws035(192.168.68.22) for , returning logon svr \\SERVER domain ANDOLAN code 13 token=ffff [2006/06/20 18:16:53, 4] lib/util.c:dump_data(2058) [000] 15 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 ..\.\.S. E.R.V.E. [010] 52 00 00 00 00 00 41 00 4E 00 44 00 4F 00 4C 00 R.....A. N.D.O.L. [020] 41 00 4E 00 00 00 01 00 00 00 FF FF FF FF A.N..... ...... [2006/06/20 18:16:53, 4] nmbd/nmbd_packets.c:send_mailslot(1917) send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC042 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 [2006/06/20 18:16:53, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char ..\.\.S.E.R.V.E. hex 15 00 5c 00 5c 00 53 00 45 00 52 00 56 00 45 00 10 char R.....A.N.D.O.L. hex 52 00 00 00 00 00 41 00 4e 00 44 00 4f 00 4c 00 20 char A.N........... hex 41 00 4e 00 00 00 01 00 00 00 ff ff ff ff [2006/06/20 18:16:53, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 220 to (192.168.68.22) on port 138 [2006/06/20 18:16:53, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() 0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) [2006/06/20 18:16:53, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 [2006/06/20 18:16:53, 4] nmbd/nmbd_packets.c:process_dgram(1268) process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=57 [2006/06/20 18:16:53, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 192.168.68.22: code = 0x12 [2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) process_logon_packet: SAMLOGON sidsize 0, len = 57 [2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) process_logon_packet: len = 57 PTR_DIFF(q, buf) = 49 [2006/06/20 18:16:53, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) process_logon_packet: SAMLOGON sidsize 0 ntv 11 [2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) process_logon_packet: SAMLOGON user [2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) process_logon_packet: SAMLOGON request from ws035(192.168.68.22) for , returning logon svr \\SERVER domain ANDOLAN code 13 token=ffff [2006/06/20 18:16:53, 4] lib/util.c:dump_data(2058) [000] 15 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 ..\.\.S. E.R.V.E. [010] 52 00 00 00 00 00 41 00 4E 00 44 00 4F 00 4C 00 R.....A. N.D.O.L. [020] 41 00 4E 00 00 00 01 00 00 00 FF FF FF FF A.N..... ...... [2006/06/20 18:16:53, 4] nmbd/nmbd_packets.c:send_mailslot(1917) send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC042 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 [2006/06/20 18:16:53, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char ..\.\.S.E.R.V.E. hex 15 00 5c 00 5c 00 53 00 45 00 52 00 56 00 45 00 10 char R.....A.N.D.O.L. hex 52 00 00 00 00 00 41 00 4e 00 44 00 4f 00 4c 00 20 char A.N........... hex 41 00 4e 00 00 00 01 00 00 00 ff ff ff ff [2006/06/20 18:16:53, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 220 to (192.168.68.22) on port 138 [2006/06/20 18:16:53, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. [2006/06/20 18:16:53, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1150820210) - last(1150819908) < 900 [2006/06/20 18:16:53, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) dump_workgroups() dump workgroup on subnet 192.168.68.1: netmask= 255.255.255.0: ANDOLAN(1) current master browser = SERVER SERVER 400c9b0b (AndoBurg B.V.) WS035 40001003 () [2006/06/20 18:16:53, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.68.1: ANDOLAN(1) current master browser = UNKNOWN SERVER 40099b0b (AndoBurg B.V.) [2006/06/20 18:16:53, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:53, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:57, 10] lib/util_sock.c:read_udp_socket(289) read_udp_socket: lastip 192.168.68.22 lastport 138 read: 231 [2006/06/20 18:16:57, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 231 from (192.168.68.22) port 138 [2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() 0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) [2006/06/20 18:16:57, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:process_dgram(1268) process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=57 [2006/06/20 18:16:57, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 192.168.68.22: code = 0x12 [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) process_logon_packet: SAMLOGON sidsize 0, len = 57 [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) process_logon_packet: len = 57 PTR_DIFF(q, buf) = 49 [2006/06/20 18:16:57, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) process_logon_packet: SAMLOGON sidsize 0 ntv 11 [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) process_logon_packet: SAMLOGON user [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) process_logon_packet: SAMLOGON request from ws035(192.168.68.22) for , returning logon svr \\SERVER domain ANDOLAN code 13 token=ffff [2006/06/20 18:16:57, 4] lib/util.c:dump_data(2058) [000] 15 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 ..\.\.S. E.R.V.E. [010] 52 00 00 00 00 00 41 00 4E 00 44 00 4F 00 4C 00 R.....A. N.D.O.L. [020] 41 00 4E 00 00 00 01 00 00 00 FF FF FF FF A.N..... ...... [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:send_mailslot(1917) send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC468 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char ..\.\.S.E.R.V.E. hex 15 00 5c 00 5c 00 53 00 45 00 52 00 56 00 45 00 10 char R.....A.N.D.O.L. hex 52 00 00 00 00 00 41 00 4e 00 44 00 4f 00 4c 00 20 char A.N........... hex 41 00 4e 00 00 00 01 00 00 00 ff ff ff ff [2006/06/20 18:16:57, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 220 to (192.168.68.22) on port 138 [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. [2006/06/20 18:16:57, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1150820213) - last(1150819908) < 900 [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:57, 10] lib/util_sock.c:read_udp_socket(289) read_udp_socket: lastip 192.168.68.22 lastport 138 read: 231 [2006/06/20 18:16:57, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 231 from (192.168.68.22) port 138 [2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() 0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) [2006/06/20 18:16:57, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:process_dgram(1268) process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=57 [2006/06/20 18:16:57, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 192.168.68.22: code = 0x12 [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) process_logon_packet: SAMLOGON sidsize 0, len = 57 [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) process_logon_packet: len = 57 PTR_DIFF(q, buf) = 49 [2006/06/20 18:16:57, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) process_logon_packet: SAMLOGON sidsize 0 ntv 11 [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) process_logon_packet: SAMLOGON user [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) process_logon_packet: SAMLOGON request from ws035(192.168.68.22) for , returning logon svr \\SERVER domain ANDOLAN code 13 token=ffff [2006/06/20 18:16:57, 4] lib/util.c:dump_data(2058) [000] 15 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 ..\.\.S. E.R.V.E. [010] 52 00 00 00 00 00 41 00 4E 00 44 00 4F 00 4C 00 R.....A. N.D.O.L. [020] 41 00 4E 00 00 00 01 00 00 00 FF FF FF FF A.N..... ...... [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:send_mailslot(1917) send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC468 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char ..\.\.S.E.R.V.E. hex 15 00 5c 00 5c 00 53 00 45 00 52 00 56 00 45 00 10 char R.....A.N.D.O.L. hex 52 00 00 00 00 00 41 00 4e 00 44 00 4f 00 4c 00 20 char A.N........... hex 41 00 4e 00 00 00 01 00 00 00 ff ff ff ff [2006/06/20 18:16:57, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 220 to (192.168.68.22) on port 138 [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. [2006/06/20 18:16:57, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1150820217) - last(1150819908) < 900 [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) dump_workgroups() dump workgroup on subnet 192.168.68.1: netmask= 255.255.255.0: ANDOLAN(1) current master browser = SERVER SERVER 400c9b0b (AndoBurg B.V.) WS035 40001003 () [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.68.1: ANDOLAN(1) current master browser = UNKNOWN SERVER 40099b0b (AndoBurg B.V.) [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:57, 10] lib/util_sock.c:read_udp_socket(289) read_udp_socket: lastip 192.168.68.22 lastport 138 read: 243 [2006/06/20 18:16:57, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 243 from (192.168.68.22) port 138 [2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() 0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) [2006/06/20 18:16:57, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:process_dgram(1268) process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=69 [2006/06/20 18:16:57, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 192.168.68.22: code = 0x12 [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) process_logon_packet: SAMLOGON sidsize 0, len = 69 [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) process_logon_packet: len = 69 PTR_DIFF(q, buf) = 61 [2006/06/20 18:16:57, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) process_logon_packet: SAMLOGON sidsize 0 ntv 11 [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) process_logon_packet: SAMLOGON user ws035$ [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) process_logon_packet: SAMLOGON request from ws035(192.168.68.22) for ws035$, returning logon svr \\SERVER domain ANDOLAN code 13 token=ffff [2006/06/20 18:16:57, 4] lib/util.c:dump_data(2058) [000] 13 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 ..\.\.S. E.R.V.E. [010] 52 00 00 00 77 00 73 00 30 00 33 00 35 00 24 00 R...w.s. 0.3.5.$. [020] 00 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 ..A.N.D. O.L.A.N. [030] 00 00 01 00 00 00 FF FF FF FF ........ .. [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:send_mailslot(1917) send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC335 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char ..\.\.S.E.R.V.E. hex 13 00 5c 00 5c 00 53 00 45 00 52 00 56 00 45 00 10 char R...w.s.0.3.5.$. hex 52 00 00 00 77 00 73 00 30 00 33 00 35 00 24 00 20 char ..A.N.D.O.L.A.N. hex 00 00 41 00 4e 00 44 00 4f 00 4c 00 41 00 4e 00 30 char .......... hex 00 00 01 00 00 00 ff ff ff ff [2006/06/20 18:16:57, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 232 to (192.168.68.22) on port 138 [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. [2006/06/20 18:16:57, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1150820217) - last(1150819908) < 900 [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:57, 10] lib/util_sock.c:read_udp_socket(289) read_udp_socket: lastip 192.168.68.22 lastport 138 read: 243 [2006/06/20 18:16:57, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 243 from (192.168.68.22) port 138 [2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() 0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) [2006/06/20 18:16:57, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:process_dgram(1268) process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=69 [2006/06/20 18:16:57, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 192.168.68.22: code = 0x12 [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) process_logon_packet: SAMLOGON sidsize 0, len = 69 [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) process_logon_packet: len = 69 PTR_DIFF(q, buf) = 61 [2006/06/20 18:16:57, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) process_logon_packet: SAMLOGON sidsize 0 ntv 11 [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) process_logon_packet: SAMLOGON user ws035$ [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) process_logon_packet: SAMLOGON request from ws035(192.168.68.22) for ws035$, returning logon svr \\SERVER domain ANDOLAN code 13 token=ffff [2006/06/20 18:16:57, 4] lib/util.c:dump_data(2058) [000] 13 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 ..\.\.S. E.R.V.E. [010] 52 00 00 00 77 00 73 00 30 00 33 00 35 00 24 00 R...w.s. 0.3.5.$. [020] 00 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 ..A.N.D. O.L.A.N. [030] 00 00 01 00 00 00 FF FF FF FF ........ .. [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:send_mailslot(1917) send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC335 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char ..\.\.S.E.R.V.E. hex 13 00 5c 00 5c 00 53 00 45 00 52 00 56 00 45 00 10 char R...w.s.0.3.5.$. hex 52 00 00 00 77 00 73 00 30 00 33 00 35 00 24 00 20 char ..A.N.D.O.L.A.N. hex 00 00 41 00 4e 00 44 00 4f 00 4c 00 41 00 4e 00 30 char .......... hex 00 00 01 00 00 00 ff ff ff ff [2006/06/20 18:16:57, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 232 to (192.168.68.22) on port 138 [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. [2006/06/20 18:16:57, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1150820217) - last(1150819908) < 900 [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:57, 10] lib/util_sock.c:read_udp_socket(289) read_udp_socket: lastip 192.168.68.22 lastport 138 read: 226 [2006/06/20 18:16:57, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 226 from (192.168.68.22) port 138 [2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() -1 == memcmp( "ANDOLAN<1b>", "ANDOLAN<1c>", 84 ) [2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() 0 == memcmp( "ANDOLAN<1b>", "ANDOLAN<1b>", 84 ) [2006/06/20 18:16:57, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1b> source=2 [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:process_dgram(1268) process_dgram: datagram from WS035<00> to ANDOLAN<1b> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 7 len=52 [2006/06/20 18:16:57, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 192.168.68.22: code = 0x7 [2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(258) process_logon_packet: GETDC request from WS035 at IP 192.168.68.22, reporting SERVER domain ANDOLAN 0xc ntversion=b lm_nt token=ffff lm_20 token=ffff [2006/06/20 18:16:57, 4] lib/util.c:dump_data(2058) [000] 0C 00 53 45 52 56 45 52 00 00 53 00 45 00 52 00 ..SERVER ..S.E.R. [010] 56 00 45 00 52 00 00 00 41 00 4E 00 44 00 4F 00 V.E.R... A.N.D.O. [020] 4C 00 41 00 4E 00 00 00 01 00 00 00 FF FF FF FF L.A.N... ........ [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:send_mailslot(1917) send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC335 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char ..SERVER..S.E.R. hex 0c 00 53 45 52 56 45 52 00 00 53 00 45 00 52 00 10 char V.E.R...A.N.D.O. hex 56 00 45 00 52 00 00 00 41 00 4e 00 44 00 4f 00 20 char L.A.N........... hex 4c 00 41 00 4e 00 00 00 01 00 00 00 ff ff ff ff [2006/06/20 18:16:57, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 222 to (192.168.68.22) on port 138 [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. [2006/06/20 18:16:57, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1150820217) - last(1150819908) < 900 [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:57, 10] lib/util_sock.c:read_udp_socket(289) read_udp_socket: lastip 192.168.68.22 lastport 137 read: 50 [2006/06/20 18:16:57, 10] libsmb/nmblib.c:parse_nmb(506) parse_nmb: packet id = 32803 [2006/06/20 18:16:57, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 50 from (192.168.68.22) port 137 [2006/06/20 18:16:57, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 192.168.68.22(137) header: id=32803 opcode=Query(0) response=No header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=SERVER<20> q_type=32 q_class=1 [2006/06/20 18:16:57, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1513) wins_process_name_query: name query for name SERVER<20> from IP 192.168.68.22 [2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() 1 == memcmp( "SERVER<20>", "ANDOLAN<00>", 84 ) [2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() -1 == memcmp( "SERVER<20>", "WS035<00>", 84 ) [2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() 1 == memcmp( "SERVER<20>", "ANDOLAN<1b>", 84 ) [2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() 0 == memcmp( "SERVER<20>", "SERVER<20>", 84 ) [2006/06/20 18:16:57, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) find_name_on_subnet: on subnet WINS_SERVER_SUBNET - found name SERVER<20> source=1 [2006/06/20 18:16:57, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1565) wins_process_name_query: name query for name SERVER<20> returning first IP 192.168.68.1. [2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:reply_netbios_packet(938) reply_netbios_packet: sending a reply of packet type: wins_query SERVER<20> to ip 192.168.68.22 for id 32803 [2006/06/20 18:16:57, 4] libsmb/nmblib.c:debug_nmb_packet(112) nmb packet from 192.168.68.22(137) header: id=32803 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=SERVER<20> rr_type=32 rr_class=1 ttl=258658 answers 0 char `...D. hex 6000C0A84401 [2006/06/20 18:16:57, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 62 to (192.168.68.22) on port 137 [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. [2006/06/20 18:16:57, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1150820217) - last(1150819908) < 900 [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:16:57, 3] smbd/process.c:check_reload(1428) Printcap cache time expired. [2006/06/20 18:16:57, 7] param/loadparm.c:lp_servicenumber(4351) lp_servicenumber: couldn't find printers [2006/06/20 18:16:57, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2006/06/20 18:16:57, 0] printing/pcap.c:pcap_cache_reload(159) Unable to open printcap file /etc/printcap for read! [2006/06/20 18:16:57, 3] printing/pcap.c:pcap_cache_reload(223) reload status: error [2006/06/20 18:16:57, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2006/06/20 18:16:57, 0] printing/pcap.c:pcap_cache_reload(159) Unable to open printcap file /etc/printcap for read! [2006/06/20 18:16:57, 3] printing/pcap.c:pcap_cache_reload(223) reload status: error [2006/06/20 18:16:57, 7] param/loadparm.c:lp_servicenumber(4351) lp_servicenumber: couldn't find printers [2006/06/20 18:16:57, 7] param/loadparm.c:lp_servicenumber(4351) lp_servicenumber: couldn't find printers [2006/06/20 18:16:57, 0] lib/util_sock.c:get_peer_addr(1225) getpeername failed. Error was Transport endpoint is not connected [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 16 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 16 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 8192 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 8192 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 16 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 16 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 8192 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 8192 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 16 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 16 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 8192 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 8192 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 16 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 16 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 8192 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 8192 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2006/06/20 18:16:57, 0] lib/util_sock.c:get_peer_addr(1225) getpeername failed. Error was Transport endpoint is not connected [2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:16:57, 3] smbd/oplock.c:init_oplocks(871) open_oplock_ipc: initializing messages. [2006/06/20 18:16:57, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(259) Linux kernel oplocks enabled [2006/06/20 18:16:57, 4] lib/time.c:TimeInit(142) TimeInit: Serverzone is -7200 [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 133 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x85 [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 0 of length 137 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [060] 32 00 2. [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBnegprot (pid 16142) conn 0x0 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:16:57, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [PC NETWORK PROGRAM 1.0] [2006/06/20 18:16:57, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN1.0] [2006/06/20 18:16:57, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [Windows for Workgroups 3.1a] [2006/06/20 18:16:57, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LM1.2X002] [2006/06/20 18:16:57, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN2.1] [2006/06/20 18:16:57, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [NT LM 0.12] [2006/06/20 18:16:57, 10] lib/util.c:set_remote_arch(2033) set_remote_arch: Client arch is 'Win2K' [2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:16:57, 5] smbd/connection.c:claim_connection(170) claiming 0 [2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:16:57, 3] smbd/negprot.c:reply_nt1(357) using SPNEGO [2006/06/20 18:16:57, 3] smbd/negprot.c:reply_negprot(579) Selected protocol NT LM 0.12 [2006/06/20 18:16:57, 5] smbd/negprot.c:reply_negprot(585) negprot index=5 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 3584 (0xE00) smb_vwv[ 8]= 63 (0x3F) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=38690 (0x9722) smb_vwv[13]=34035 (0x84F3) smb_vwv[14]=50836 (0xC694) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 73 65 72 76 65 72 00 00 00 00 00 00 00 00 00 00 server.. ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:16:57, 3] smbd/oplock.c:init_oplocks(871) open_oplock_ipc: initializing messages. [2006/06/20 18:16:57, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(259) Linux kernel oplocks enabled [2006/06/20 18:16:57, 4] lib/time.c:TimeInit(142) TimeInit: Serverzone is -7200 [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 68 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x81 of len 0x44 [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 0 of length 72 [2006/06/20 18:16:57, 2] smbd/reply.c:reply_special(490) netbios connect: name1=SERVER name2=WS035 [2006/06/20 18:16:57, 2] smbd/reply.c:reply_special(497) netbios connect: local=server remote=ws035, name type = 0 [2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:16:57, 5] smbd/reply.c:reply_special(537) init msg_type=0x81 msg_flags=0x0 [2006/06/20 18:16:57, 0] lib/util_sock.c:write_data(557) write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer [2006/06/20 18:16:57, 0] lib/util_sock.c:send_smb(765) Error writing 4 bytes to client. -1. (Connection reset by peer) [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:16:57, 2] smbd/server.c:exit_server(614) Closing connections [2006/06/20 18:16:57, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2006/06/20 18:16:57, 3] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2006/06/20 18:16:57, 3] smbd/server.c:exit_server(655) Server exit (process_smb: send_smb failed.) [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 236 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0xec [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 1 of length 240 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=236 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 236 (0xEC) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=177 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... [030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 05 01 28 0A 00 00 00 0F 00 57 00 69 00 6E ....(... ...W.i.n [050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [060] 00 32 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .2. .S.e .r.v.i.c [070] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 .e. .P.a .c.k. .2 [080] 00 20 00 32 00 36 00 30 00 30 00 00 00 57 00 69 . .2.6.0 .0...W.i [090] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [0A0] 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 00 00 .0.2. .5 ...1.... [0B0] 00 . [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBsesssetupX (pid 16142) conn 0x0 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) wct=12 flg2=0xc807 [2006/06/20 18:16:57, 2] smbd/sesssetup.c:setup_new_vc_session(772) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633) Doing spnego session setup [2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2006/06/20 18:16:57, 10] lib/util.c:set_remote_arch(2033) set_remote_arch: Client arch is 'WinXP' [2006/06/20 18:16:57, 10] smbd/password.c:register_vuid(182) register_vuid: allocated vuid = 100 [2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_spnego_negotiate(525) Got OID 1 3 6 1 4 1 311 2 2 10 [2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_spnego_negotiate(528) Got secblob of size 40 [2006/06/20 18:16:57, 5] auth/auth.c:make_auth_context_subsystem(482) Making default auth method list for DC, security=user, encrypt passwords = yes [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend rhosts [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'rhosts' [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend hostsequiv [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'hostsequiv' [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend sam [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'sam' [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend sam_ignoredomain [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'sam_ignoredomain' [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend unix [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'unix' [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend winbind [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'winbind' [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend smbserver [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'smbserver' [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend trustdomain [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'trustdomain' [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend ntdomain [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'ntdomain' [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend guest [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'guest' [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend fixed_challenge [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'fixed_challenge' [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) Attempting to register auth backend name_to_ntstatus [2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) Successfully added auth method 'name_to_ntstatus' [2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(389) load_auth_module: Attempting to find an auth method to match guest [2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(414) load_auth_module: auth method guest has a valid init [2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(389) load_auth_module: Attempting to find an auth method to match sam [2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(414) load_auth_module: auth method sam has a valid init [2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(389) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(389) load_auth_module: Attempting to find an auth method to match trustdomain [2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(414) load_auth_module: auth method trustdomain has a valid init [2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(414) load_auth_module: auth method winbind has a valid init [2006/06/20 18:16:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2006/06/20 18:16:57, 5] auth/auth.c:get_ntlm_challenge(95) auth_get_challenge: module guest did not want to specify a challenge [2006/06/20 18:16:57, 5] auth/auth.c:get_ntlm_challenge(95) auth_get_challenge: module sam did not want to specify a challenge [2006/06/20 18:16:57, 5] auth/auth.c:get_ntlm_challenge(95) auth_get_challenge: module winbind did not want to specify a challenge [2006/06/20 18:16:57, 5] auth/auth.c:get_ntlm_challenge(135) auth_context challenge created by random [2006/06/20 18:16:57, 5] auth/auth.c:get_ntlm_challenge(136) challenge is: [2006/06/20 18:16:57, 5] lib/util.c:dump_data(2058) [000] 17 02 BF 17 5A 2B 39 A0 ....Z+9. [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=300 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=64 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 205 (0xCD) smb_bcc=257 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] A1 81 CA 30 81 C7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 B1 04 81 AE 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 [030] 00 00 00 B5 82 89 60 17 02 BF 17 5A 2B 39 A0 00 ......`. ...Z+9.. [040] 00 00 00 00 00 00 00 70 00 70 00 3E 00 00 00 41 .......p .p.>...A [050] 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 02 00 0E .N.D.O.L .A.N.... [060] 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 01 .A.N.D.O .L.A.N.. [070] 00 0C 00 53 00 45 00 52 00 56 00 45 00 52 00 04 ...S.E.R .V.E.R.. [080] 00 1A 00 6D 00 75 00 6C 00 6F 00 63 00 6B 00 32 ...m.u.l .o.c.k.2 [090] 00 30 00 30 00 30 00 2E 00 6E 00 6C 00 03 00 28 .0.0.0.. .n.l...( [0A0] 00 73 00 65 00 72 00 76 00 65 00 72 00 2E 00 6D .s.e.r.v .e.r...m [0B0] 00 75 00 6C 00 6F 00 63 00 6B 00 32 00 30 00 30 .u.l.o.c .k.2.0.0 [0C0] 00 30 00 2E 00 6E 00 6C 00 00 00 00 00 55 00 6E .0...n.l .....U.n [0D0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0E0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 32 00 00 . .3...0 ...2.2.. [0F0] 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 00 .A.N.D.O .L.A.N.. [100] 00 . [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 350 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x15e [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 2 of length 354 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=350 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 350 (0x15E) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 188 (0xBC) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=291 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] A1 81 B9 30 81 B6 A2 81 B3 04 81 B0 4E 54 4C 4D ...0.... ....NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 70 00 00 00 SSP..... ....p... [020] 18 00 18 00 88 00 00 00 0E 00 0E 00 48 00 00 00 ........ ....H... [030] 10 00 10 00 56 00 00 00 0A 00 0A 00 66 00 00 00 ....V... ....f... [040] 10 00 10 00 A0 00 00 00 15 82 88 62 05 01 28 0A ........ ...b..(. [050] 00 00 00 0F 41 00 4E 00 44 00 4F 00 4C 00 41 00 ....A.N. D.O.L.A. [060] 4E 00 61 00 6E 00 64 00 6F 00 62 00 75 00 72 00 N.a.n.d. o.b.u.r. [070] 67 00 77 00 73 00 30 00 33 00 35 00 EC C8 B6 A5 g.w.s.0. 3.5..... [080] 84 3F 54 39 00 00 00 00 00 00 00 00 00 00 00 00 .?T9.... ........ [090] 00 00 00 00 34 6D 69 34 75 60 25 D4 62 0C B7 53 ....4mi4 u`%.b..S [0A0] 48 FA 54 F2 5A 14 07 C1 02 21 F3 6D 39 8A FD 42 H.T.Z... .!.m9..B [0B0] F2 92 96 A0 38 6B 76 28 B8 59 8A E7 00 57 00 69 ....8kv( .Y...W.i [0C0] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [0D0] 00 30 00 32 00 20 00 53 00 65 00 72 00 76 00 69 .0.2. .S .e.r.v.i [0E0] 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 .c.e. .P .a.c.k. [0F0] 00 32 00 20 00 32 00 36 00 30 00 30 00 00 00 57 .2. .2.6 .0.0...W [100] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 [110] 00 30 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 .0.0.2. .5...1.. [120] 00 00 00 ... [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBsesssetupX (pid 16142) conn 0x0 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) wct=12 flg2=0xc807 [2006/06/20 18:16:57, 2] smbd/sesssetup.c:setup_new_vc_session(772) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633) Doing spnego session setup [2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2006/06/20 18:16:57, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662) Got user=[andoburg] domain=[ANDOLAN] workstation=[ws035] len1=24 len2=24 [2006/06/20 18:16:57, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66) auth_context challenge set by NTLMSSP callback (NTLM2) [2006/06/20 18:16:57, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67) challenge is: [2006/06/20 18:16:57, 5] lib/util.c:dump_data(2058) [000] A5 6B D9 9D C5 B0 D2 A0 .k...... [2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:16:57, 5] auth/auth_util.c:make_user_info_map(163) make_user_info_map: Mapping user [ANDOLAN]\[andoburg] from workstation [ws035] [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:16:57, 5] auth/auth_util.c:is_trusted_domain(1665) is_trusted_domain: Checking for domain trust with [ANDOLAN] [2006/06/20 18:16:57, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(336) secrets_fetch failed! [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 10] lib/gencache.c:gencache_get(294) Cache entry with key = TDOM/ANDOLAN couldn't be found [2006/06/20 18:16:57, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain ANDOLAN found. [2006/06/20 18:16:57, 5] auth/auth_util.c:make_user_info(69) attempting to make a user_info for andoburg (andoburg) [2006/06/20 18:16:57, 5] auth/auth_util.c:make_user_info(79) making strings for andoburg's user_info struct [2006/06/20 18:16:57, 5] auth/auth_util.c:make_user_info(121) making blobs for andoburg's user_info struct [2006/06/20 18:16:57, 10] auth/auth_util.c:make_user_info(139) made an encrypted user_info for andoburg (andoburg) [2006/06/20 18:16:57, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [ANDOLAN]\[andoburg]@[ws035] with the new password interface [2006/06/20 18:16:57, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [ANDOLAN]\[andoburg]@[ws035] [2006/06/20 18:16:57, 10] auth/auth.c:check_ntlm_password(231) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2006/06/20 18:16:57, 10] auth/auth.c:check_ntlm_password(233) challenge is: [2006/06/20 18:16:57, 5] lib/util.c:dump_data(2058) [000] A5 6B D9 9D C5 B0 D2 A0 .k...... [2006/06/20 18:16:57, 10] auth/auth.c:check_ntlm_password(259) check_ntlm_password: guest had nothing to say [2006/06/20 18:16:57, 8] lib/util.c:is_myname(1879) is_myname("ANDOLAN") returns 0 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:16:57, 5] lib/smbldap.c:smbldap_search_ext(1080) smbldap_search_ext: base => [dc=andolan], filter => [(&(uid=andoburg)(objectclass=sambaSamAccount))], scope => [2] [2006/06/20 18:16:57, 5] lib/smbldap.c:smbldap_close(989) The connection to the LDAP server was closed [2006/06/20 18:16:57, 10] lib/smbldap.c:smb_ldap_setup_conn(566) smb_ldap_setup_connection: ldap://localhost [2006/06/20 18:16:57, 2] lib/smbldap.c:smbldap_open_connection(722) smbldap_open_connection: connection opened [2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_connect_system(862) ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=andolan" [2006/06/20 18:16:57, 3] lib/smbldap.c:smbldap_connect_system(905) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2006/06/20 18:16:57, 4] lib/smbldap.c:smbldap_open(969) The LDAP server is succesfully connected [2006/06/20 18:16:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640) init_sam_from_ldap: Entry found for user: andoburg [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username andoburg, was [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain ANDOLAN, was [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username andoburg, was [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) pdb_set_group_sid_from_string: setting group sid S-1-5-21-2969752157-892696647-4271518216-3003 [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-2969752157-892696647-4271518216-3003 [2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) smbldap_get_single_attribute: [sambaLogonTime] = [] [2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) smbldap_get_single_attribute: [sambaLogoffTime] = [] [2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) smbldap_get_single_attribute: [sambaKickoffTime] = [] [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name AndoBurg B.V., was [2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) smbldap_get_single_attribute: [sambaHomeDrive] = [] [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive N:, was NULL [2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) smbldap_get_single_attribute: [sambaHomePath] = [] [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\server\datamap, was [2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) smbldap_get_single_attribute: [sambaLogonScript] = [] [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script logon.cmd, was [2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) smbldap_get_single_attribute: [sambaProfilePath] = [] [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\server\tempprof, was [2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) smbldap_get_single_attribute: [description] = [] [2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) smbldap_get_single_attribute: [sambaUserWorkstations] = [] [2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) smbldap_get_single_attribute: [sambaMungedDial] = [] [2006/06/20 18:16:57, 10] lib/account_pol.c:account_policy_get(332) account_policy_get: name: password history, val: 0 [2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) smbldap_get_single_attribute: [sambaBadPasswordCount] = [] [2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) smbldap_get_single_attribute: [sambaBadPasswordTime] = [] [2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) smbldap_get_single_attribute: [sambaLogonHours] = [] [2006/06/20 18:16:57, 5] passdb/login_cache.c:login_cache_init(41) Opening cache file at /var/cache/samba/login_cache.tdb [2006/06/20 18:16:57, 7] passdb/login_cache.c:login_cache_read(83) Looking up login cache for user andoburg [2006/06/20 18:16:57, 7] passdb/login_cache.c:login_cache_read(97) No cache entry found [2006/06/20 18:16:57, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1004) No cache entry, bad count = 0, bad time = 0 [2006/06/20 18:16:57, 10] lib/account_pol.c:account_policy_get(332) account_policy_get: name: password history, val: 0 [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_username(617) pdb_set_username: setting username andoburg, was [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_domain(644) pdb_set_domain: setting domain ANDOLAN, was [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) pdb_set_nt_username: setting nt username andoburg, was [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) pdb_set_full_name: setting full name AndoBurg B.V., was [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) pdb_set_homedir: setting home dir \\server\datamap, was [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) pdb_set_dir_drive: setting dir drive N:, was NULL [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) pdb_set_logon_script: setting logon script logon.cmd, was [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) pdb_set_profile_path: setting profile path \\server\tempprof, was [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) pdb_set_workstations: setting workstations , was [2006/06/20 18:16:57, 10] lib/account_pol.c:account_policy_get(332) account_policy_get: name: password history, val: 0 [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 [2006/06/20 18:16:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 from rid 3002 [2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-2969752157-892696647-4271518216-3003 [2006/06/20 18:16:57, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-2969752157-892696647-4271518216-3003 from rid 3003 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 9] passdb/passdb.c:pdb_update_autolock_flag(2338) pdb_update_autolock_flag: Account andoburg not autolocked, no check needed [2006/06/20 18:16:57, 4] libsmb/ntlm_check.c:ntlm_password_check(326) ntlm_password_check: Checking NT MD4 password [2006/06/20 18:16:57, 4] auth/auth_sam.c:sam_account_ok(123) sam_account_ok: Checking SMB password for user andoburg [2006/06/20 18:16:57, 5] auth/auth_sam.c:logon_hours_ok(105) logon_hours_ok: user andoburg allowed to logon at this time (Tue Jun 20 18:16:57 2006 ) [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:16:57, 10] lib/system_smbd.c:sys_getgrouplist(167) sys_getgrouplist: user [andoburg] [2006/06/20 18:16:57, 10] lib/system_smbd.c:sys_getgrouplist(176) sys_getgrouplist(): disabled winbindd for group lookup [user == andoburg] [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:16:57, 8] lib/system_smbd.c:remove_duplicate_gids(49) remove_duplicate_gids: Enter 4 gids [2006/06/20 18:16:57, 8] lib/system_smbd.c:remove_duplicate_gids(67) remove_duplicate_gids: Exit 3 gids [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:16:57, 5] lib/smbldap.c:smbldap_search_ext(1080) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1001))], scope => [2] [2006/06/20 18:16:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305) ldapsam_getgroup: Did not find group [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 10] passdb/passdb.c:local_gid_to_sid(1245) local_gid_to_sid: Fall back to algorithmic mapping: 1001 -> S-1-5-21-2969752157-892696647-4271518216-3003 [2006/06/20 18:16:57, 10] passdb/lookup_sid.c:gid_to_sid(406) gid_to_sid: local 1001 -> S-1-5-21-2969752157-892696647-4271518216-3003 [2006/06/20 18:16:57, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(267) fetch sid from gid cache 0 -> S-1-5-21-2969752157-892696647-4271518216-1001 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:16:57, 5] lib/smbldap.c:smbldap_search_ext(1080) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=10001))], scope => [2] [2006/06/20 18:16:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199) init_group_from_ldap: Entry found for group: 10001 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 10] passdb/passdb.c:local_gid_to_sid(1256) local_gid_to_sid: gid (10001) -> SID S-1-5-21-2969752157-892696647-4271518216-512. [2006/06/20 18:16:57, 10] passdb/lookup_sid.c:gid_to_sid(406) gid_to_sid: local 10001 -> S-1-5-21-2969752157-892696647-4271518216-512 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2969752157-892696647-4271518216-3002] [2006/06/20 18:16:57, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2969752157-892696647-4271518216-3003] [2006/06/20 18:16:57, 5] lib/privileges.c:get_privileges_for_sids(459) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/06/20 18:16:57, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/06/20 18:16:57, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/06/20 18:16:57, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2969752157-892696647-4271518216-1001] [2006/06/20 18:16:57, 5] lib/privileges.c:get_privileges_for_sids(459) get_privileges_for_sids: sid = S-1-5-21-2969752157-892696647-4271518216-512 Privilege set: SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] lib/privileges.c:get_privileges_for_sids(459) get_privileges_for_sids: sid = S-1-5-32-544 Privilege set: SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 10] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:make_server_info_sam(898) make_server_info_sam: made server info for user andoburg -> andoburg [2006/06/20 18:16:57, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [andoburg] succeeded [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth.c:check_ntlm_password(294) check_ntlm_password: PAM Account for user [andoburg] succeeded [2006/06/20 18:16:57, 2] auth/auth.c:check_ntlm_password(307) check_ntlm_password: authentication for user [andoburg] -> [andoburg] -> [andoburg] succeeded [2006/06/20 18:16:57, 5] auth/auth_util.c:free_user_info(1485) attempting to free (and zero) a user_info structure [2006/06/20 18:16:57, 10] auth/auth_util.c:free_user_info(1488) structure was created for andoburg [2006/06/20 18:16:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(120) Got NT session key of length 16 [2006/06/20 18:16:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(127) Got LM session key of length 16 [2006/06/20 18:16:57, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(728) ntlmssp_server_auth: Created NTLM2 session key. [2006/06/20 18:16:57, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/06/20 18:16:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2006/06/20 18:16:57, 10] smbd/password.c:register_vuid(182) register_vuid: allocated vuid = 101 [2006/06/20 18:16:57, 10] lib/util_pw.c:getpwnam_alloc(98) Got andoburg from pwnam_cache [2006/06/20 18:16:57, 10] smbd/password.c:register_vuid(255) register_vuid: (1001,1001) andoburg andoburg ANDOLAN guest=0 [2006/06/20 18:16:57, 3] smbd/password.c:register_vuid(257) User name: andoburg Real name: AndoBurg B.V. [2006/06/20 18:16:57, 3] smbd/password.c:register_vuid(276) UNIX uid 1001 is UNIX user andoburg, and will be vuid 101 [2006/06/20 18:16:57, 7] param/loadparm.c:lp_servicenumber(4351) lp_servicenumber: couldn't find andoburg [2006/06/20 18:16:57, 3] smbd/password.c:register_vuid(305) Adding homes service for user 'andoburg' using home directory: '/home/andoburg' [2006/06/20 18:16:57, 7] param/loadparm.c:lp_servicenumber(4351) lp_servicenumber: couldn't find homes [2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=104 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=61 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 32 00 00 00 41 00 4E ...0...2 .2...A.N [030] 00 44 00 4F 00 4C 00 41 00 4E 00 00 00 .D.O.L.A .N... [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 78 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x4e [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 3 of length 82 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=78 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 78 (0x4E) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=35 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 52 .\.\.S.E .R.V.E.R [010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F .\.I.P.C .$...??? [020] 3F 3F 00 ??. [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBtconX (pid 16142) conn 0x0 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:16:57, 4] smbd/reply.c:reply_tcon_and_X(660) Client requested device type [?????] for share [IPC$] [2006/06/20 18:16:57, 5] smbd/service.c:make_connection(860) making a connection to 'normal' service ipc$ [2006/06/20 18:16:57, 5] lib/username.c:Get_Pwnam_alloc(290) Finding user andoburg [2006/06/20 18:16:57, 5] lib/username.c:Get_Pwnam_internals(234) Trying _Get_Pwnam(), username as lowercase is andoburg [2006/06/20 18:16:57, 10] lib/util_pw.c:getpwnam_alloc(98) Got andoburg from pwnam_cache [2006/06/20 18:16:57, 5] lib/username.c:Get_Pwnam_internals(267) Get_Pwnam_internals did find user [andoburg]! [2006/06/20 18:16:57, 3] smbd/service.c:make_connection_snum(488) Connect path is '/tmp' for service [IPC$] [2006/06/20 18:16:57, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(240) get_share_security: using default secdesc for IPC$ [2006/06/20 18:16:57, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/06/20 18:16:57, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. [2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-3003 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-1001 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2006/06/20 18:16:57, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2006/06/20 18:16:57, 3] smbd/vfs.c:vfs_init_default(216) Initialising default vfs hooks [2006/06/20 18:16:57, 5] smbd/connection.c:claim_connection(170) claiming IPC$ 0 [2006/06/20 18:16:57, 10] smbd/uid.c:is_share_read_only_for_user(127) is_share_read_only_for_user: share IPC$ is read-only for unix user andoburg [2006/06/20 18:16:57, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(240) get_share_security: using default secdesc for IPC$ [2006/06/20 18:16:57, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/06/20 18:16:57, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. [2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-3003 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-1001 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2006/06/20 18:16:57, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2006/06/20 18:16:57, 10] lib/username.c:user_in_list(570) user_in_list: checking user andoburg in list [2006/06/20 18:16:57, 10] lib/username.c:user_in_list(575) user_in_list: checking user |andoburg| against |@root| [2006/06/20 18:16:57, 5] lib/username.c:user_in_netgroup_list(346) Unable to get default yp domain [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 1001 and contains 3 supplementary groups Group[ 0]: 1001 Group[ 1]: 0 Group[ 2]: 10001 [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:16:57, 3] smbd/service.c:make_connection_snum(693) ws035 (192.168.68.22) connect to service IPC$ initially as user andoburg (uid=0, gid=1001) (pid 16142) [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_root_user(324) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:16:57, 3] smbd/reply.c:reply_tcon_and_X(708) tconX service=IPC$ [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=192 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=7 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 49 50 43 00 00 00 00 IPC.... [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 100 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x64 [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 4 of length 104 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBntcreateX (pid 16142) conn 0x83d5780 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 1001 and contains 3 supplementary groups Group[ 0]: 1001 Group[ 1]: 0 Group[ 2]: 10001 [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:16:57, 4] smbd/vfs.c:vfs_ChDir(738) vfs_ChDir to /tmp [2006/06/20 18:16:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2006/06/20 18:16:57, 4] smbd/nttrans.c:nt_open_pipe(330) nt_open_pipe: Opening pipe \lsarpc. [2006/06/20 18:16:57, 3] smbd/nttrans.c:nt_open_pipe(351) nt_open_pipe: Known pipe lsarpc opening. [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=0) [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2006/06/20 18:16:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2006/06/20 18:16:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(363) Created internal pipe lsarpc (pipes_open=0) [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 7077 (pipes_open=1) [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=7077 [2006/06/20 18:16:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) do_ntcreate_pipe_open: open pipe = \lsarpc [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=256 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=30464 (0x7700) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 136 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x88 [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 5 of length 140 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28791 (0x7077) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBwriteX (pid 16142) conn 0x83d5780 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 1001 and contains 3 supplementary groups Group[ 0]: 1001 Group[ 1]: 0 Group[ 2]: 10001 [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=7077 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=7077 (pipes_open=1) [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 7077 name: lsarpc open: Yes len: 72 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 72 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 56 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0b [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0048 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 11, flags = 3 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 56 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 11 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1495) api_pipe_bind_req: decode request. 1495 [2006/06/20 18:16:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1506) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 max_tsize: 10b8 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 max_rsize: 10b8 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 assoc_gid: 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0008 num_contexts: 01 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000c context_id : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 000e num_transfer_syntaxes: 01 [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 data : 12345778 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 data : 1234 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 data : abcd [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0018 data : ef 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 001a data : 01 23 45 67 89 ab [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 version: 00000000 [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 data : 8a885d04 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0028 data : 1ceb [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 002a data : 11c9 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002c data : 9f e8 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002e data : 08 00 2b 10 48 60 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 version: 00000002 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1548) api_pipe_bind_req: make response. 1548 [2006/06/20 18:16:57, 3] rpc_server/srv_pipe.c:check_bind_req(959) check_bind_req for \PIPE\lsarpc [2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\lsarpc [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 max_tsize: 10b8 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 max_rsize: 10b8 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 assoc_gid: 000053f0 [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 len: 000c [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000a str: \PIPE\lsass. [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0018 num_results: 01 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001c result : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001e reason : 0000 [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 data : 8a885d04 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0024 data : 1ceb [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0026 data : 11c9 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0028 data : 9f e8 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002a data : 08 00 2b 10 48 60 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 version: 00000002 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0c [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0044 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 56 [2006/06/20 18:16:57, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=7077 nwritten=72 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 59 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x3b [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 6 of length 63 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=385 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28791 (0x7077) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 16142) conn 0x83d5780 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 1001 and contains 3 supplementary groups Group[ 0]: 1001 Group[ 1]: 0 Group[ 2]: 10001 [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=7077 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=7077 (pipes_open=1) [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 7077 name: lsarpc len: 1024 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/06/20 18:16:57, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=7077 min=1024 max=1024 nread=68 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=385 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 172 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0xac [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 7 of length 176 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=449 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28791 (0x7077) smb_bcc=105 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ........ .X...... [020] 00 40 00 00 00 00 00 2C 00 D0 AE 13 00 09 00 00 .@....., ........ [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 53 00 45 ........ .\.\.S.E [040] 00 52 00 56 00 45 00 52 00 00 00 C9 11 18 00 00 .R.V.E.R ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 00 00 00 02 ........ . [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 16142) conn 0x83d5780 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 1001 and contains 3 supplementary groups Group[ 0]: 1001 Group[ 1]: 0 Group[ 2]: 10001 [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:16:57, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=88 params=0 setup=2 [2006/06/20 18:16:57, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/06/20 18:16:57, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/06/20 18:16:57, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=7077 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=7077 (pipes_open=1) [2006/06/20 18:16:57, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7077) [2006/06/20 18:16:57, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83d49f0 max_trans_reply: 1024 [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 7077 name: lsarpc open: Yes len: 88 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 88 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 72 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0058 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 72 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 72, incoming data = 72 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 00000040 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 002c [2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 70 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\lsarpc [2006/06/20 18:16:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2006/06/20 18:16:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[0].fn == 0x8123340 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol2 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 ptr : 0013aed0 [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 uni_max_len: 00000009 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 offset : 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c uni_str_len: 00000009 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 0010 buffer : \.\.S.E.R.V.E.R... [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000022 lsa_io_obj_attr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 len : 00000018 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0028 ptr_root_dir: 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 002c ptr_obj_name: 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 attributes : 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 ptr_sec_desc: 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0038 ptr_sec_qos : 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 003c des_access: 02000000 [2006/06/20 18:16:57, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. [2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-3003 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-1001 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 se_access_check: also S-1-5-32-544 [2006/06/20 18:16:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 79 1F 98 44 ........ ....y..D [010] 0E 3F 00 00 .?.. [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol2 [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000001 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000c data5: 79 1f 98 44 0e 3f 00 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0014 status: NT_STATUS_OK [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called lsarpc successfully [2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 818 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 72 [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 7077 name: lsarpc len: 1024 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0030 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000018 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2006/06/20 18:16:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=449 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 00 00 00 .....y.. D.?..... [030] 00 . [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 130 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x82 [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 8 of length 134 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=513 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28791 (0x7077) smb_bcc=63 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ [020] 00 16 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 0C 00 .....y.. D.?.... [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 16142) conn 0x83d5780 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 1001 and contains 3 supplementary groups Group[ 0]: 1001 Group[ 1]: 0 Group[ 2]: 10001 [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:16:57, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2006/06/20 18:16:57, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/06/20 18:16:57, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/06/20 18:16:57, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=7077 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=7077 (pipes_open=1) [2006/06/20 18:16:57, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7077) [2006/06/20 18:16:57, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83d49f0 max_trans_reply: 1024 [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 7077 name: lsarpc open: Yes len: 46 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 46 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 30 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 002e [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000002 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 30 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 00000016 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 002e [2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\lsarpc [2006/06/20 18:16:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: lsarpc op 0x2e - unknown [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 23 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0020 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000002 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_hdr_fault fault [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 0018 status : NT code 0x1c010002 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c reserved: 00000000 [2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 30 [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 7077 name: lsarpc len: 1024 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2006/06/20 18:16:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=513 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 130 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x82 [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 9 of length 134 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=577 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28791 (0x7077) smb_bcc=63 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 03 00 .....y.. D.?.... [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 16142) conn 0x83d5780 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 1001 and contains 3 supplementary groups Group[ 0]: 1001 Group[ 1]: 0 Group[ 2]: 10001 [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:16:57, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=46 params=0 setup=2 [2006/06/20 18:16:57, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/06/20 18:16:57, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/06/20 18:16:57, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=7077 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=7077 (pipes_open=1) [2006/06/20 18:16:57, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "lsarpc" (pnum 7077) [2006/06/20 18:16:57, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83d49f0 max_trans_reply: 1024 [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 7077 name: lsarpc open: Yes len: 46 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 46 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 30 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 002e [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000003 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 30 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 00000016 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 0007 [2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\lsarpc [2006/06/20 18:16:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2006/06/20 18:16:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[2].fn == 0x8122fe0 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000001 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000c data5: 79 1f 98 44 0e 3f 00 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 info_class: 0003 [2006/06/20 18:16:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 79 1F 98 44 ........ ....y..D [010] 0E 3F 00 00 .?.. [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 undoc_buffer: 22000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 info_class: 0003 [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_dom_query [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 uni_dom_max_len: 000e [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a uni_dom_str_len: 0010 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c buffer_dom_name: 00000001 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 buffer_dom_sid : 00000001 [2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0014 uni_max_len: 00000008 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 offset : 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c uni_str_len: 00000007 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 0020 buffer : A.N.D.O.L.A.N. [2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_dom_sid2 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 num_auths: 00000004 [2006/06/20 18:16:57, 8] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_dom_sid sid [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0034 sid_rev_num: 01 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0035 num_auths : 04 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0036 id_auth[0] : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0037 id_auth[1] : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0038 id_auth[2] : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0039 id_auth[3] : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003a id_auth[4] : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 003b id_auth[5] : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32s(959) 003c sub_auths : 00000015 b102d25d 35357847 fe9a3208 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) 004c status: NT_STATUS_OK [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called lsarpc successfully [2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 16 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 30 [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 7077 name: lsarpc len: 1024 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0068 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000003 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000050 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2006/06/20 18:16:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..104] [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=577 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .P...... ...."... [020] 00 0E 00 10 00 01 00 00 00 01 00 00 00 08 00 00 ........ ........ [030] 00 00 00 00 00 07 00 00 00 41 00 4E 00 44 00 4F ........ .A.N.D.O [040] 00 4C 00 41 00 4E 00 00 00 04 00 00 00 01 04 00 .L.A.N.. ........ [050] 00 00 00 00 05 15 00 00 00 5D D2 02 B1 47 78 35 ........ .]...Gx5 [060] 35 08 32 9A FE 00 00 00 00 5.2..... . [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 100 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x64 [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 10 of length 104 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=641 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. [010] 00 . [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBntcreateX (pid 16142) conn 0x83d5780 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 1001 and contains 3 supplementary groups Group[ 0]: 1001 Group[ 1]: 0 Group[ 2]: 10001 [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:16:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2006/06/20 18:16:57, 4] smbd/nttrans.c:nt_open_pipe(330) nt_open_pipe: Opening pipe \winreg. [2006/06/20 18:16:57, 3] smbd/nttrans.c:nt_open_pipe(351) nt_open_pipe: Known pipe winreg opening. [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested winreg (pipes_open=1) [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name lsarpc pnum=7077 [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested winreg [2006/06/20 18:16:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe winreg [2006/06/20 18:16:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe winreg [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(363) Created internal pipe winreg (pipes_open=1) [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe winreg with handle 7078 (pipes_open=2) [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name winreg pnum=7078 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=7077 [2006/06/20 18:16:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) do_ntcreate_pipe_open: open pipe = \winreg [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=641 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=30720 (0x7800) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 136 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x88 [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 11 of length 140 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=705 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28792 (0x7078) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBwriteX (pid 16142) conn 0x83d5780 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 1001 and contains 3 supplementary groups Group[ 0]: 1001 Group[ 1]: 0 Group[ 2]: 10001 [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=7078 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name winreg pnum=7078 (pipes_open=2) [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=7077 (pipes_open=2) [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 7078 name: winreg open: Yes len: 72 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 72 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 56 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0b [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0048 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 11, flags = 3 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 56 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 11 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1495) api_pipe_bind_req: decode request. 1495 [2006/06/20 18:16:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1506) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 max_tsize: 10b8 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 max_rsize: 10b8 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 assoc_gid: 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0008 num_contexts: 01 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000c context_id : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 000e num_transfer_syntaxes: 01 [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 data : 338cd001 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 data : 2244 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 data : 31f1 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0018 data : aa aa [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 001a data : 90 00 38 00 10 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 version: 00000001 [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 data : 8a885d04 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0028 data : 1ceb [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 002a data : 11c9 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002c data : 9f e8 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002e data : 08 00 2b 10 48 60 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0034 version: 00000002 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1548) api_pipe_bind_req: make response. 1548 [2006/06/20 18:16:57, 3] rpc_server/srv_pipe.c:check_bind_req(959) check_bind_req for \PIPE\winreg [2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\lsarpc [2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\lsarpc [2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\samr [2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\NETLOGON [2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\srvsvc [2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\wkssvc [2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) checking \PIPE\winreg [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0000 max_tsize: 10b8 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0002 max_rsize: 10b8 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 assoc_gid: 000053f0 [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 len: 000d [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000a str: \PIPE\winreg. [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0018 num_results: 01 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001c result : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 001e reason : 0000 [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 data : 8a885d04 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0024 data : 1ceb [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0026 data : 11c9 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 0028 data : 9f e8 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 002a data : 08 00 2b 10 48 60 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0030 version: 00000002 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 0c [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0044 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 56 [2006/06/20 18:16:57, 3] smbd/pipes.c:reply_pipe_write_and_X(207) writeX-IPC pnum=7078 nwritten=72 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=705 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 59 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x3b [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 12 of length 63 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=769 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28792 (0x7078) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBreadX (pid 16142) conn 0x83d5780 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 1001 and contains 3 supplementary groups Group[ 0]: 1001 Group[ 1]: 0 Group[ 2]: 10001 [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=7078 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name winreg pnum=7078 (pipes_open=2) [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=7077 (pipes_open=2) [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 7078 name: winreg len: 1024 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/06/20 18:16:57, 3] smbd/pipes.c:reply_pipe_read_and_X(252) readX-IPC pnum=7078 min=1024 max=1024 nread=68 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=769 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 120 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x78 [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 13 of length 124 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=833 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 36 (0x24) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28792 (0x7078) smb_bcc=53 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... [020] 00 0C 00 00 00 00 00 02 00 08 F5 64 01 28 D6 01 ........ ...d.(.. [030] 00 00 00 00 02 ..... [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 16142) conn 0x83d5780 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 1001 and contains 3 supplementary groups Group[ 0]: 1001 Group[ 1]: 0 Group[ 2]: 10001 [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:16:57, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=36 params=0 setup=2 [2006/06/20 18:16:57, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/06/20 18:16:57, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/06/20 18:16:57, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=7078 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name winreg pnum=7078 (pipes_open=2) [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=7077 (pipes_open=2) [2006/06/20 18:16:57, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 7078) [2006/06/20 18:16:57, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83d43d8 max_trans_reply: 1024 [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 7078 name: winreg open: Yes len: 36 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 36 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 20 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0024 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 20 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 0000000c [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 0002 [2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 70 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\winreg [2006/06/20 18:16:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM [2006/06/20 18:16:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[3].fn == 0x8127520 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_open_hive [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 ptr: 0164f508 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 server: d628 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 access: 02000000 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) NT user token: (NULL) [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 10] registry/reg_db.c:regdb_open(265) regdb_open: refcount reset (1) [2006/06/20 18:16:57, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM] [2006/06/20 18:16:57, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM] [2006/06/20 18:16:57, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM] [2006/06/20 18:16:57, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2006/06/20 18:16:57, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2006/06/20 18:16:57, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-5-21-2969752157-892696647-4271518216-1000. [2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-1000 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 [2006/06/20 18:16:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 79 1F 98 44 ........ ....y..D [010] 0E 3F 00 00 .?.. [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_open_hive [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000002 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000c data5: 79 1f 98 44 0e 3f 00 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_werror(792) 0014 status: WERR_OK [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called winreg successfully [2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 510 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 20 [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 7078 name: winreg len: 1024 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0030 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000001 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000018 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2006/06/20 18:16:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=833 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 00 00 00 .....y.. D.?..... [030] 00 . [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 268 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x10c [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 14 of length 272 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=268 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=897 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 184 (0xB8) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28792 (0x7078) smb_bcc=201 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 B8 00 00 00 02 00 00 ........ ........ [020] 00 A0 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 ........ ........ [030] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 6E 00 6E .....y.. D.?..n.n [040] 00 30 7A E1 76 37 00 00 00 00 00 00 00 37 00 00 .0z.v7.. .....7.. [050] 00 53 00 79 00 73 00 74 00 65 00 6D 00 5C 00 43 .S.y.s.t .e.m.\.C [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 43 00 6F .u.r.r.e .n.t.C.o [070] 00 6E 00 74 00 72 00 6F 00 6C 00 53 00 65 00 74 .n.t.r.o .l.S.e.t [080] 00 5C 00 73 00 65 00 72 00 76 00 69 00 63 00 65 .\.s.e.r .v.i.c.e [090] 00 73 00 5C 00 4E 00 65 00 74 00 6C 00 6F 00 67 .s.\.N.e .t.l.o.g [0A0] 00 6F 00 6E 00 5C 00 70 00 61 00 72 00 61 00 6D .o.n.\.p .a.r.a.m [0B0] 00 65 00 74 00 65 00 72 00 73 00 5C 00 00 00 00 .e.t.e.r .s.\.... [0C0] 00 00 00 00 00 19 00 02 00 ........ . [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 16142) conn 0x83d5780 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 1001 and contains 3 supplementary groups Group[ 0]: 1001 Group[ 1]: 0 Group[ 2]: 10001 [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:16:57, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=184 params=0 setup=2 [2006/06/20 18:16:57, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/06/20 18:16:57, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/06/20 18:16:57, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=7078 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name winreg pnum=7078 (pipes_open=2) [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=7077 (pipes_open=2) [2006/06/20 18:16:57, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 7078) [2006/06/20 18:16:57, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83d43d8 max_trans_reply: 1024 [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 7078 name: winreg open: Yes len: 184 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 184 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 184 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 184, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 168 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 168 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 00b8 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000002 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 168 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 168, incoming data = 168 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 000000a0 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 000f [2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\winreg [2006/06/20 18:16:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY [2006/06/20 18:16:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[1].fn == 0x81276c0 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_open_entry [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000002 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000c data5: 79 1f 98 44 0e 3f 00 00 [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 length: 006e [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 size: 006e [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 ptr: 76e17a30 [2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c uni_max_len: 00000037 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 offset : 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 uni_str_len: 00000037 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 0028 buffer : S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.s.e.r.v.i.c.e.s.\.N.e.t.l.o.g.o.n.\.p.a.r.a.m.e.t.e.r.s.\... [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0098 unknown_0 : 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 009c access: 00020019 [2006/06/20 18:16:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 79 1F 98 44 ........ ....y..D [010] 0E 3F 00 00 .?.. [2006/06/20 18:16:57, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (1) [2006/06/20 18:16:57, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters] [2006/06/20 18:16:57, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] [2006/06/20 18:16:57, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] [2006/06/20 18:16:57, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2006/06/20 18:16:57, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2006/06/20 18:16:57, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00020019, for NT token with 6 entries and first sid S-1-5-21-2969752157-892696647-4271518216-1000. [2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-1000 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-1001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 20019 [2006/06/20 18:16:57, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (20019) granted. [2006/06/20 18:16:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 79 1F 98 44 ........ ....y..D [010] 0E 3F 00 00 .?.. [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_open_entry [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd handle [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000003 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000c data5: 79 1f 98 44 0e 3f 00 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_werror(792) 0014 status: WERR_OK [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called winreg successfully [2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 634 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 168 [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 7078 name: winreg len: 1024 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0030 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000002 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000018 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2006/06/20 18:16:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=897 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ [020] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 00 00 00 .....y.. D.?..... [030] 00 . [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 232 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0xe8 [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 15 of length 236 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=961 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 148 (0x94) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 148 (0x94) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28792 (0x7078) smb_bcc=165 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 94 00 00 00 03 00 00 ........ ........ [020] 00 7C 00 00 00 00 00 11 00 00 00 00 00 03 00 00 .|...... ........ [030] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 2A 00 2A .....y.. D.?..*.* [040] 00 04 7A E1 76 15 00 00 00 00 00 00 00 15 00 00 ..z.v... ........ [050] 00 52 00 65 00 66 00 75 00 73 00 65 00 50 00 61 .R.e.f.u .s.e.P.a [060] 00 73 00 73 00 77 00 6F 00 72 00 64 00 43 00 68 .s.s.w.o .r.d.C.h [070] 00 61 00 6E 00 67 00 65 00 00 00 53 00 64 F5 64 .a.n.g.e ...S.d.d [080] 01 94 F5 64 01 94 F5 64 01 04 00 00 00 00 00 00 ...d...d ........ [090] 00 00 00 00 00 5C F5 64 01 04 00 00 00 54 F5 64 .....\.d .....T.d [0A0] 01 00 00 00 00 ..... [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 16142) conn 0x83d5780 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 1001 and contains 3 supplementary groups Group[ 0]: 1001 Group[ 1]: 0 Group[ 2]: 10001 [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:16:57, 3] smbd/ipc.c:reply_trans(539) trans <\PIPE\> data=148 params=0 setup=2 [2006/06/20 18:16:57, 5] smbd/ipc.c:reply_trans(560) calling named_pipe [2006/06/20 18:16:57, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2006/06/20 18:16:57, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) search for pipe pnum=7078 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name winreg pnum=7078 (pipes_open=2) [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) pipe name lsarpc pnum=7077 (pipes_open=2) [2006/06/20 18:16:57, 3] smbd/ipc.c:api_fd_reply(294) Got API command 0x26 on pipe "winreg" (pnum 7078) [2006/06/20 18:16:57, 10] smbd/ipc.c:api_fd_reply(299) api_fd_reply: p:0x83d43d8 max_trans_reply: 1024 [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) write_to_pipe: 7078 name: winreg open: Yes len: 148 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 148 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 148 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) fill_rpc_header: data_to_copy = 148, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 16 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 132 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 132 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0094 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000003 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 0 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) write_to_pipe: data_left = 132 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 132, incoming data = 132 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) process_complete_pdu: processing packet type 0 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 alloc_hint: 0000007c [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0004 context_id: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0006 opnum : 0011 [2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) Requested \PIPE\winreg [2006/06/20 18:16:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE [2006/06/20 18:16:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) api_rpc_cmds[10].fn == 0x8126f30 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_query_value [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 data1: 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 data2: 00000003 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 data3: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a data4: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) 000c data5: 79 1f 98 44 0e 3f 00 00 [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 length: 002a [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0016 size: 002a [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0018 ptr: 76e17a04 [2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c uni_max_len: 00000015 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 offset : 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 uni_str_len: 00000015 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 0028 buffer : R.e.f.u.s.e.P.a.s.s.w.o.r.d.C.h.a.n.g.e... [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0054 ptr_reserved: 0164f564 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0058 ptr_buf: 0164f594 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 005c ptr_bufsize: 0164f594 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0060 bufsize: 00000004 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0064 buf_unk: 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0068 unk1: 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 006c ptr_buflen: 0164f55c [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0070 buflen: 00000004 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0074 ptr_buflen2: 0164f554 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0078 buflen2: 00000000 [2006/06/20 18:16:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 79 1F 98 44 ........ ....y..D [010] 0E 3F 00 00 .?.. [2006/06/20 18:16:57, 7] rpc_server/srv_reg_nt.c:_reg_query_value(327) _reg_info: policy key name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters] [2006/06/20 18:16:57, 7] rpc_server/srv_reg_nt.c:_reg_query_value(328) _reg_info: policy key type = [00000000] [2006/06/20 18:16:57, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332) _reg_info: looking up value: [RefusePasswordChange] [2006/06/20 18:16:57, 8] registry/reg_frontend.c:fetch_reg_values_specific(283) fetch_reg_values_specific: Initializing cache of values for [HKLM\System\CurrentControlSet\services\Netlogon\parameters] [2006/06/20 18:16:57, 10] registry/reg_db.c:regdb_fetch_values(562) regdb_fetch_values: Looking for value of key [HKLM\System\CurrentControlSet\services\Netlogon\parameters] [2006/06/20 18:16:57, 10] lib/account_pol.c:account_policy_get(332) account_policy_get: name: refuse machine password change, val: 0 [2006/06/20 18:16:57, 10] rpc_server/srv_reg_nt.c:_reg_query_value(415) _reg_info: Testing value [RefusePasswordChange] [2006/06/20 18:16:57, 10] rpc_server/srv_reg_nt.c:_reg_query_value(417) _reg_info: Found match for value [RefusePasswordChange] [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_query_value [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0000 ptr: f000baaa [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0004 type: 00000004 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0008 ptr: f000baaa [2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000c smb_io_regval_buffer value [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c buf_max_len: 00000004 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 offset : 00000000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0014 buf_len : 00000004 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) 0018 buffer : .... [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 001c ptr: f000baaa [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0020 buf_max_len: 00000004 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0024 ptr: f000baaa [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0028 buf_len: 00000004 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_werror(792) 002c status: WERR_OK [2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) api_rpcTNP: called winreg successfully [2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) free_pipe_context: destroying talloc pool of size 90 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) write_to_pipe: data_used = 132 [2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) read_from_pipe: 7078 name: winreg len: 1024 [2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 48. [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0000 major : 05 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0001 minor : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0002 pkt_type : 02 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0003 flags : 03 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0004 pack_type0: 10 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0005 pack_type1: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0006 pack_type2: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0007 pack_type3: 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0008 frag_len : 0048 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 000a auth_len : 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 000c call_id : 00000003 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) 0010 alloc_hint: 00000030 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) 0014 context_id: 0000 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0016 cancel_ct : 00 [2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) 0017 reserved : 00 [2006/06/20 18:16:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..72] [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=961 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 05 00 02 03 10 00 00 00 48 00 00 00 03 00 00 ........ .H...... [010] 00 30 00 00 00 00 00 00 00 AA BA 00 F0 04 00 00 .0...... ........ [020] 00 AA BA 00 F0 04 00 00 00 00 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 AA BA 00 F0 04 00 00 00 AA BA 00 ........ ........ [040] F0 04 00 00 00 00 00 00 00 ........ . [2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) change_notify_timeout: -1 [2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) run_events: No events [2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) got smb length of 128 [2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) got message type 0x0 of len 0x80 [2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) Transaction 16 of length 132 [2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) [2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1025 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28792 (0x7078) smb_bcc=61 [2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 03 00 00 ........ ........ [030] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 .....y.. D.?.. [2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) switch message SMBtrans (pid 16142) conn 0x83d5780 [2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 SID[ 7]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) UNIX token of user 0 Primary group is 1001 and contains 3 supplementary groups Group[ 0]: 1001 Group[ 1]: 0 Group[ 2]: 10001 [2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) [2006/06/20 18:16:58, 10] lib/util_sock.c:read_udp_socket(289) read_udp_socket: lastip 192.168.68.22 lastport 138 read: 231 [2006/06/20 18:16:58, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 231 from (192.168.68.22) port 138 [2006/06/20 18:16:58, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() 1 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1b>", 84 ) [2006/06/20 18:16:58, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() 0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) [2006/06/20 18:16:58, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 [2006/06/20 18:16:58, 4] nmbd/nmbd_packets.c:process_dgram(1268) process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=57 [2006/06/20 18:16:58, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 192.168.68.22: code = 0x12 [2006/06/20 18:16:58, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) process_logon_packet: SAMLOGON sidsize 0, len = 57 [2006/06/20 18:16:58, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) process_logon_packet: len = 57 PTR_DIFF(q, buf) = 49 [2006/06/20 18:16:58, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) process_logon_packet: SAMLOGON sidsize 0 ntv 11 [2006/06/20 18:16:58, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) process_logon_packet: SAMLOGON user [2006/06/20 18:16:58, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) process_logon_packet: SAMLOGON request from ws035(192.168.68.22) for , returning logon svr \\SERVER domain ANDOLAN code 13 token=ffff [2006/06/20 18:16:58, 4] lib/util.c:dump_data(2058) [000] 15 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 ..\.\.S. E.R.V.E. [010] 52 00 00 00 00 00 41 00 4E 00 44 00 4F 00 4C 00 R.....A. N.D.O.L. [020] 41 00 4E 00 00 00 01 00 00 00 FF FF FF FF A.N..... ...... [2006/06/20 18:16:58, 4] nmbd/nmbd_packets.c:send_mailslot(1917) send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC501 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 [2006/06/20 18:16:58, 4] nmbd/nmbd_packets.c:debug_browse_data(100) debug_browse_data(): 0 char ..\.\.S.E.R.V.E. hex 15 00 5c 00 5c 00 53 00 45 00 52 00 56 00 45 00 10 char R.....A.N.D.O.L. hex 52 00 00 00 00 00 41 00 4e 00 44 00 4f 00 4c 00 20 char A.N........... hex 41 00 4e 00 00 00 01 00 00 00 ff ff ff ff [2006/06/20 18:16:58, 5] libsmb/nmblib.c:send_udp(777) Sending a packet of len 220 to (192.168.68.22) on port 138 [2006/06/20 18:16:58, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. [2006/06/20 18:16:58, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) announce_myself_to_domain_master_browser: t (1150820217) - last(1150819908) < 900 [2006/06/20 18:16:58, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:58, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. [2006/06/20 18:16:58, 10] lib/util_sock.c:read_udp_socket(289) read_udp_socket: lastip 192.168.68.22 lastport 138 read: 231 [2006/06/20 18:16:58, 5] libsmb/nmblib.c:read_packet(755) Received a packet of len 231 from (192.168.68.22) port 138 [2006/06/20 18:16:58, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) nmbd_subnetdb:namelist_entry_compare() 0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) [2006/06/20 18:16:58, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 [2006/06/20 18:16:58, 4] nmbd/nmbd_packets.c:process_dgram(1268) process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=57 [2006/06/20 18:16:58, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) process_logon_packet: Logon from 192.168.68.22: code = 0x12 [2006/06/20 18:16:58, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) process_logon_packet: SAMLOGON sidsize 0, len = 57 [2006/06/20 18:16:58, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) process_logon_packet: len = 57 PTR_DIFF(q, buf) = 49 [2006/06/20 18:16:58, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) process_logon_packet: SAMLOGON sidsize 0 ntv 11