The Samba-Bugzilla – Attachment 1970 Details for
Bug 3848
Join by Windows XP clients fail
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
3.0.22 level 10 log domain join by XP client
log.smbd-3.0.22-addmachinetodomain (text/plain), 214.54 KB, created by
Wilco Baan Hofman
on 2006-06-20 11:36:02 UTC
(
hide
)
Description:
3.0.22 level 10 log domain join by XP client
Filename:
MIME Type:
Creator:
Wilco Baan Hofman
Created:
2006-06-20 11:36:02 UTC
Size:
214.54 KB
patch
obsolete
>[2006/06/20 18:16:30, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:40, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. >[2006/06/20 18:16:40, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) > announce_myself_to_domain_master_browser: t (1150820190) - last(1150819908) < 900 >[2006/06/20 18:16:40, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:40, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:50, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. >[2006/06/20 18:16:50, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) > announce_myself_to_domain_master_browser: t (1150820200) - last(1150819908) < 900 >[2006/06/20 18:16:50, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) > dump_workgroups() > dump workgroup on subnet 192.168.68.1: netmask= 255.255.255.0: > ANDOLAN(1) current master browser = SERVER > SERVER 400c9b0b (AndoBurg B.V.) > WS035 40001003 () >[2006/06/20 18:16:50, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) > dump_workgroups() > dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.68.1: > ANDOLAN(1) current master browser = UNKNOWN > SERVER 40099b0b (AndoBurg B.V.) >[2006/06/20 18:16:50, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:50, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:53, 10] lib/util_sock.c:read_udp_socket(289) > read_udp_socket: lastip 192.168.68.22 lastport 138 read: 231 >[2006/06/20 18:16:53, 5] libsmb/nmblib.c:read_packet(755) > Received a packet of len 231 from (192.168.68.22) port 138 >[2006/06/20 18:16:53, 10] lib/util_sock.c:read_udp_socket(289) > read_udp_socket: lastip 192.168.68.22 lastport 138 read: 231 >[2006/06/20 18:16:53, 5] libsmb/nmblib.c:read_packet(755) > Received a packet of len 231 from (192.168.68.22) port 138 >[2006/06/20 18:16:53, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >1 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1b>", 84 ) >[2006/06/20 18:16:53, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) >[2006/06/20 18:16:53, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) > find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 >[2006/06/20 18:16:53, 4] nmbd/nmbd_packets.c:process_dgram(1268) > process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=57 >[2006/06/20 18:16:53, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) > process_logon_packet: Logon from 192.168.68.22: code = 0x12 >[2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) > process_logon_packet: SAMLOGON sidsize 0, len = 57 >[2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) > process_logon_packet: len = 57 PTR_DIFF(q, buf) = 49 >[2006/06/20 18:16:53, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) > process_logon_packet: SAMLOGON sidsize 0 ntv 11 >[2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) > process_logon_packet: SAMLOGON user >[2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) > process_logon_packet: SAMLOGON request from ws035(192.168.68.22) for , returning logon svr \\SERVER domain ANDOLAN code 13 token=ffff >[2006/06/20 18:16:53, 4] lib/util.c:dump_data(2058) > [000] 15 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 ..\.\.S. E.R.V.E. > [010] 52 00 00 00 00 00 41 00 4E 00 44 00 4F 00 4C 00 R.....A. N.D.O.L. > [020] 41 00 4E 00 00 00 01 00 00 00 FF FF FF FF A.N..... ...... >[2006/06/20 18:16:53, 4] nmbd/nmbd_packets.c:send_mailslot(1917) > send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC042 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 >[2006/06/20 18:16:53, 4] nmbd/nmbd_packets.c:debug_browse_data(100) > debug_browse_data(): > 0 char ..\.\.S.E.R.V.E. hex 15 00 5c 00 5c 00 53 00 45 00 52 00 56 00 45 00 > 10 char R.....A.N.D.O.L. hex 52 00 00 00 00 00 41 00 4e 00 44 00 4f 00 4c 00 > 20 char A.N........... hex 41 00 4e 00 00 00 01 00 00 00 ff ff ff ff >[2006/06/20 18:16:53, 5] libsmb/nmblib.c:send_udp(777) > Sending a packet of len 220 to (192.168.68.22) on port 138 >[2006/06/20 18:16:53, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) >[2006/06/20 18:16:53, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) > find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 >[2006/06/20 18:16:53, 4] nmbd/nmbd_packets.c:process_dgram(1268) > process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=57 >[2006/06/20 18:16:53, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) > process_logon_packet: Logon from 192.168.68.22: code = 0x12 >[2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) > process_logon_packet: SAMLOGON sidsize 0, len = 57 >[2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) > process_logon_packet: len = 57 PTR_DIFF(q, buf) = 49 >[2006/06/20 18:16:53, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) > process_logon_packet: SAMLOGON sidsize 0 ntv 11 >[2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) > process_logon_packet: SAMLOGON user >[2006/06/20 18:16:53, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) > process_logon_packet: SAMLOGON request from ws035(192.168.68.22) for , returning logon svr \\SERVER domain ANDOLAN code 13 token=ffff >[2006/06/20 18:16:53, 4] lib/util.c:dump_data(2058) > [000] 15 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 ..\.\.S. E.R.V.E. > [010] 52 00 00 00 00 00 41 00 4E 00 44 00 4F 00 4C 00 R.....A. N.D.O.L. > [020] 41 00 4E 00 00 00 01 00 00 00 FF FF FF FF A.N..... ...... >[2006/06/20 18:16:53, 4] nmbd/nmbd_packets.c:send_mailslot(1917) > send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC042 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 >[2006/06/20 18:16:53, 4] nmbd/nmbd_packets.c:debug_browse_data(100) > debug_browse_data(): > 0 char ..\.\.S.E.R.V.E. hex 15 00 5c 00 5c 00 53 00 45 00 52 00 56 00 45 00 > 10 char R.....A.N.D.O.L. hex 52 00 00 00 00 00 41 00 4e 00 44 00 4f 00 4c 00 > 20 char A.N........... hex 41 00 4e 00 00 00 01 00 00 00 ff ff ff ff >[2006/06/20 18:16:53, 5] libsmb/nmblib.c:send_udp(777) > Sending a packet of len 220 to (192.168.68.22) on port 138 >[2006/06/20 18:16:53, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. >[2006/06/20 18:16:53, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) > announce_myself_to_domain_master_browser: t (1150820210) - last(1150819908) < 900 >[2006/06/20 18:16:53, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) > dump_workgroups() > dump workgroup on subnet 192.168.68.1: netmask= 255.255.255.0: > ANDOLAN(1) current master browser = SERVER > SERVER 400c9b0b (AndoBurg B.V.) > WS035 40001003 () >[2006/06/20 18:16:53, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) > dump_workgroups() > dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.68.1: > ANDOLAN(1) current master browser = UNKNOWN > SERVER 40099b0b (AndoBurg B.V.) >[2006/06/20 18:16:53, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:53, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_udp_socket(289) > read_udp_socket: lastip 192.168.68.22 lastport 138 read: 231 >[2006/06/20 18:16:57, 5] libsmb/nmblib.c:read_packet(755) > Received a packet of len 231 from (192.168.68.22) port 138 >[2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) >[2006/06/20 18:16:57, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) > find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:process_dgram(1268) > process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=57 >[2006/06/20 18:16:57, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) > process_logon_packet: Logon from 192.168.68.22: code = 0x12 >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) > process_logon_packet: SAMLOGON sidsize 0, len = 57 >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) > process_logon_packet: len = 57 PTR_DIFF(q, buf) = 49 >[2006/06/20 18:16:57, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) > process_logon_packet: SAMLOGON sidsize 0 ntv 11 >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) > process_logon_packet: SAMLOGON user >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) > process_logon_packet: SAMLOGON request from ws035(192.168.68.22) for , returning logon svr \\SERVER domain ANDOLAN code 13 token=ffff >[2006/06/20 18:16:57, 4] lib/util.c:dump_data(2058) > [000] 15 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 ..\.\.S. E.R.V.E. > [010] 52 00 00 00 00 00 41 00 4E 00 44 00 4F 00 4C 00 R.....A. N.D.O.L. > [020] 41 00 4E 00 00 00 01 00 00 00 FF FF FF FF A.N..... ...... >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:send_mailslot(1917) > send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC468 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:debug_browse_data(100) > debug_browse_data(): > 0 char ..\.\.S.E.R.V.E. hex 15 00 5c 00 5c 00 53 00 45 00 52 00 56 00 45 00 > 10 char R.....A.N.D.O.L. hex 52 00 00 00 00 00 41 00 4e 00 44 00 4f 00 4c 00 > 20 char A.N........... hex 41 00 4e 00 00 00 01 00 00 00 ff ff ff ff >[2006/06/20 18:16:57, 5] libsmb/nmblib.c:send_udp(777) > Sending a packet of len 220 to (192.168.68.22) on port 138 >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. >[2006/06/20 18:16:57, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) > announce_myself_to_domain_master_browser: t (1150820213) - last(1150819908) < 900 >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_udp_socket(289) > read_udp_socket: lastip 192.168.68.22 lastport 138 read: 231 >[2006/06/20 18:16:57, 5] libsmb/nmblib.c:read_packet(755) > Received a packet of len 231 from (192.168.68.22) port 138 >[2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) >[2006/06/20 18:16:57, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) > find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:process_dgram(1268) > process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=57 >[2006/06/20 18:16:57, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) > process_logon_packet: Logon from 192.168.68.22: code = 0x12 >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) > process_logon_packet: SAMLOGON sidsize 0, len = 57 >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) > process_logon_packet: len = 57 PTR_DIFF(q, buf) = 49 >[2006/06/20 18:16:57, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) > process_logon_packet: SAMLOGON sidsize 0 ntv 11 >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) > process_logon_packet: SAMLOGON user >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) > process_logon_packet: SAMLOGON request from ws035(192.168.68.22) for , returning logon svr \\SERVER domain ANDOLAN code 13 token=ffff >[2006/06/20 18:16:57, 4] lib/util.c:dump_data(2058) > [000] 15 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 ..\.\.S. E.R.V.E. > [010] 52 00 00 00 00 00 41 00 4E 00 44 00 4F 00 4C 00 R.....A. N.D.O.L. > [020] 41 00 4E 00 00 00 01 00 00 00 FF FF FF FF A.N..... ...... >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:send_mailslot(1917) > send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC468 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:debug_browse_data(100) > debug_browse_data(): > 0 char ..\.\.S.E.R.V.E. hex 15 00 5c 00 5c 00 53 00 45 00 52 00 56 00 45 00 > 10 char R.....A.N.D.O.L. hex 52 00 00 00 00 00 41 00 4e 00 44 00 4f 00 4c 00 > 20 char A.N........... hex 41 00 4e 00 00 00 01 00 00 00 ff ff ff ff >[2006/06/20 18:16:57, 5] libsmb/nmblib.c:send_udp(777) > Sending a packet of len 220 to (192.168.68.22) on port 138 >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. >[2006/06/20 18:16:57, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) > announce_myself_to_domain_master_browser: t (1150820217) - last(1150819908) < 900 >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) > dump_workgroups() > dump workgroup on subnet 192.168.68.1: netmask= 255.255.255.0: > ANDOLAN(1) current master browser = SERVER > SERVER 400c9b0b (AndoBurg B.V.) > WS035 40001003 () >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) > dump_workgroups() > dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.68.1: > ANDOLAN(1) current master browser = UNKNOWN > SERVER 40099b0b (AndoBurg B.V.) >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_udp_socket(289) > read_udp_socket: lastip 192.168.68.22 lastport 138 read: 243 >[2006/06/20 18:16:57, 5] libsmb/nmblib.c:read_packet(755) > Received a packet of len 243 from (192.168.68.22) port 138 >[2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) >[2006/06/20 18:16:57, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) > find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:process_dgram(1268) > process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=69 >[2006/06/20 18:16:57, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) > process_logon_packet: Logon from 192.168.68.22: code = 0x12 >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) > process_logon_packet: SAMLOGON sidsize 0, len = 69 >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) > process_logon_packet: len = 69 PTR_DIFF(q, buf) = 61 >[2006/06/20 18:16:57, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) > process_logon_packet: SAMLOGON sidsize 0 ntv 11 >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) > process_logon_packet: SAMLOGON user ws035$ >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) > process_logon_packet: SAMLOGON request from ws035(192.168.68.22) for ws035$, returning logon svr \\SERVER domain ANDOLAN code 13 token=ffff >[2006/06/20 18:16:57, 4] lib/util.c:dump_data(2058) > [000] 13 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 ..\.\.S. E.R.V.E. > [010] 52 00 00 00 77 00 73 00 30 00 33 00 35 00 24 00 R...w.s. 0.3.5.$. > [020] 00 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 ..A.N.D. O.L.A.N. > [030] 00 00 01 00 00 00 FF FF FF FF ........ .. >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:send_mailslot(1917) > send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC335 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:debug_browse_data(100) > debug_browse_data(): > 0 char ..\.\.S.E.R.V.E. hex 13 00 5c 00 5c 00 53 00 45 00 52 00 56 00 45 00 > 10 char R...w.s.0.3.5.$. hex 52 00 00 00 77 00 73 00 30 00 33 00 35 00 24 00 > 20 char ..A.N.D.O.L.A.N. hex 00 00 41 00 4e 00 44 00 4f 00 4c 00 41 00 4e 00 > 30 char .......... hex 00 00 01 00 00 00 ff ff ff ff >[2006/06/20 18:16:57, 5] libsmb/nmblib.c:send_udp(777) > Sending a packet of len 232 to (192.168.68.22) on port 138 >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. >[2006/06/20 18:16:57, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) > announce_myself_to_domain_master_browser: t (1150820217) - last(1150819908) < 900 >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_udp_socket(289) > read_udp_socket: lastip 192.168.68.22 lastport 138 read: 243 >[2006/06/20 18:16:57, 5] libsmb/nmblib.c:read_packet(755) > Received a packet of len 243 from (192.168.68.22) port 138 >[2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) >[2006/06/20 18:16:57, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) > find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:process_dgram(1268) > process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=69 >[2006/06/20 18:16:57, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) > process_logon_packet: Logon from 192.168.68.22: code = 0x12 >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) > process_logon_packet: SAMLOGON sidsize 0, len = 69 >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) > process_logon_packet: len = 69 PTR_DIFF(q, buf) = 61 >[2006/06/20 18:16:57, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) > process_logon_packet: SAMLOGON sidsize 0 ntv 11 >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) > process_logon_packet: SAMLOGON user ws035$ >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) > process_logon_packet: SAMLOGON request from ws035(192.168.68.22) for ws035$, returning logon svr \\SERVER domain ANDOLAN code 13 token=ffff >[2006/06/20 18:16:57, 4] lib/util.c:dump_data(2058) > [000] 13 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 ..\.\.S. E.R.V.E. > [010] 52 00 00 00 77 00 73 00 30 00 33 00 35 00 24 00 R...w.s. 0.3.5.$. > [020] 00 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 ..A.N.D. O.L.A.N. > [030] 00 00 01 00 00 00 FF FF FF FF ........ .. >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:send_mailslot(1917) > send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC335 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:debug_browse_data(100) > debug_browse_data(): > 0 char ..\.\.S.E.R.V.E. hex 13 00 5c 00 5c 00 53 00 45 00 52 00 56 00 45 00 > 10 char R...w.s.0.3.5.$. hex 52 00 00 00 77 00 73 00 30 00 33 00 35 00 24 00 > 20 char ..A.N.D.O.L.A.N. hex 00 00 41 00 4e 00 44 00 4f 00 4c 00 41 00 4e 00 > 30 char .......... hex 00 00 01 00 00 00 ff ff ff ff >[2006/06/20 18:16:57, 5] libsmb/nmblib.c:send_udp(777) > Sending a packet of len 232 to (192.168.68.22) on port 138 >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. >[2006/06/20 18:16:57, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) > announce_myself_to_domain_master_browser: t (1150820217) - last(1150819908) < 900 >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_udp_socket(289) > read_udp_socket: lastip 192.168.68.22 lastport 138 read: 226 >[2006/06/20 18:16:57, 5] libsmb/nmblib.c:read_packet(755) > Received a packet of len 226 from (192.168.68.22) port 138 >[2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >-1 == memcmp( "ANDOLAN<1b>", "ANDOLAN<1c>", 84 ) >[2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >0 == memcmp( "ANDOLAN<1b>", "ANDOLAN<1b>", 84 ) >[2006/06/20 18:16:57, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) > find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1b> source=2 >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:process_dgram(1268) > process_dgram: datagram from WS035<00> to ANDOLAN<1b> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 7 len=52 >[2006/06/20 18:16:57, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) > process_logon_packet: Logon from 192.168.68.22: code = 0x7 >[2006/06/20 18:16:57, 5] nmbd/nmbd_processlogon.c:process_logon_packet(258) > process_logon_packet: GETDC request from WS035 at IP 192.168.68.22, reporting SERVER domain ANDOLAN 0xc ntversion=b lm_nt token=ffff lm_20 token=ffff >[2006/06/20 18:16:57, 4] lib/util.c:dump_data(2058) > [000] 0C 00 53 45 52 56 45 52 00 00 53 00 45 00 52 00 ..SERVER ..S.E.R. > [010] 56 00 45 00 52 00 00 00 41 00 4E 00 44 00 4F 00 V.E.R... A.N.D.O. > [020] 4C 00 41 00 4E 00 00 00 01 00 00 00 FF FF FF FF L.A.N... ........ >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:send_mailslot(1917) > send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC335 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:debug_browse_data(100) > debug_browse_data(): > 0 char ..SERVER..S.E.R. hex 0c 00 53 45 52 56 45 52 00 00 53 00 45 00 52 00 > 10 char V.E.R...A.N.D.O. hex 56 00 45 00 52 00 00 00 41 00 4e 00 44 00 4f 00 > 20 char L.A.N........... hex 4c 00 41 00 4e 00 00 00 01 00 00 00 ff ff ff ff >[2006/06/20 18:16:57, 5] libsmb/nmblib.c:send_udp(777) > Sending a packet of len 222 to (192.168.68.22) on port 138 >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. >[2006/06/20 18:16:57, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) > announce_myself_to_domain_master_browser: t (1150820217) - last(1150819908) < 900 >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_udp_socket(289) > read_udp_socket: lastip 192.168.68.22 lastport 137 read: 50 >[2006/06/20 18:16:57, 10] libsmb/nmblib.c:parse_nmb(506) > parse_nmb: packet id = 32803 >[2006/06/20 18:16:57, 5] libsmb/nmblib.c:read_packet(755) > Received a packet of len 50 from (192.168.68.22) port 137 >[2006/06/20 18:16:57, 4] libsmb/nmblib.c:debug_nmb_packet(112) > nmb packet from 192.168.68.22(137) header: id=32803 opcode=Query(0) response=No > header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=No > header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 > question: q_name=SERVER<20> q_type=32 q_class=1 >[2006/06/20 18:16:57, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1513) > wins_process_name_query: name query for name SERVER<20> from IP 192.168.68.22 >[2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >1 == memcmp( "SERVER<20>", "ANDOLAN<00>", 84 ) >[2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >-1 == memcmp( "SERVER<20>", "WS035<00>", 84 ) >[2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >1 == memcmp( "SERVER<20>", "ANDOLAN<1b>", 84 ) >[2006/06/20 18:16:57, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >0 == memcmp( "SERVER<20>", "SERVER<20>", 84 ) >[2006/06/20 18:16:57, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) > find_name_on_subnet: on subnet WINS_SERVER_SUBNET - found name SERVER<20> source=1 >[2006/06/20 18:16:57, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1565) > wins_process_name_query: name query for name SERVER<20> returning first IP 192.168.68.1. >[2006/06/20 18:16:57, 4] nmbd/nmbd_packets.c:reply_netbios_packet(938) > reply_netbios_packet: sending a reply of packet type: wins_query SERVER<20> to ip 192.168.68.22 for id 32803 >[2006/06/20 18:16:57, 4] libsmb/nmblib.c:debug_nmb_packet(112) > nmb packet from 192.168.68.22(137) header: id=32803 opcode=Query(0) response=Yes > header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes > header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 > answers: nmb_name=SERVER<20> rr_type=32 rr_class=1 ttl=258658 > answers 0 char `...D. hex 6000C0A84401 >[2006/06/20 18:16:57, 5] libsmb/nmblib.c:send_udp(777) > Sending a packet of len 62 to (192.168.68.22) on port 137 >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. >[2006/06/20 18:16:57, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) > announce_myself_to_domain_master_browser: t (1150820217) - last(1150819908) < 900 >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:57, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:16:57, 3] smbd/process.c:check_reload(1428) > Printcap cache time expired. >[2006/06/20 18:16:57, 7] param/loadparm.c:lp_servicenumber(4351) > lp_servicenumber: couldn't find printers >[2006/06/20 18:16:57, 3] printing/pcap.c:pcap_cache_reload(117) > reloading printcap cache >[2006/06/20 18:16:57, 0] printing/pcap.c:pcap_cache_reload(159) > Unable to open printcap file /etc/printcap for read! >[2006/06/20 18:16:57, 3] printing/pcap.c:pcap_cache_reload(223) > reload status: error >[2006/06/20 18:16:57, 3] printing/pcap.c:pcap_cache_reload(117) > reloading printcap cache >[2006/06/20 18:16:57, 0] printing/pcap.c:pcap_cache_reload(159) > Unable to open printcap file /etc/printcap for read! >[2006/06/20 18:16:57, 3] printing/pcap.c:pcap_cache_reload(223) > reload status: error >[2006/06/20 18:16:57, 7] param/loadparm.c:lp_servicenumber(4351) > lp_servicenumber: couldn't find printers >[2006/06/20 18:16:57, 7] param/loadparm.c:lp_servicenumber(4351) > lp_servicenumber: couldn't find printers >[2006/06/20 18:16:57, 0] lib/util_sock.c:get_peer_addr(1225) > getpeername failed. Error was Transport endpoint is not connected >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 16 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 16 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 8192 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 8192 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 16 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 16 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 8192 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 8192 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 16 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 16 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 8192 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 8192 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 16 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 16 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 8192 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 8192 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2006/06/20 18:16:57, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2006/06/20 18:16:57, 0] lib/util_sock.c:get_peer_addr(1225) > getpeername failed. Error was Transport endpoint is not connected >[2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:16:57, 3] smbd/oplock.c:init_oplocks(871) > open_oplock_ipc: initializing messages. >[2006/06/20 18:16:57, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(259) > Linux kernel oplocks enabled >[2006/06/20 18:16:57, 4] lib/time.c:TimeInit(142) > TimeInit: Serverzone is -7200 >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 133 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x85 >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 0 of length 137 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=133 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51283 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=98 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 > [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for > [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. > [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM > [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 > [060] 32 00 2. >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBnegprot (pid 16142) conn 0x0 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:16:57, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2006/06/20 18:16:57, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LANMAN1.0] >[2006/06/20 18:16:57, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [Windows for Workgroups 3.1a] >[2006/06/20 18:16:57, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LM1.2X002] >[2006/06/20 18:16:57, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LANMAN2.1] >[2006/06/20 18:16:57, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [NT LM 0.12] >[2006/06/20 18:16:57, 10] lib/util.c:set_remote_arch(2033) > set_remote_arch: Client arch is 'Win2K' >[2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:16:57, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:16:57, 3] smbd/negprot.c:reply_nt1(357) > using SPNEGO >[2006/06/20 18:16:57, 3] smbd/negprot.c:reply_negprot(579) > Selected protocol NT LM 0.12 >[2006/06/20 18:16:57, 5] smbd/negprot.c:reply_negprot(585) > negprot index=5 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=17 > smb_vwv[ 0]= 5 (0x5) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]= 3584 (0xE00) > smb_vwv[ 8]= 63 (0x3F) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=32995 (0x80E3) > smb_vwv[11]=32896 (0x8080) > smb_vwv[12]=38690 (0x9722) > smb_vwv[13]=34035 (0x84F3) > smb_vwv[14]=50836 (0xC694) > smb_vwv[15]=34817 (0x8801) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 73 65 72 76 65 72 00 00 00 00 00 00 00 00 00 00 server.. ........ > [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:16:57, 3] smbd/oplock.c:init_oplocks(871) > open_oplock_ipc: initializing messages. >[2006/06/20 18:16:57, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(259) > Linux kernel oplocks enabled >[2006/06/20 18:16:57, 4] lib/time.c:TimeInit(142) > TimeInit: Serverzone is -7200 >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 68 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x81 of len 0x44 >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 0 of length 72 >[2006/06/20 18:16:57, 2] smbd/reply.c:reply_special(490) > netbios connect: name1=SERVER name2=WS035 >[2006/06/20 18:16:57, 2] smbd/reply.c:reply_special(497) > netbios connect: local=server remote=ws035, name type = 0 >[2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:16:57, 5] smbd/reply.c:reply_special(537) > init msg_type=0x81 msg_flags=0x0 >[2006/06/20 18:16:57, 0] lib/util_sock.c:write_data(557) > write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer >[2006/06/20 18:16:57, 0] lib/util_sock.c:send_smb(765) > Error writing 4 bytes to client. -1. (Connection reset by peer) >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:16:57, 2] smbd/server.c:exit_server(614) > Closing connections >[2006/06/20 18:16:57, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2006/06/20 18:16:57, 3] smbd/connection.c:yield_connection(76) > yield_connection: tdb_delete for name failed with error Record does not exist. >[2006/06/20 18:16:57, 3] smbd/server.c:exit_server(655) > Server exit (process_smb: send_smb failed.) >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 236 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xec >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 1 of length 240 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=236 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=64 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 236 (0xEC) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 74 (0x4A) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=177 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. > [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* > [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... > [030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 05 01 28 0A 00 00 00 0F 00 57 00 69 00 6E ....(... ...W.i.n > [050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 > [060] 00 32 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .2. .S.e .r.v.i.c > [070] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 .e. .P.a .c.k. .2 > [080] 00 20 00 32 00 36 00 30 00 30 00 00 00 57 00 69 . .2.6.0 .0...W.i > [090] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 > [0A0] 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 00 00 .0.2. .5 ...1.... > [0B0] 00 . >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBsesssetupX (pid 16142) conn 0x0 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) > wct=12 flg2=0xc807 >[2006/06/20 18:16:57, 2] smbd/sesssetup.c:setup_new_vc_session(772) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633) > Doing spnego session setup >[2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664) > NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] >[2006/06/20 18:16:57, 10] lib/util.c:set_remote_arch(2033) > set_remote_arch: Client arch is 'WinXP' >[2006/06/20 18:16:57, 10] smbd/password.c:register_vuid(182) > register_vuid: allocated vuid = 100 >[2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_spnego_negotiate(525) > Got OID 1 3 6 1 4 1 311 2 2 10 >[2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_spnego_negotiate(528) > Got secblob of size 40 >[2006/06/20 18:16:57, 5] auth/auth.c:make_auth_context_subsystem(482) > Making default auth method list for DC, security=user, encrypt passwords = yes >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend rhosts >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'rhosts' >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend hostsequiv >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'hostsequiv' >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam' >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam_ignoredomain >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam_ignoredomain' >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend unix >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'unix' >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend winbind >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'winbind' >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend smbserver >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'smbserver' >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend trustdomain >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'trustdomain' >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend ntdomain >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'ntdomain' >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend guest >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'guest' >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend fixed_challenge >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'fixed_challenge' >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend name_to_ntstatus >[2006/06/20 18:16:57, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'name_to_ntstatus' >[2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match guest >[2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method guest has a valid init >[2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match sam >[2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method sam has a valid init >[2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match winbind:trustdomain >[2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match trustdomain >[2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method trustdomain has a valid init >[2006/06/20 18:16:57, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method winbind has a valid init >[2006/06/20 18:16:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0xe2088297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >[2006/06/20 18:16:57, 5] auth/auth.c:get_ntlm_challenge(95) > auth_get_challenge: module guest did not want to specify a challenge >[2006/06/20 18:16:57, 5] auth/auth.c:get_ntlm_challenge(95) > auth_get_challenge: module sam did not want to specify a challenge >[2006/06/20 18:16:57, 5] auth/auth.c:get_ntlm_challenge(95) > auth_get_challenge: module winbind did not want to specify a challenge >[2006/06/20 18:16:57, 5] auth/auth.c:get_ntlm_challenge(135) > auth_context challenge created by random >[2006/06/20 18:16:57, 5] auth/auth.c:get_ntlm_challenge(136) > challenge is: >[2006/06/20 18:16:57, 5] lib/util.c:dump_data(2058) > [000] 17 02 BF 17 5A 2B 39 A0 ....Z+9. >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=300 > smb_com=0x73 > smb_rcls=22 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=64 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 205 (0xCD) > smb_bcc=257 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] A1 81 CA 30 81 C7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ > [010] 06 01 04 01 82 37 02 02 0A A2 81 B1 04 81 AE 4E .....7.. .......N > [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 > [030] 00 00 00 B5 82 89 60 17 02 BF 17 5A 2B 39 A0 00 ......`. ...Z+9.. > [040] 00 00 00 00 00 00 00 70 00 70 00 3E 00 00 00 41 .......p .p.>...A > [050] 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 02 00 0E .N.D.O.L .A.N.... > [060] 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 01 .A.N.D.O .L.A.N.. > [070] 00 0C 00 53 00 45 00 52 00 56 00 45 00 52 00 04 ...S.E.R .V.E.R.. > [080] 00 1A 00 6D 00 75 00 6C 00 6F 00 63 00 6B 00 32 ...m.u.l .o.c.k.2 > [090] 00 30 00 30 00 30 00 2E 00 6E 00 6C 00 03 00 28 .0.0.0.. .n.l...( > [0A0] 00 73 00 65 00 72 00 76 00 65 00 72 00 2E 00 6D .s.e.r.v .e.r...m > [0B0] 00 75 00 6C 00 6F 00 63 00 6B 00 32 00 30 00 30 .u.l.o.c .k.2.0.0 > [0C0] 00 30 00 2E 00 6E 00 6C 00 00 00 00 00 55 00 6E .0...n.l .....U.n > [0D0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a > [0E0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 32 00 00 . .3...0 ...2.2.. > [0F0] 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 00 .A.N.D.O .L.A.N.. > [100] 00 . >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 350 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x15e >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 2 of length 354 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=350 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=128 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 350 (0x15E) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 188 (0xBC) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=291 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] A1 81 B9 30 81 B6 A2 81 B3 04 81 B0 4E 54 4C 4D ...0.... ....NTLM > [010] 53 53 50 00 03 00 00 00 18 00 18 00 70 00 00 00 SSP..... ....p... > [020] 18 00 18 00 88 00 00 00 0E 00 0E 00 48 00 00 00 ........ ....H... > [030] 10 00 10 00 56 00 00 00 0A 00 0A 00 66 00 00 00 ....V... ....f... > [040] 10 00 10 00 A0 00 00 00 15 82 88 62 05 01 28 0A ........ ...b..(. > [050] 00 00 00 0F 41 00 4E 00 44 00 4F 00 4C 00 41 00 ....A.N. D.O.L.A. > [060] 4E 00 61 00 6E 00 64 00 6F 00 62 00 75 00 72 00 N.a.n.d. o.b.u.r. > [070] 67 00 77 00 73 00 30 00 33 00 35 00 EC C8 B6 A5 g.w.s.0. 3.5..... > [080] 84 3F 54 39 00 00 00 00 00 00 00 00 00 00 00 00 .?T9.... ........ > [090] 00 00 00 00 34 6D 69 34 75 60 25 D4 62 0C B7 53 ....4mi4 u`%.b..S > [0A0] 48 FA 54 F2 5A 14 07 C1 02 21 F3 6D 39 8A FD 42 H.T.Z... .!.m9..B > [0B0] F2 92 96 A0 38 6B 76 28 B8 59 8A E7 00 57 00 69 ....8kv( .Y...W.i > [0C0] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 > [0D0] 00 30 00 32 00 20 00 53 00 65 00 72 00 76 00 69 .0.2. .S .e.r.v.i > [0E0] 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 .c.e. .P .a.c.k. > [0F0] 00 32 00 20 00 32 00 36 00 30 00 30 00 00 00 57 .2. .2.6 .0.0...W > [100] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 > [110] 00 30 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 .0.0.2. .5...1.. > [120] 00 00 00 ... >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBsesssetupX (pid 16142) conn 0x0 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) > wct=12 flg2=0xc807 >[2006/06/20 18:16:57, 2] smbd/sesssetup.c:setup_new_vc_session(772) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633) > Doing spnego session setup >[2006/06/20 18:16:57, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664) > NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] >[2006/06/20 18:16:57, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662) > Got user=[andoburg] domain=[ANDOLAN] workstation=[ws035] len1=24 len2=24 >[2006/06/20 18:16:57, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66) > auth_context challenge set by NTLMSSP callback (NTLM2) >[2006/06/20 18:16:57, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67) > challenge is: >[2006/06/20 18:16:57, 5] lib/util.c:dump_data(2058) > [000] A5 6B D9 9D C5 B0 D2 A0 .k...... >[2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:16:57, 5] auth/auth_util.c:make_user_info_map(163) > make_user_info_map: Mapping user [ANDOLAN]\[andoburg] from workstation [ws035] >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:16:57, 5] auth/auth_util.c:is_trusted_domain(1665) > is_trusted_domain: Checking for domain trust with [ANDOLAN] >[2006/06/20 18:16:57, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(336) > secrets_fetch failed! >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 10] lib/gencache.c:gencache_get(294) > Cache entry with key = TDOM/ANDOLAN couldn't be found >[2006/06/20 18:16:57, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) > no entry for trusted domain ANDOLAN found. >[2006/06/20 18:16:57, 5] auth/auth_util.c:make_user_info(69) > attempting to make a user_info for andoburg (andoburg) >[2006/06/20 18:16:57, 5] auth/auth_util.c:make_user_info(79) > making strings for andoburg's user_info struct >[2006/06/20 18:16:57, 5] auth/auth_util.c:make_user_info(121) > making blobs for andoburg's user_info struct >[2006/06/20 18:16:57, 10] auth/auth_util.c:make_user_info(139) > made an encrypted user_info for andoburg (andoburg) >[2006/06/20 18:16:57, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user [ANDOLAN]\[andoburg]@[ws035] with the new password interface >[2006/06/20 18:16:57, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: [ANDOLAN]\[andoburg]@[ws035] >[2006/06/20 18:16:57, 10] auth/auth.c:check_ntlm_password(231) > check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) >[2006/06/20 18:16:57, 10] auth/auth.c:check_ntlm_password(233) > challenge is: >[2006/06/20 18:16:57, 5] lib/util.c:dump_data(2058) > [000] A5 6B D9 9D C5 B0 D2 A0 .k...... >[2006/06/20 18:16:57, 10] auth/auth.c:check_ntlm_password(259) > check_ntlm_password: guest had nothing to say >[2006/06/20 18:16:57, 8] lib/util.c:is_myname(1879) > is_myname("ANDOLAN") returns 0 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:16:57, 5] lib/smbldap.c:smbldap_search_ext(1080) > smbldap_search_ext: base => [dc=andolan], filter => [(&(uid=andoburg)(objectclass=sambaSamAccount))], scope => [2] >[2006/06/20 18:16:57, 5] lib/smbldap.c:smbldap_close(989) > The connection to the LDAP server was closed >[2006/06/20 18:16:57, 10] lib/smbldap.c:smb_ldap_setup_conn(566) > smb_ldap_setup_connection: ldap://localhost >[2006/06/20 18:16:57, 2] lib/smbldap.c:smbldap_open_connection(722) > smbldap_open_connection: connection opened >[2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_connect_system(862) > ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=andolan" >[2006/06/20 18:16:57, 3] lib/smbldap.c:smbldap_connect_system(905) > ldap_connect_system: succesful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2006/06/20 18:16:57, 4] lib/smbldap.c:smbldap_open(969) > The LDAP server is succesfully connected >[2006/06/20 18:16:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640) > init_sam_from_ldap: Entry found for user: andoburg >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username andoburg, was >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain ANDOLAN, was >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username andoburg, was >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(557) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_group_sid_from_string(592) > pdb_set_group_sid_from_string: setting group sid S-1-5-21-2969752157-892696647-4271518216-3003 >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-2969752157-892696647-4271518216-3003 >[2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >[2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >[2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name AndoBurg B.V., was >[2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive N:, was NULL >[2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\server\datamap, was >[2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script logon.cmd, was >[2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\server\tempprof, was >[2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [description] = [<does not exist>] >[2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>] >[2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >[2006/06/20 18:16:57, 10] lib/account_pol.c:account_policy_get(332) > account_policy_get: name: password history, val: 0 >[2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>] >[2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>] >[2006/06/20 18:16:57, 10] lib/smbldap.c:smbldap_get_single_attribute(297) > smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >[2006/06/20 18:16:57, 5] passdb/login_cache.c:login_cache_init(41) > Opening cache file at /var/cache/samba/login_cache.tdb >[2006/06/20 18:16:57, 7] passdb/login_cache.c:login_cache_read(83) > Looking up login cache for user andoburg >[2006/06/20 18:16:57, 7] passdb/login_cache.c:login_cache_read(97) > No cache entry found >[2006/06/20 18:16:57, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1004) > No cache entry, bad count = 0, bad time = 0 >[2006/06/20 18:16:57, 10] lib/account_pol.c:account_policy_get(332) > account_policy_get: name: password history, val: 0 >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username andoburg, was >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain ANDOLAN, was >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username andoburg, was >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name AndoBurg B.V., was >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\server\datamap, was >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive N:, was NULL >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script logon.cmd, was >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\server\tempprof, was >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2006/06/20 18:16:57, 10] lib/account_pol.c:account_policy_get(332) > account_policy_get: name: password history, val: 0 >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 >[2006/06/20 18:16:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 from rid 3002 >[2006/06/20 18:16:57, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-2969752157-892696647-4271518216-3003 >[2006/06/20 18:16:57, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-2969752157-892696647-4271518216-3003 from rid 3003 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 9] passdb/passdb.c:pdb_update_autolock_flag(2338) > pdb_update_autolock_flag: Account andoburg not autolocked, no check needed >[2006/06/20 18:16:57, 4] libsmb/ntlm_check.c:ntlm_password_check(326) > ntlm_password_check: Checking NT MD4 password >[2006/06/20 18:16:57, 4] auth/auth_sam.c:sam_account_ok(123) > sam_account_ok: Checking SMB password for user andoburg >[2006/06/20 18:16:57, 5] auth/auth_sam.c:logon_hours_ok(105) > logon_hours_ok: user andoburg allowed to logon at this time (Tue Jun 20 18:16:57 2006 > ) >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:16:57, 10] lib/system_smbd.c:sys_getgrouplist(167) > sys_getgrouplist: user [andoburg] >[2006/06/20 18:16:57, 10] lib/system_smbd.c:sys_getgrouplist(176) > sys_getgrouplist(): disabled winbindd for group lookup [user == andoburg] >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:16:57, 8] lib/system_smbd.c:remove_duplicate_gids(49) > remove_duplicate_gids: Enter 4 gids >[2006/06/20 18:16:57, 8] lib/system_smbd.c:remove_duplicate_gids(67) > remove_duplicate_gids: Exit 3 gids >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:16:57, 5] lib/smbldap.c:smbldap_search_ext(1080) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1001))], scope => [2] >[2006/06/20 18:16:57, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305) > ldapsam_getgroup: Did not find group >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 10] passdb/passdb.c:local_gid_to_sid(1245) > local_gid_to_sid: Fall back to algorithmic mapping: 1001 -> S-1-5-21-2969752157-892696647-4271518216-3003 >[2006/06/20 18:16:57, 10] passdb/lookup_sid.c:gid_to_sid(406) > gid_to_sid: local 1001 -> S-1-5-21-2969752157-892696647-4271518216-3003 >[2006/06/20 18:16:57, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(267) > fetch sid from gid cache 0 -> S-1-5-21-2969752157-892696647-4271518216-1001 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:16:57, 5] lib/smbldap.c:smbldap_search_ext(1080) > smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=10001))], scope => [2] >[2006/06/20 18:16:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199) > init_group_from_ldap: Entry found for group: 10001 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 10] passdb/passdb.c:local_gid_to_sid(1256) > local_gid_to_sid: gid (10001) -> SID S-1-5-21-2969752157-892696647-4271518216-512. >[2006/06/20 18:16:57, 10] passdb/lookup_sid.c:gid_to_sid(406) > gid_to_sid: local 10001 -> S-1-5-21-2969752157-892696647-4271518216-512 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-21-2969752157-892696647-4271518216-3002] >[2006/06/20 18:16:57, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-21-2969752157-892696647-4271518216-3003] >[2006/06/20 18:16:57, 5] lib/privileges.c:get_privileges_for_sids(459) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2006/06/20 18:16:57, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2006/06/20 18:16:57, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-21-2969752157-892696647-4271518216-1001] >[2006/06/20 18:16:57, 5] lib/privileges.c:get_privileges_for_sids(459) > get_privileges_for_sids: sid = S-1-5-21-2969752157-892696647-4271518216-512 > Privilege set: > SE_PRIV 0x10 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] lib/privileges.c:get_privileges_for_sids(459) > get_privileges_for_sids: sid = S-1-5-32-544 > Privilege set: > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 10] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:make_server_info_sam(898) > make_server_info_sam: made server info for user andoburg -> andoburg >[2006/06/20 18:16:57, 3] auth/auth.c:check_ntlm_password(268) > check_ntlm_password: sam authentication for user [andoburg] succeeded >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth.c:check_ntlm_password(294) > check_ntlm_password: PAM Account for user [andoburg] succeeded >[2006/06/20 18:16:57, 2] auth/auth.c:check_ntlm_password(307) > check_ntlm_password: authentication for user [andoburg] -> [andoburg] -> [andoburg] succeeded >[2006/06/20 18:16:57, 5] auth/auth_util.c:free_user_info(1485) > attempting to free (and zero) a user_info structure >[2006/06/20 18:16:57, 10] auth/auth_util.c:free_user_info(1488) > structure was created for andoburg >[2006/06/20 18:16:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(120) > Got NT session key of length 16 >[2006/06/20 18:16:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(127) > Got LM session key of length 16 >[2006/06/20 18:16:57, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(728) > ntlmssp_server_auth: Created NTLM2 session key. >[2006/06/20 18:16:57, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) > NTLMSSP Sign/Seal - Initialising with flags: >[2006/06/20 18:16:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) > Got NTLMSSP neg_flags=0x60088235 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_SEAL > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2006/06/20 18:16:57, 10] smbd/password.c:register_vuid(182) > register_vuid: allocated vuid = 101 >[2006/06/20 18:16:57, 10] lib/util_pw.c:getpwnam_alloc(98) > Got andoburg from pwnam_cache >[2006/06/20 18:16:57, 10] smbd/password.c:register_vuid(255) > register_vuid: (1001,1001) andoburg andoburg ANDOLAN guest=0 >[2006/06/20 18:16:57, 3] smbd/password.c:register_vuid(257) > User name: andoburg Real name: AndoBurg B.V. >[2006/06/20 18:16:57, 3] smbd/password.c:register_vuid(276) > UNIX uid 1001 is UNIX user andoburg, and will be vuid 101 >[2006/06/20 18:16:57, 7] param/loadparm.c:lp_servicenumber(4351) > lp_servicenumber: couldn't find andoburg >[2006/06/20 18:16:57, 3] smbd/password.c:register_vuid(305) > Adding homes service for user 'andoburg' using home directory: '/home/andoburg' >[2006/06/20 18:16:57, 7] param/loadparm.c:lp_servicenumber(4351) > lp_servicenumber: couldn't find homes >[2006/06/20 18:16:57, 6] param/loadparm.c:lp_file_list_changed(2955) > lp_file_list_changed() > file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 > >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=128 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=61 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [020] 00 2E 00 30 00 2E 00 32 00 32 00 00 00 41 00 4E ...0...2 .2...A.N > [030] 00 44 00 4F 00 4C 00 41 00 4E 00 00 00 .D.O.L.A .N... >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 78 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x4e >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 3 of length 82 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=78 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=192 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 78 (0x4E) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=35 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 52 .\.\.S.E .R.V.E.R > [010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F .\.I.P.C .$...??? > [020] 3F 3F 00 ??. >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBtconX (pid 16142) conn 0x0 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:16:57, 4] smbd/reply.c:reply_tcon_and_X(660) > Client requested device type [?????] for share [IPC$] >[2006/06/20 18:16:57, 5] smbd/service.c:make_connection(860) > making a connection to 'normal' service ipc$ >[2006/06/20 18:16:57, 5] lib/username.c:Get_Pwnam_alloc(290) > Finding user andoburg >[2006/06/20 18:16:57, 5] lib/username.c:Get_Pwnam_internals(234) > Trying _Get_Pwnam(), username as lowercase is andoburg >[2006/06/20 18:16:57, 10] lib/util_pw.c:getpwnam_alloc(98) > Got andoburg from pwnam_cache >[2006/06/20 18:16:57, 5] lib/username.c:Get_Pwnam_internals(267) > Get_Pwnam_internals did find user [andoburg]! >[2006/06/20 18:16:57, 3] smbd/service.c:make_connection_snum(488) > Connect path is '/tmp' for service [IPC$] >[2006/06/20 18:16:57, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(240) > get_share_security: using default secdesc for IPC$ >[2006/06/20 18:16:57, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2006/06/20 18:16:57, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000002, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. >[2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-3003 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-1001 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2006/06/20 18:16:57, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2) granted. >[2006/06/20 18:16:57, 3] smbd/vfs.c:vfs_init_default(216) > Initialising default vfs hooks >[2006/06/20 18:16:57, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2006/06/20 18:16:57, 10] smbd/uid.c:is_share_read_only_for_user(127) > is_share_read_only_for_user: share IPC$ is read-only for unix user andoburg >[2006/06/20 18:16:57, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(240) > get_share_security: using default secdesc for IPC$ >[2006/06/20 18:16:57, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2006/06/20 18:16:57, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000001, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. >[2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-3003 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-1001 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2006/06/20 18:16:57, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (1) granted. >[2006/06/20 18:16:57, 10] lib/username.c:user_in_list(570) > user_in_list: checking user andoburg in list >[2006/06/20 18:16:57, 10] lib/username.c:user_in_list(575) > user_in_list: checking user |andoburg| against |@root| >[2006/06/20 18:16:57, 5] lib/username.c:user_in_netgroup_list(346) > Unable to get default yp domain >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 1001 and contains 3 supplementary groups > Group[ 0]: 1001 > Group[ 1]: 0 > Group[ 2]: 10001 >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:16:57, 3] smbd/service.c:make_connection_snum(693) > ws035 (192.168.68.22) connect to service IPC$ initially as user andoburg (uid=0, gid=1001) (pid 16142) >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2006/06/20 18:16:57, 3] smbd/reply.c:reply_tcon_and_X(708) > tconX service=IPC$ >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=192 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 49 50 43 00 00 00 00 IPC.... >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 100 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x64 >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 4 of length 104 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=256 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [010] 00 . >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBntcreateX (pid 16142) conn 0x83d5780 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 1001 and contains 3 supplementary groups > Group[ 0]: 1001 > Group[ 1]: 0 > Group[ 2]: 10001 >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:16:57, 4] smbd/vfs.c:vfs_ChDir(738) > vfs_ChDir to /tmp >[2006/06/20 18:16:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) > reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2006/06/20 18:16:57, 4] smbd/nttrans.c:nt_open_pipe(330) > nt_open_pipe: Opening pipe \lsarpc. >[2006/06/20 18:16:57, 3] smbd/nttrans.c:nt_open_pipe(351) > nt_open_pipe: Known pipe lsarpc opening. >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested lsarpc (pipes_open=0) >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested lsarpc >[2006/06/20 18:16:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe lsarpc >[2006/06/20 18:16:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(363) > Created internal pipe lsarpc (pipes_open=0) >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe lsarpc with handle 7077 (pipes_open=1) >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=7077 >[2006/06/20 18:16:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=256 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=30464 (0x7700) > smb_vwv[ 3]= 368 (0x170) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 136 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x88 >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 5 of length 140 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=320 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28791 (0x7077) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBwriteX (pid 16142) conn 0x83d5780 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 1001 and contains 3 supplementary groups > Group[ 0]: 1001 > Group[ 1]: 0 > Group[ 2]: 10001 >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=7077 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=7077 (pipes_open=1) >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 7077 name: lsarpc open: Yes len: 72 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 72 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 56 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0b >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0048 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000001 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 11, flags = 3 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 56 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 11 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1495) > api_pipe_bind_req: decode request. 1495 >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1506) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0008 num_contexts: 01 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000c context_id : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 000e num_transfer_syntaxes: 01 >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 data : 12345778 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 data : 1234 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 data : abcd >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0018 data : ef 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 001a data : 01 23 45 67 89 ab >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 version: 00000000 >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 data : 8a885d04 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0028 data : 1ceb >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 002a data : 11c9 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002c data : 9f e8 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002e data : 08 00 2b 10 48 60 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 version: 00000002 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1548) > api_pipe_bind_req: make response. 1548 >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe.c:check_bind_req(959) > check_bind_req for \PIPE\lsarpc >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\lsarpc >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 000053f0 >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 len: 000c >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000a str: \PIPE\lsass. >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0018 num_results: 01 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001c result : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e reason : 0000 >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 data : 8a885d04 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 data : 1ceb >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 data : 11c9 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0028 data : 9f e8 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002a data : 08 00 2b 10 48 60 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 version: 00000002 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0c >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000001 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 56 >[2006/06/20 18:16:57, 3] smbd/pipes.c:reply_pipe_write_and_X(207) > writeX-IPC pnum=7077 nwritten=72 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=320 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 59 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x3b >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 6 of length 63 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=385 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28791 (0x7077) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBreadX (pid 16142) conn 0x83d5780 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 1001 and contains 3 supplementary groups > Group[ 0]: 1001 > Group[ 1]: 0 > Group[ 2]: 10001 >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=7077 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=7077 (pipes_open=1) >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 7077 name: lsarpc len: 1024 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2006/06/20 18:16:57, 3] smbd/pipes.c:reply_pipe_read_and_X(252) > readX-IPC pnum=7077 min=1024 max=1024 nread=68 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=385 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 172 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xac >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 7 of length 176 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=449 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28791 (0x7077) > smb_bcc=105 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ........ .X...... > [020] 00 40 00 00 00 00 00 2C 00 D0 AE 13 00 09 00 00 .@....., ........ > [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 53 00 45 ........ .\.\.S.E > [040] 00 52 00 56 00 45 00 52 00 00 00 C9 11 18 00 00 .R.V.E.R ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [060] 00 00 00 00 00 00 00 00 02 ........ . >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 16142) conn 0x83d5780 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 1001 and contains 3 supplementary groups > Group[ 0]: 1001 > Group[ 1]: 0 > Group[ 2]: 10001 >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:16:57, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=88 params=0 setup=2 >[2006/06/20 18:16:57, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/06/20 18:16:57, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/06/20 18:16:57, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=7077 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=7077 (pipes_open=1) >[2006/06/20 18:16:57, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7077) >[2006/06/20 18:16:57, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d49f0 max_trans_reply: 1024 >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 7077 name: lsarpc open: Yes len: 88 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 88 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 72 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0058 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000001 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 72 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 72, incoming data = 72 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000040 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 002c >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 70 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\lsarpc >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[0].fn == 0x8123340 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_open_pol2 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 ptr : 0013aed0 >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 uni_max_len: 00000009 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 offset : 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c uni_str_len: 00000009 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 0010 buffer : \.\.S.E.R.V.E.R... >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000022 lsa_io_obj_attr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 len : 00000018 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 ptr_root_dir: 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 002c ptr_obj_name: 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 attributes : 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 ptr_sec_desc: 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0038 ptr_sec_qos : 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 003c des_access: 02000000 >[2006/06/20 18:16:57, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. >[2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-3003 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-1001 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 > se_access_check: also S-1-5-32-544 >[2006/06/20 18:16:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 79 1F 98 44 ........ ....y..D > [010] 0E 3F 00 00 .?.. >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_open_pol2 >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000001 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000c data5: 79 1f 98 44 0e 3f 00 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0014 status: NT_STATUS_OK >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called lsarpc successfully >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 818 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 72 >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 7077 name: lsarpc len: 1024 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000001 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2006/06/20 18:16:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=449 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 00 00 00 .....y.. D.?..... > [030] 00 . >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 130 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x82 >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 8 of length 134 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=513 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28791 (0x7077) > smb_bcc=63 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 0C 00 .....y.. D.?.... >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 16142) conn 0x83d5780 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 1001 and contains 3 supplementary groups > Group[ 0]: 1001 > Group[ 1]: 0 > Group[ 2]: 10001 >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:16:57, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2006/06/20 18:16:57, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/06/20 18:16:57, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/06/20 18:16:57, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=7077 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=7077 (pipes_open=1) >[2006/06/20 18:16:57, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7077) >[2006/06/20 18:16:57, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d49f0 max_trans_reply: 1024 >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 7077 name: lsarpc open: Yes len: 46 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 46 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 30 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 002e >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000002 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 30 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000016 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 002e >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\lsarpc >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: lsarpc op 0x2e - unknown >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 23 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0020 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000002 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_hdr_fault fault >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0018 status : NT code 0x1c010002 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c reserved: 00000000 >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 30 >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 7077 name: lsarpc len: 1024 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) > read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2006/06/20 18:16:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..32] >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=513 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 130 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x82 >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 9 of length 134 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=577 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28791 (0x7077) > smb_bcc=63 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ > [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 ........ ........ > [030] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 03 00 .....y.. D.?.... >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 16142) conn 0x83d5780 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 1001 and contains 3 supplementary groups > Group[ 0]: 1001 > Group[ 1]: 0 > Group[ 2]: 10001 >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:16:57, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2006/06/20 18:16:57, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/06/20 18:16:57, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/06/20 18:16:57, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=7077 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=7077 (pipes_open=1) >[2006/06/20 18:16:57, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 7077) >[2006/06/20 18:16:57, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d49f0 max_trans_reply: 1024 >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 7077 name: lsarpc open: Yes len: 46 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 46 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 30 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 002e >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000003 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 30 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000016 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0007 >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\lsarpc >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[2].fn == 0x8122fe0 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_query >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000001 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000c data5: 79 1f 98 44 0e 3f 00 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 info_class: 0003 >[2006/06/20 18:16:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 79 1F 98 44 ........ ....y..D > [010] 0E 3F 00 00 .?.. >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_query >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 22000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 info_class: 0003 >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 lsa_io_dom_query >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 uni_dom_max_len: 000e >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a uni_dom_str_len: 0010 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c buffer_dom_name: 00000001 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 buffer_dom_sid : 00000001 >[2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unistr2 unistr2 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 uni_max_len: 00000008 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 offset : 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c uni_str_len: 00000007 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 0020 buffer : A.N.D.O.L.A.N. >[2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_dom_sid2 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 num_auths: 00000004 >[2006/06/20 18:16:57, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000034 smb_io_dom_sid sid >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0034 sid_rev_num: 01 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0035 num_auths : 04 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0036 id_auth[0] : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0037 id_auth[1] : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0038 id_auth[2] : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0039 id_auth[3] : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003a id_auth[4] : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003b id_auth[5] : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 003c sub_auths : 00000015 b102d25d 35357847 fe9a3208 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 004c status: NT_STATUS_OK >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called lsarpc successfully >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 16 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 30 >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 7077 name: lsarpc len: 1024 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0068 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000003 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000050 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2006/06/20 18:16:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..104] >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=577 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... > [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .P...... ...."... > [020] 00 0E 00 10 00 01 00 00 00 01 00 00 00 08 00 00 ........ ........ > [030] 00 00 00 00 00 07 00 00 00 41 00 4E 00 44 00 4F ........ .A.N.D.O > [040] 00 4C 00 41 00 4E 00 00 00 04 00 00 00 01 04 00 .L.A.N.. ........ > [050] 00 00 00 00 05 15 00 00 00 5D D2 02 B1 47 78 35 ........ .]...Gx5 > [060] 35 08 32 9A FE 00 00 00 00 5.2..... . >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 100 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x64 >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 10 of length 104 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=641 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. > [010] 00 . >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBntcreateX (pid 16142) conn 0x83d5780 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 1001 and contains 3 supplementary groups > Group[ 0]: 1001 > Group[ 1]: 0 > Group[ 2]: 10001 >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:16:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) > reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 >[2006/06/20 18:16:57, 4] smbd/nttrans.c:nt_open_pipe(330) > nt_open_pipe: Opening pipe \winreg. >[2006/06/20 18:16:57, 3] smbd/nttrans.c:nt_open_pipe(351) > nt_open_pipe: Known pipe winreg opening. >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested winreg (pipes_open=1) >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) > open_rpc_pipe_p: name lsarpc pnum=7077 >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested winreg >[2006/06/20 18:16:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe winreg >[2006/06/20 18:16:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe winreg >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(363) > Created internal pipe winreg (pipes_open=1) >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe winreg with handle 7078 (pipes_open=2) >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name winreg pnum=7078 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=7077 >[2006/06/20 18:16:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) > do_ntcreate_pipe_open: open pipe = \winreg >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=641 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=30720 (0x7800) > smb_vwv[ 3]= 368 (0x170) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 136 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x88 >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 11 of length 140 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=705 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28792 (0x7078) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... > [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ > [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. > [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBwriteX (pid 16142) conn 0x83d5780 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 1001 and contains 3 supplementary groups > Group[ 0]: 1001 > Group[ 1]: 0 > Group[ 2]: 10001 >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=7078 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name winreg pnum=7078 (pipes_open=2) >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=7077 (pipes_open=2) >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 7078 name: winreg open: Yes len: 72 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 72 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 56 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0b >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0048 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000001 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 11, flags = 3 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 56 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 11 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1495) > api_pipe_bind_req: decode request. 1495 >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1506) > api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0008 num_contexts: 01 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000c context_id : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 000e num_transfer_syntaxes: 01 >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 data : 338cd001 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 data : 2244 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 data : 31f1 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0018 data : aa aa >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 001a data : 90 00 38 00 10 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 version: 00000001 >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 data : 8a885d04 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0028 data : 1ceb >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 002a data : 11c9 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002c data : 9f e8 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002e data : 08 00 2b 10 48 60 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 version: 00000002 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1548) > api_pipe_bind_req: make response. 1548 >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe.c:check_bind_req(959) > check_bind_req for \PIPE\winreg >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\lsarpc >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\lsarpc >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\samr >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\NETLOGON >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\srvsvc >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\wkssvc >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\winreg >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 000053f0 >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 len: 000d >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000a str: \PIPE\winreg. >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000017 smb_io_rpc_results >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0018 num_results: 01 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001c result : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e reason : 0000 >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 data : 8a885d04 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 data : 1ceb >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 data : 11c9 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0028 data : 9f e8 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002a data : 08 00 2b 10 48 60 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 version: 00000002 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0c >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000001 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 56 >[2006/06/20 18:16:57, 3] smbd/pipes.c:reply_pipe_write_and_X(207) > writeX-IPC pnum=7078 nwritten=72 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=705 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 59 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x3b >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 12 of length 63 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=769 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=28792 (0x7078) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBreadX (pid 16142) conn 0x83d5780 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 1001 and contains 3 supplementary groups > Group[ 0]: 1001 > Group[ 1]: 0 > Group[ 2]: 10001 >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=7078 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name winreg pnum=7078 (pipes_open=2) >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=7077 (pipes_open=2) >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 7078 name: winreg len: 1024 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) > read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2006/06/20 18:16:57, 3] smbd/pipes.c:reply_pipe_read_and_X(252) > readX-IPC pnum=7078 min=1024 max=1024 nread=68 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=101 > smb_mid=769 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... > [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ > [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ > [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` > [040] 02 00 00 00 .... >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 120 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x78 >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 13 of length 124 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=833 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 36 (0x24) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28792 (0x7078) > smb_bcc=53 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... > [020] 00 0C 00 00 00 00 00 02 00 08 F5 64 01 28 D6 01 ........ ...d.(.. > [030] 00 00 00 00 02 ..... >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 16142) conn 0x83d5780 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 1001 and contains 3 supplementary groups > Group[ 0]: 1001 > Group[ 1]: 0 > Group[ 2]: 10001 >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:16:57, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=36 params=0 setup=2 >[2006/06/20 18:16:57, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/06/20 18:16:57, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/06/20 18:16:57, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=7078 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name winreg pnum=7078 (pipes_open=2) >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=7077 (pipes_open=2) >[2006/06/20 18:16:57, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 7078) >[2006/06/20 18:16:57, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d43d8 max_trans_reply: 1024 >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 7078 name: winreg open: Yes len: 36 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 36 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 20 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0024 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000001 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 20 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 0000000c >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0002 >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 70 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\winreg >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[3].fn == 0x8127520 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_open_hive >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 ptr: 0164f508 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 server: d628 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 access: 02000000 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(101) : conn_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 10] registry/reg_db.c:regdb_open(265) > regdb_open: refcount reset (1) >[2006/06/20 18:16:57, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM] >[2006/06/20 18:16:57, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM] >[2006/06/20 18:16:57, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM] >[2006/06/20 18:16:57, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2006/06/20 18:16:57, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2006/06/20 18:16:57, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-5-21-2969752157-892696647-4271518216-1000. >[2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-1000 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-1001 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 >[2006/06/20 18:16:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 79 1F 98 44 ........ ....y..D > [010] 0E 3F 00 00 .?.. >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_open_hive >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000002 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000c data5: 79 1f 98 44 0e 3f 00 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_werror(792) > 0014 status: WERR_OK >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called winreg successfully >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 510 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 20 >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 7078 name: winreg len: 1024 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000001 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2006/06/20 18:16:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=833 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 00 00 00 .....y.. D.?..... > [030] 00 . >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 268 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x10c >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 14 of length 272 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=268 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=897 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 184 (0xB8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 184 (0xB8) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28792 (0x7078) > smb_bcc=201 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 B8 00 00 00 02 00 00 ........ ........ > [020] 00 A0 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 ........ ........ > [030] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 6E 00 6E .....y.. D.?..n.n > [040] 00 30 7A E1 76 37 00 00 00 00 00 00 00 37 00 00 .0z.v7.. .....7.. > [050] 00 53 00 79 00 73 00 74 00 65 00 6D 00 5C 00 43 .S.y.s.t .e.m.\.C > [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 43 00 6F .u.r.r.e .n.t.C.o > [070] 00 6E 00 74 00 72 00 6F 00 6C 00 53 00 65 00 74 .n.t.r.o .l.S.e.t > [080] 00 5C 00 73 00 65 00 72 00 76 00 69 00 63 00 65 .\.s.e.r .v.i.c.e > [090] 00 73 00 5C 00 4E 00 65 00 74 00 6C 00 6F 00 67 .s.\.N.e .t.l.o.g > [0A0] 00 6F 00 6E 00 5C 00 70 00 61 00 72 00 61 00 6D .o.n.\.p .a.r.a.m > [0B0] 00 65 00 74 00 65 00 72 00 73 00 5C 00 00 00 00 .e.t.e.r .s.\.... > [0C0] 00 00 00 00 00 19 00 02 00 ........ . >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 16142) conn 0x83d5780 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 1001 and contains 3 supplementary groups > Group[ 0]: 1001 > Group[ 1]: 0 > Group[ 2]: 10001 >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:16:57, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=184 params=0 setup=2 >[2006/06/20 18:16:57, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/06/20 18:16:57, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/06/20 18:16:57, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=7078 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name winreg pnum=7078 (pipes_open=2) >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=7077 (pipes_open=2) >[2006/06/20 18:16:57, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 7078) >[2006/06/20 18:16:57, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d43d8 max_trans_reply: 1024 >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 7078 name: winreg open: Yes len: 184 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 184 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 184 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 184, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 168 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 168 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 00b8 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000002 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 168 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 168, incoming data = 168 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 000000a0 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 000f >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\winreg >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[1].fn == 0x81276c0 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_open_entry >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000002 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000c data5: 79 1f 98 44 0e 3f 00 00 >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 prs_unistr4 name >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 length: 006e >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 size: 006e >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 ptr: 76e17a30 >[2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_unistr2 name >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c uni_max_len: 00000037 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 offset : 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 uni_str_len: 00000037 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 0028 buffer : S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.s.e.r.v.i.c.e.s.\.N.e.t.l.o.g.o.n.\.p.a.r.a.m.e.t.e.r.s.\... >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0098 unknown_0 : 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 009c access: 00020019 >[2006/06/20 18:16:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 79 1F 98 44 ........ ....y..D > [010] 0E 3F 00 00 .?.. >[2006/06/20 18:16:57, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (1) >[2006/06/20 18:16:57, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2006/06/20 18:16:57, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] >[2006/06/20 18:16:57, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] >[2006/06/20 18:16:57, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2006/06/20 18:16:57, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2006/06/20 18:16:57, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00020019, for NT token with 6 entries and first sid S-1-5-21-2969752157-892696647-4271518216-1000. >[2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(250) >[2006/06/20 18:16:57, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-1000 > se_access_check: also S-1-5-21-2969752157-892696647-4271518216-1001 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 20019 >[2006/06/20 18:16:57, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (20019) granted. >[2006/06/20 18:16:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 79 1F 98 44 ........ ....y..D > [010] 0E 3F 00 00 .?.. >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_open_entry >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd handle >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000003 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000c data5: 79 1f 98 44 0e 3f 00 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_werror(792) > 0014 status: WERR_OK >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called winreg successfully >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 634 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 168 >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 7078 name: winreg len: 1024 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000002 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2006/06/20 18:16:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=897 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ > [020] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 00 00 00 .....y.. D.?..... > [030] 00 . >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 232 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0xe8 >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 15 of length 236 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=232 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=961 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 148 (0x94) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 148 (0x94) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28792 (0x7078) > smb_bcc=165 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 94 00 00 00 03 00 00 ........ ........ > [020] 00 7C 00 00 00 00 00 11 00 00 00 00 00 03 00 00 .|...... ........ > [030] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 2A 00 2A .....y.. D.?..*.* > [040] 00 04 7A E1 76 15 00 00 00 00 00 00 00 15 00 00 ..z.v... ........ > [050] 00 52 00 65 00 66 00 75 00 73 00 65 00 50 00 61 .R.e.f.u .s.e.P.a > [060] 00 73 00 73 00 77 00 6F 00 72 00 64 00 43 00 68 .s.s.w.o .r.d.C.h > [070] 00 61 00 6E 00 67 00 65 00 00 00 53 00 64 F5 64 .a.n.g.e ...S.d.d > [080] 01 94 F5 64 01 94 F5 64 01 04 00 00 00 00 00 00 ...d...d ........ > [090] 00 00 00 00 00 5C F5 64 01 04 00 00 00 54 F5 64 .....\.d .....T.d > [0A0] 01 00 00 00 00 ..... >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 16142) conn 0x83d5780 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 1001 and contains 3 supplementary groups > Group[ 0]: 1001 > Group[ 1]: 0 > Group[ 2]: 10001 >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(0,0) gid=(0,1001) >[2006/06/20 18:16:57, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=148 params=0 setup=2 >[2006/06/20 18:16:57, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2006/06/20 18:16:57, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2006/06/20 18:16:57, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=7078 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name winreg pnum=7078 (pipes_open=2) >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=7077 (pipes_open=2) >[2006/06/20 18:16:57, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "winreg" (pnum 7078) >[2006/06/20 18:16:57, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x83d43d8 max_trans_reply: 1024 >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 7078 name: winreg open: Yes len: 148 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 148 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 148 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 148, len_needed_to_complete_hdr = 16, receive_len = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 132 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 132 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0094 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000003 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 132 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 132, incoming data = 132 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 0000007c >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0011 >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\winreg >[2006/06/20 18:16:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[10].fn == 0x8126f30 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_q_query_value >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000003 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000c data5: 79 1f 98 44 0e 3f 00 00 >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 prs_unistr4 name >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 length: 002a >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 size: 002a >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 ptr: 76e17a04 >[2006/06/20 18:16:57, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c smb_io_unistr2 name >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c uni_max_len: 00000015 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 offset : 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 uni_str_len: 00000015 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 0028 buffer : R.e.f.u.s.e.P.a.s.s.w.o.r.d.C.h.a.n.g.e... >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0054 ptr_reserved: 0164f564 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0058 ptr_buf: 0164f594 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 005c ptr_bufsize: 0164f594 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0060 bufsize: 00000004 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0064 buf_unk: 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0068 unk1: 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 006c ptr_buflen: 0164f55c >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0070 buflen: 00000004 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0074 ptr_buflen2: 0164f554 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0078 buflen2: 00000000 >[2006/06/20 18:16:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 79 1F 98 44 ........ ....y..D > [010] 0E 3F 00 00 .?.. >[2006/06/20 18:16:57, 7] rpc_server/srv_reg_nt.c:_reg_query_value(327) > _reg_info: policy key name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2006/06/20 18:16:57, 7] rpc_server/srv_reg_nt.c:_reg_query_value(328) > _reg_info: policy key type = [00000000] >[2006/06/20 18:16:57, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332) > _reg_info: looking up value: [RefusePasswordChange] >[2006/06/20 18:16:57, 8] registry/reg_frontend.c:fetch_reg_values_specific(283) > fetch_reg_values_specific: Initializing cache of values for [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2006/06/20 18:16:57, 10] registry/reg_db.c:regdb_fetch_values(562) > regdb_fetch_values: Looking for value of key [HKLM\System\CurrentControlSet\services\Netlogon\parameters] >[2006/06/20 18:16:57, 10] lib/account_pol.c:account_policy_get(332) > account_policy_get: name: refuse machine password change, val: 0 >[2006/06/20 18:16:57, 10] rpc_server/srv_reg_nt.c:_reg_query_value(415) > _reg_info: Testing value [RefusePasswordChange] >[2006/06/20 18:16:57, 10] rpc_server/srv_reg_nt.c:_reg_query_value(417) > _reg_info: Found match for value [RefusePasswordChange] >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 reg_io_r_query_value >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 ptr: f000baaa >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 type: 00000004 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 ptr: f000baaa >[2006/06/20 18:16:57, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000c smb_io_regval_buffer value >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c buf_max_len: 00000004 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 offset : 00000000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 buf_len : 00000004 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 0018 buffer : .... >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c ptr: f000baaa >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 buf_max_len: 00000004 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 ptr: f000baaa >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 buf_len: 00000004 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_werror(792) > 002c status: WERR_OK >[2006/06/20 18:16:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called winreg successfully >[2006/06/20 18:16:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 90 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 132 >[2006/06/20 18:16:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 7078 name: winreg len: 1024 >[2006/06/20 18:16:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 48. >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0048 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000003 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000030 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2006/06/20 18:16:57, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2006/06/20 18:16:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..72] >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=961 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=73 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 48 00 00 00 03 00 00 ........ .H...... > [010] 00 30 00 00 00 00 00 00 00 AA BA 00 F0 04 00 00 .0...... ........ > [020] 00 AA BA 00 F0 04 00 00 00 00 00 00 00 04 00 00 ........ ........ > [030] 00 00 00 00 00 AA BA 00 F0 04 00 00 00 AA BA 00 ........ ........ > [040] F0 04 00 00 00 00 00 00 00 ........ . >[2006/06/20 18:16:57, 10] smbd/process.c:setup_select_timeout(1372) > change_notify_timeout: -1 >[2006/06/20 18:16:57, 10] smbd/process.c:run_events(299) > run_events: No events >[2006/06/20 18:16:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 128 >[2006/06/20 18:16:57, 6] smbd/process.c:process_smb(1193) > got message type 0x0 of len 0x80 >[2006/06/20 18:16:57, 3] smbd/process.c:process_smb(1194) > Transaction 16 of length 132 >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(454) >[2006/06/20 18:16:57, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1036 > smb_uid=101 > smb_mid=1025 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=28792 (0x7078) > smb_bcc=61 >[2006/06/20 18:16:57, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 03 00 00 ........ ........ > [030] 00 00 00 00 00 79 1F 98 44 0E 3F 00 00 .....y.. D.?.. >[2006/06/20 18:16:57, 3] smbd/process.c:switch_message(993) > switch message SMBtrans (pid 16142) conn 0x83d5780 >[2006/06/20 18:16:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 > contains 8 SIDs > SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 > SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-3003 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-2969752157-892696647-4271518216-1001 > SID[ 6]: S-1-5-21-2969752157-892696647-4271518216-512 > SID[ 7]: S-1-5-32-544 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2006/06/20 18:16:57, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 1001 and contains 3 supplementary groups > Group[ 0]: 1001 > Group[ 1]: 0 > Group[ 2]: 10001 >[2006/06/20 18:16:57, 5] smbd/uid.c:change_to_user(309) >[2006/06/20 18:16:58, 10] lib/util_sock.c:read_udp_socket(289) > read_udp_socket: lastip 192.168.68.22 lastport 138 read: 231 >[2006/06/20 18:16:58, 5] libsmb/nmblib.c:read_packet(755) > Received a packet of len 231 from (192.168.68.22) port 138 >[2006/06/20 18:16:58, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >1 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1b>", 84 ) >[2006/06/20 18:16:58, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) >[2006/06/20 18:16:58, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) > find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 >[2006/06/20 18:16:58, 4] nmbd/nmbd_packets.c:process_dgram(1268) > process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=57 >[2006/06/20 18:16:58, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) > process_logon_packet: Logon from 192.168.68.22: code = 0x12 >[2006/06/20 18:16:58, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) > process_logon_packet: SAMLOGON sidsize 0, len = 57 >[2006/06/20 18:16:58, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) > process_logon_packet: len = 57 PTR_DIFF(q, buf) = 49 >[2006/06/20 18:16:58, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) > process_logon_packet: SAMLOGON sidsize 0 ntv 11 >[2006/06/20 18:16:58, 5] nmbd/nmbd_processlogon.c:process_logon_packet(356) > process_logon_packet: SAMLOGON user >[2006/06/20 18:16:58, 5] nmbd/nmbd_processlogon.c:process_logon_packet(363) > process_logon_packet: SAMLOGON request from ws035(192.168.68.22) for , returning logon svr \\SERVER domain ANDOLAN code 13 token=ffff >[2006/06/20 18:16:58, 4] lib/util.c:dump_data(2058) > [000] 15 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 ..\.\.S. E.R.V.E. > [010] 52 00 00 00 00 00 41 00 4E 00 44 00 4F 00 4C 00 R.....A. N.D.O.L. > [020] 41 00 4E 00 00 00 01 00 00 00 FF FF FF FF A.N..... ...... >[2006/06/20 18:16:58, 4] nmbd/nmbd_packets.c:send_mailslot(1917) > send_mailslot: Sending to mailslot \MAILSLOT\NET\GETDC501 from SERVER<00> IP 192.168.68.1 to WS035<00> IP 192.168.68.22 >[2006/06/20 18:16:58, 4] nmbd/nmbd_packets.c:debug_browse_data(100) > debug_browse_data(): > 0 char ..\.\.S.E.R.V.E. hex 15 00 5c 00 5c 00 53 00 45 00 52 00 56 00 45 00 > 10 char R.....A.N.D.O.L. hex 52 00 00 00 00 00 41 00 4e 00 44 00 4f 00 4c 00 > 20 char A.N........... hex 41 00 4e 00 00 00 01 00 00 00 ff ff ff ff >[2006/06/20 18:16:58, 5] libsmb/nmblib.c:send_udp(777) > Sending a packet of len 220 to (192.168.68.22) on port 138 >[2006/06/20 18:16:58, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet 192.168.68.1: found. >[2006/06/20 18:16:58, 10] nmbd/nmbd_sendannounce.c:announce_myself_to_domain_master_browser(382) > announce_myself_to_domain_master_browser: t (1150820217) - last(1150819908) < 900 >[2006/06/20 18:16:58, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:58, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(173) > find_workgroup_on_subnet: workgroup search for ANDOLAN on subnet UNICAST_SUBNET: found. >[2006/06/20 18:16:58, 10] lib/util_sock.c:read_udp_socket(289) > read_udp_socket: lastip 192.168.68.22 lastport 138 read: 231 >[2006/06/20 18:16:58, 5] libsmb/nmblib.c:read_packet(755) > Received a packet of len 231 from (192.168.68.22) port 138 >[2006/06/20 18:16:58, 10] nmbd/nmbd_subnetdb.c:namelist_entry_compare(70) >nmbd_subnetdb:namelist_entry_compare() >0 == memcmp( "ANDOLAN<1c>", "ANDOLAN<1c>", 84 ) >[2006/06/20 18:16:58, 9] nmbd/nmbd_namelistdb.c:find_name_on_subnet(128) > find_name_on_subnet: on subnet 192.168.68.1 - found name ANDOLAN<1c> source=2 >[2006/06/20 18:16:58, 4] nmbd/nmbd_packets.c:process_dgram(1268) > process_dgram: datagram from WS035<00> to ANDOLAN<1c> IP 192.168.68.22 for \MAILSLOT\NET\NETLOGON of type 18 len=57 >[2006/06/20 18:16:58, 4] nmbd/nmbd_processlogon.c:process_logon_packet(95) > process_logon_packet: Logon from 192.168.68.22: code = 0x12 >[2006/06/20 18:16:58, 5] nmbd/nmbd_processlogon.c:process_logon_packet(315) > process_logon_packet: SAMLOGON sidsize 0, len = 57 >[2006/06/20 18:16:58, 5] nmbd/nmbd_processlogon.c:process_logon_packet(322) > process_logon_packet: len = 57 PTR_DIFF(q, buf) = 49 >[2006/06/20 18:16:58, 3] nmbd/nmbd_processlogon.c:process_logon_packet(347) > process_logon_packet: SAMLOGON sidsize 0 ntv 11
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 3848
: 1970 |
1971
|
1972