NT user token: (NULL) [2006/06/20 18:19:16, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:16, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:16, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2006/06/20 18:19:16, 3] smbd/server.c:exit_server_common(675) Server exit (normal exit) [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 16 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 16 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 8192 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 8192 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 16 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 16 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 8192 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 8192 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2006/06/20 18:19:33, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2006/06/20 18:19:33, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:19:33, 3] smbd/oplock.c:init_oplocks(860) open_oplock_ipc: initializing messages. [2006/06/20 18:19:33, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(260) Linux kernel oplocks enabled [2006/06/20 18:19:33, 4] lib/time.c:TimeInit(136) TimeInit: Serverzone is -7200 [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 133 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x85 [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 0 of length 137 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [060] 32 00 2. [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBnegprot (pid 16708) conn 0x0 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:33, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [PC NETWORK PROGRAM 1.0] [2006/06/20 18:19:33, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN1.0] [2006/06/20 18:19:33, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [Windows for Workgroups 3.1a] [2006/06/20 18:19:33, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LM1.2X002] [2006/06/20 18:19:33, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN2.1] [2006/06/20 18:19:33, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [NT LM 0.12] [2006/06/20 18:19:33, 10] lib/util.c:set_remote_arch(2190) set_remote_arch: Client arch is 'Win2K' [2006/06/20 18:19:33, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:19:33, 5] smbd/connection.c:claim_connection(170) claiming 0 [2006/06/20 18:19:33, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:19:33, 3] smbd/negprot.c:reply_nt1(357) using SPNEGO [2006/06/20 18:19:33, 3] smbd/negprot.c:reply_negprot(579) Selected protocol NT LM 0.12 [2006/06/20 18:19:33, 5] smbd/negprot.c:reply_negprot(585) negprot index=5 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=17408 (0x4400) smb_vwv[ 8]= 65 (0x41) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=37592 (0x92D8) smb_vwv[13]=34128 (0x8550) smb_vwv[14]=50836 (0xC694) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 73 65 72 76 65 72 00 00 00 00 00 00 00 00 00 00 server.. ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 236 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0xec [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 1 of length 240 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=236 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 236 (0xEC) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=177 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... [030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 05 01 28 0A 00 00 00 0F 00 57 00 69 00 6E ....(... ...W.i.n [050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [060] 00 32 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .2. .S.e .r.v.i.c [070] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 .e. .P.a .c.k. .2 [080] 00 20 00 32 00 36 00 30 00 30 00 00 00 57 00 69 . .2.6.0 .0...W.i [090] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [0A0] 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 00 00 .0.2. .5 ...1.... [0B0] 00 . [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBsesssetupX (pid 16708) conn 0x0 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X(844) wct=12 flg2=0xc807 [2006/06/20 18:19:33, 2] smbd/sesssetup.c:setup_new_vc_session(794) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(655) Doing spnego session setup [2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(686) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2006/06/20 18:19:33, 10] lib/util.c:set_remote_arch(2190) set_remote_arch: Client arch is 'WinXP' [2006/06/20 18:19:33, 10] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 100 [2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_spnego_negotiate(547) Got OID 1 3 6 1 4 1 311 2 2 10 [2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_spnego_negotiate(550) Got secblob of size 40 [2006/06/20 18:19:33, 5] auth/auth.c:make_auth_context_subsystem(484) Making default auth method list for DC, security=user, encrypt passwords = yes [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam' [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam_ignoredomain [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam_ignoredomain' [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend unix [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'unix' [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend winbind [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'winbind' [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend smbserver [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'smbserver' [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend trustdomain [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'trustdomain' [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend ntdomain [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'ntdomain' [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend guest [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'guest' [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend fixed_challenge [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'fixed_challenge' [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend name_to_ntstatus [2006/06/20 18:19:33, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'name_to_ntstatus' [2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match guest [2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(416) load_auth_module: auth method guest has a valid init [2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match sam [2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(416) load_auth_module: auth method sam has a valid init [2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match trustdomain [2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(416) load_auth_module: auth method trustdomain has a valid init [2006/06/20 18:19:33, 5] auth/auth.c:load_auth_module(416) load_auth_module: auth method winbind has a valid init [2006/06/20 18:19:33, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2006/06/20 18:19:33, 5] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module guest did not want to specify a challenge [2006/06/20 18:19:33, 5] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module sam did not want to specify a challenge [2006/06/20 18:19:33, 5] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module winbind did not want to specify a challenge [2006/06/20 18:19:33, 5] auth/auth.c:get_ntlm_challenge(137) auth_context challenge created by random [2006/06/20 18:19:33, 5] auth/auth.c:get_ntlm_challenge(138) challenge is: [2006/06/20 18:19:33, 5] lib/util.c:dump_data(2215) [000] 63 33 3E 83 A6 80 CF 81 c3>..... [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=306 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=64 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 205 (0xCD) smb_bcc=263 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] A1 81 CA 30 81 C7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 B1 04 81 AE 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 [030] 00 00 00 95 82 89 E2 63 33 3E 83 A6 80 CF 81 00 .......c 3>...... [040] 00 00 00 00 00 00 00 70 00 70 00 3E 00 00 00 41 .......p .p.>...A [050] 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 02 00 0E .N.D.O.L .A.N.... [060] 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 01 .A.N.D.O .L.A.N.. [070] 00 0C 00 53 00 45 00 52 00 56 00 45 00 52 00 04 ...S.E.R .V.E.R.. [080] 00 1A 00 6D 00 75 00 6C 00 6F 00 63 00 6B 00 32 ...m.u.l .o.c.k.2 [090] 00 30 00 30 00 30 00 2E 00 6E 00 6C 00 03 00 28 .0.0.0.. .n.l...( [0A0] 00 73 00 65 00 72 00 76 00 65 00 72 00 2E 00 6D .s.e.r.v .e.r...m [0B0] 00 75 00 6C 00 6F 00 63 00 6B 00 32 00 30 00 30 .u.l.o.c .k.2.0.0 [0C0] 00 30 00 2E 00 6E 00 6C 00 00 00 00 00 55 00 6E .0...n.l .....U.n [0D0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0E0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 33 00 72 . .3...0 ...2.3.r [0F0] 00 63 00 33 00 00 00 41 00 4E 00 44 00 4F 00 4C .c.3...A .N.D.O.L [100] 00 41 00 4E 00 00 00 .A.N... [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 350 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x15e [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 2 of length 354 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=350 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 350 (0x15E) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 188 (0xBC) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=291 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] A1 81 B9 30 81 B6 A2 81 B3 04 81 B0 4E 54 4C 4D ...0.... ....NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 70 00 00 00 SSP..... ....p... [020] 18 00 18 00 88 00 00 00 0E 00 0E 00 48 00 00 00 ........ ....H... [030] 10 00 10 00 56 00 00 00 0A 00 0A 00 66 00 00 00 ....V... ....f... [040] 10 00 10 00 A0 00 00 00 15 82 88 E2 05 01 28 0A ........ ......(. [050] 00 00 00 0F 41 00 4E 00 44 00 4F 00 4C 00 41 00 ....A.N. D.O.L.A. [060] 4E 00 61 00 6E 00 64 00 6F 00 62 00 75 00 72 00 N.a.n.d. o.b.u.r. [070] 67 00 77 00 73 00 30 00 33 00 35 00 F1 02 10 6E g.w.s.0. 3.5....n [080] C0 DF 9A 6F 00 00 00 00 00 00 00 00 00 00 00 00 ...o.... ........ [090] 00 00 00 00 E7 DA A9 11 CC F6 F3 D0 7D CA 4A 8A ........ ....}.J. [0A0] 05 12 B2 8B EF 3F 47 69 6A 1E D4 06 BC F8 D4 DB .....?Gi j....... [0B0] A5 66 D4 89 D0 FB 83 EB 9B CB 4D 9F 00 57 00 69 .f...... ..M..W.i [0C0] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [0D0] 00 30 00 32 00 20 00 53 00 65 00 72 00 76 00 69 .0.2. .S .e.r.v.i [0E0] 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 .c.e. .P .a.c.k. [0F0] 00 32 00 20 00 32 00 36 00 30 00 30 00 00 00 57 .2. .2.6 .0.0...W [100] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 [110] 00 30 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 .0.0.2. .5...1.. [120] 00 00 00 ... [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBsesssetupX (pid 16708) conn 0x0 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X(844) wct=12 flg2=0xc807 [2006/06/20 18:19:33, 2] smbd/sesssetup.c:setup_new_vc_session(794) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(655) Doing spnego session setup [2006/06/20 18:19:33, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(686) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2006/06/20 18:19:33, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672) Got user=[andoburg] domain=[ANDOLAN] workstation=[ws035] len1=24 len2=24 [2006/06/20 18:19:33, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66) auth_context challenge set by NTLMSSP callback (NTLM2) [2006/06/20 18:19:33, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67) challenge is: [2006/06/20 18:19:33, 5] lib/util.c:dump_data(2215) [000] FA 85 1A F1 42 61 DF A1 ....Ba.. [2006/06/20 18:19:33, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:19:33, 5] auth/auth_util.c:make_user_info_map(162) make_user_info_map: Mapping user [ANDOLAN]\[andoburg] from workstation [ws035] [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:33, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:33, 5] auth/auth_util.c:is_trusted_domain(1934) is_trusted_domain: Checking for domain trust with [ANDOLAN] [2006/06/20 18:19:33, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(340) secrets_fetch failed! [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 10] lib/gencache.c:gencache_get(312) Cache entry with key = TDOM/ANDOLAN couldn't be found [2006/06/20 18:19:33, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain ANDOLAN found. [2006/06/20 18:19:33, 5] auth/auth_util.c:make_user_info(76) attempting to make a user_info for andoburg (andoburg) [2006/06/20 18:19:33, 5] auth/auth_util.c:make_user_info(86) making strings for andoburg's user_info struct [2006/06/20 18:19:33, 5] auth/auth_util.c:make_user_info(118) making blobs for andoburg's user_info struct [2006/06/20 18:19:33, 10] auth/auth_util.c:make_user_info(136) made an encrypted user_info for andoburg (andoburg) [2006/06/20 18:19:33, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [ANDOLAN]\[andoburg]@[ws035] with the new password interface [2006/06/20 18:19:33, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [ANDOLAN]\[andoburg]@[ws035] [2006/06/20 18:19:33, 10] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2006/06/20 18:19:33, 10] auth/auth.c:check_ntlm_password(235) challenge is: [2006/06/20 18:19:33, 5] lib/util.c:dump_data(2215) [000] FA 85 1A F1 42 61 DF A1 ....Ba.. [2006/06/20 18:19:33, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2006/06/20 18:19:33, 8] lib/util.c:is_myname(2036) is_myname("ANDOLAN") returns 0 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:33, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(&(uid=andoburg)(objectclass=sambaSamAccount))], scope => [2] [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_close(1080) The connection to the LDAP server was closed [2006/06/20 18:19:33, 10] lib/smbldap.c:smb_ldap_setup_conn(632) smb_ldap_setup_connection: ldap://localhost [2006/06/20 18:19:33, 2] lib/smbldap.c:smbldap_open_connection(788) smbldap_open_connection: connection opened [2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_connect_system(947) ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=andolan" [2006/06/20 18:19:33, 3] lib/smbldap.c:smbldap_connect_system(992) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2006/06/20 18:19:33, 4] lib/smbldap.c:smbldap_open(1060) The LDAP server is succesfully connected [2006/06/20 18:19:33, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: andoburg [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username andoburg, was [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_domain(607) pdb_set_domain: setting domain ANDOLAN, was [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) pdb_set_nt_username: setting nt username andoburg, was [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(519) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 [2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonTime] = [] [2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogoffTime] = [] [2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaKickoffTime] = [] [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) pdb_set_full_name: setting full name AndoBurg B.V., was [2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomeDrive] = [] [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) pdb_set_dir_drive: setting dir drive N:, was NULL [2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomePath] = [] [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) pdb_set_homedir: setting home dir \\server\datamap, was [2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonScript] = [] [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) pdb_set_logon_script: setting logon script logon.cmd, was [2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaProfilePath] = [] [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) pdb_set_profile_path: setting profile path \\server\tempprof, was [2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [description] = [] [2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaUserWorkstations] = [] [2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaMungedDial] = [] [2006/06/20 18:19:33, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 0 [2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordCount] = [] [2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordTime] = [] [2006/06/20 18:19:33, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonHours] = [] [2006/06/20 18:19:33, 5] passdb/login_cache.c:login_cache_init(41) Opening cache file at /var/lib/samba/login_cache.tdb [2006/06/20 18:19:33, 7] passdb/login_cache.c:login_cache_read(83) Looking up login cache for user andoburg [2006/06/20 18:19:33, 7] passdb/login_cache.c:login_cache_read(97) No cache entry found [2006/06/20 18:19:33, 9] passdb/pdb_ldap.c:init_sam_from_ldap(898) No cache entry, bad count = 0, bad time = 0 [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1001))], scope => [2] [2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:33, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 0 [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username andoburg, was [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_domain(607) pdb_set_domain: setting domain ANDOLAN, was [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) pdb_set_nt_username: setting nt username andoburg, was [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) pdb_set_full_name: setting full name AndoBurg B.V., was [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) pdb_set_homedir: setting home dir \\server\datamap, was [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) pdb_set_dir_drive: setting dir drive N:, was NULL [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) pdb_set_logon_script: setting logon script logon.cmd, was [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) pdb_set_profile_path: setting profile path \\server\tempprof, was [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_workstations(820) pdb_set_workstations: setting workstations , was [2006/06/20 18:19:33, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 0 [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 [2006/06/20 18:19:33, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 from rid 3002 [2006/06/20 18:19:33, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1455) lookup_global_sam_rid: looking up RID 513. [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/06/20 18:19:33, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-513)(objectclass=sambaSamAccount))], scope => [2] [2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2969752157-892696647-4271518216-513] count=0 [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2969752157-892696647-4271518216-513))], scope => [2] [2006/06/20 18:19:33, 2] passdb/pdb_ldap.c:init_group_from_ldap(2115) init_group_from_ldap: Entry found for group: 10000 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:33, 10] passdb/lookup_sid.c:sid_to_gid(1296) sid_to_gid: S-1-5-21-2969752157-892696647-4271518216-513 -> 10000 [2006/06/20 18:19:33, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) store_gid_sid_cache: gid 10000 in cache -> S-1-5-21-2969752157-892696647-4271518216-513 [2006/06/20 18:19:33, 10] passdb/pdb_get_set.c:pdb_set_group_sid(564) pdb_set_group_sid: setting group sid S-1-5-21-2969752157-892696647-4271518216-513 [2006/06/20 18:19:33, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-2969752157-892696647-4271518216-513 from rid 513 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 9] passdb/passdb.c:pdb_update_autolock_flag(1406) pdb_update_autolock_flag: Account andoburg not autolocked, no check needed [2006/06/20 18:19:33, 4] libsmb/ntlm_check.c:ntlm_password_check(326) ntlm_password_check: Checking NT MD4 password [2006/06/20 18:19:33, 4] auth/auth_sam.c:sam_account_ok(138) sam_account_ok: Checking SMB password for user andoburg [2006/06/20 18:19:33, 5] auth/auth_sam.c:logon_hours_ok(120) logon_hours_ok: user andoburg allowed to logon at this time (Tue Jun 20 16:19:33 2006 ) [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:33, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:33, 10] lib/util_pw.c:getpwnam_alloc(76) Got andoburg from pwnam_cache [2006/06/20 18:19:33, 10] lib/util_pw.c:getpwnam_alloc(76) Got andoburg from pwnam_cache [2006/06/20 18:19:33, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [andoburg] [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/06/20 18:19:33, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1001))], scope => [2] [2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:33, 10] passdb/lookup_sid.c:gid_to_sid(1128) gid_to_sid: local 1001 -> S-1-22-2-1001 [2006/06/20 18:19:33, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) store_gid_sid_cache: gid 1001 in cache -> S-1-22-2-1001 [2006/06/20 18:19:33, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(979) fetch sid from gid cache 0 -> S-1-22-2-0 [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=10001))], scope => [2] [2006/06/20 18:19:33, 2] passdb/pdb_ldap.c:init_group_from_ldap(2115) init_group_from_ldap: Entry found for group: 10001 [2006/06/20 18:19:33, 10] passdb/lookup_sid.c:gid_to_sid(1128) gid_to_sid: local 10001 -> S-1-5-21-2969752157-892696647-4271518216-512 [2006/06/20 18:19:33, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) store_gid_sid_cache: gid 10001 in cache -> S-1-5-21-2969752157-892696647-4271518216-512 [2006/06/20 18:19:33, 5] auth/auth_util.c:make_server_info_sam(603) make_server_info_sam: made server info for user andoburg -> andoburg [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 3] auth/auth.c:check_ntlm_password(270) check_ntlm_password: sam authentication for user [andoburg] succeeded [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:33, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [andoburg] succeeded [2006/06/20 18:19:33, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [andoburg] -> [andoburg] -> [andoburg] succeeded [2006/06/20 18:19:33, 5] auth/auth_util.c:free_user_info(1784) attempting to free (and zero) a user_info structure [2006/06/20 18:19:33, 10] auth/auth_util.c:free_user_info(1788) structure was created for andoburg [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-3002)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-1001)(sambaSIDList=S-1-22-2-0)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-512)))], scope => [2] [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-3002)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-1001)(sambaSIDList=S-1-22-2-0)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-512)))], scope => [2] [2006/06/20 18:19:33, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2969752157-892696647-4271518216-3002] [2006/06/20 18:19:33, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2969752157-892696647-4271518216-513] [2006/06/20 18:19:33, 5] lib/privileges.c:get_privileges_for_sids(459) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/06/20 18:19:33, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/06/20 18:19:33, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/06/20 18:19:33, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-22-2-1001] [2006/06/20 18:19:33, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-22-2-0] [2006/06/20 18:19:33, 5] lib/privileges.c:get_privileges_for_sids(459) get_privileges_for_sids: sid = S-1-5-21-2969752157-892696647-4271518216-512 Privilege set: SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) fetch gid from cache 10000 -> S-1-5-21-2969752157-892696647-4271518216-513 [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:33, 10] auth/auth_util.c:create_local_token(970) Could not convert SID S-1-1-0 to gid, ignoring it [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:33, 10] auth/auth_util.c:create_local_token(970) Could not convert SID S-1-5-2 to gid, ignoring it [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))], scope => [2] [2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:33, 10] auth/auth_util.c:create_local_token(970) Could not convert SID S-1-5-11 to gid, ignoring it [2006/06/20 18:19:33, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) fetch gid from cache 1001 -> S-1-22-2-1001 [2006/06/20 18:19:33, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) fetch gid from cache 0 -> S-1-22-2-0 [2006/06/20 18:19:33, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) fetch gid from cache 10001 -> S-1-5-21-2969752157-892696647-4271518216-512 [2006/06/20 18:19:33, 10] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(133) Got NT session key of length 16 [2006/06/20 18:19:33, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(140) Got LM session key of length 16 [2006/06/20 18:19:33, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(738) ntlmssp_server_auth: Created NTLM2 session key. [2006/06/20 18:19:33, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/06/20 18:19:33, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2006/06/20 18:19:33, 10] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 101 [2006/06/20 18:19:33, 10] lib/util_pw.c:getpwnam_alloc(76) Got andoburg from pwnam_cache [2006/06/20 18:19:33, 10] smbd/password.c:register_vuid(277) register_vuid: (1001,1001) andoburg andoburg ANDOLAN guest=0 [2006/06/20 18:19:33, 3] smbd/password.c:register_vuid(280) User name: andoburg Real name: AndoBurg B.V. [2006/06/20 18:19:33, 3] smbd/password.c:register_vuid(301) UNIX uid 1001 is UNIX user andoburg, and will be vuid 101 [2006/06/20 18:19:33, 7] param/loadparm.c:lp_servicenumber(5112) lp_servicenumber: couldn't find andoburg [2006/06/20 18:19:33, 3] smbd/password.c:register_vuid(332) Adding homes service for user 'andoburg' using home directory: '/home/andoburg' [2006/06/20 18:19:33, 7] param/loadparm.c:lp_servicenumber(5112) lp_servicenumber: couldn't find homes [2006/06/20 18:19:33, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=110 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=67 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 33 00 72 00 63 00 33 ...0...2 .3.r.c.3 [030] 00 00 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E ...A.N.D .O.L.A.N [040] 00 00 00 ... [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 78 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x4e [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 3 of length 82 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=78 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 78 (0x4E) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=35 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 52 .\.\.S.E .R.V.E.R [010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F .\.I.P.C .$...??? [020] 3F 3F 00 ??. [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 16708) conn 0x0 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:33, 4] smbd/reply.c:reply_tcon_and_X(666) Client requested device type [?????] for share [IPC$] [2006/06/20 18:19:33, 5] smbd/service.c:make_connection(1111) making a connection to 'normal' service ipc$ [2006/06/20 18:19:33, 10] smbd/share_access.c:user_ok_token(225) user_ok_token: share IPC$ is ok for unix user andoburg [2006/06/20 18:19:33, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user andoburg [2006/06/20 18:19:33, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is andoburg [2006/06/20 18:19:33, 10] lib/util_pw.c:getpwnam_alloc(76) Got andoburg from pwnam_cache [2006/06/20 18:19:33, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [andoburg]! [2006/06/20 18:19:33, 10] smbd/service.c:set_conn_connectpath(122) set_conn_connectpath: service IPC$, connectpath = /tmp [2006/06/20 18:19:33, 3] smbd/service.c:make_connection_snum(752) Connect path is '/tmp' for service [IPC$] [2006/06/20 18:19:33, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2006/06/20 18:19:33, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/06/20 18:19:33, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. [2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1001 se_access_check: also S-1-22-2-0 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2006/06/20 18:19:33, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2006/06/20 18:19:33, 3] smbd/vfs.c:vfs_init_default(219) Initialising default vfs hooks [2006/06/20 18:19:33, 5] smbd/connection.c:claim_connection(170) claiming IPC$ 0 [2006/06/20 18:19:33, 10] smbd/share_access.c:user_ok_token(225) user_ok_token: share IPC$ is ok for unix user andoburg [2006/06/20 18:19:33, 10] smbd/share_access.c:is_share_read_only_for_token(267) is_share_read_only_for_user: share IPC$ is read-only for unix user andoburg [2006/06/20 18:19:33, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2006/06/20 18:19:33, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/06/20 18:19:33, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. [2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1001 se_access_check: also S-1-22-2-0 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2006/06/20 18:19:33, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2006/06/20 18:19:33, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid @root does not start with 'S-'. [2006/06/20 18:19:33, 5] smbd/password.c:user_in_netgroup(423) Unable to get default yp domain [2006/06/20 18:19:33, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2] [2006/06/20 18:19:33, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 3] smbd/service.c:make_connection_snum(941) ws035 (192.168.68.22) connect to service IPC$ initially as user andoburg (uid=0, gid=1001) (pid 16708) [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:33, 2] smbd/reply.c:reply_tcon_and_X(709) Serving IPC$ as a Dfs root [2006/06/20 18:19:33, 3] smbd/reply.c:reply_tcon_and_X(714) tconX service=IPC$ [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=192 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3 (0x3) smb_bcc=7 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 49 50 43 00 00 00 00 IPC.... [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x64 [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 4 of length 104 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /tmp [2006/06/20 18:19:33, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2006/06/20 18:19:33, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \lsarpc. [2006/06/20 18:19:33, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe lsarpc opening. [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=0) [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2006/06/20 18:19:33, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2006/06/20 18:19:33, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe lsarpc (pipes_open=0) [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 7151 (pipes_open=1) [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=7151 [2006/06/20 18:19:33, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \lsarpc [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=256 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=20736 (0x5100) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x88 [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 5 of length 140 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29009 (0x7151) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7151 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=1) [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7151 name: lsarpc open: Yes len: 72 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1520) api_pipe_bind_req: decode request. 1520 [2006/06/20 18:19:33, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1531) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 12345778 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1234 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : abcd [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : ef 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 01 23 45 67 89 ab [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000000 [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1573) api_pipe_bind_req: make response. 1573 [2006/06/20 18:19:33, 3] rpc_server/srv_pipe.c:check_bind_req(982) check_bind_req for \PIPE\lsarpc [2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\lsarpc [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000c [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\lsass. [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/06/20 18:19:33, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=7151 nwritten=72 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x3b [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 6 of length 63 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29009 (0x7151) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7151 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=1) [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7151 name: lsarpc len: 1024 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/06/20 18:19:33, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=7151 min=1024 max=1024 nread=68 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 172 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0xac [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 7 of length 176 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=448 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29009 (0x7151) smb_bcc=105 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ........ .X...... [020] 00 40 00 00 00 00 00 2C 00 08 39 B0 02 09 00 00 .@....., ..9..... [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 53 00 45 ........ .\.\.S.E [040] 00 52 00 56 00 45 00 52 00 00 00 C9 11 18 00 00 .R.V.E.R ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 00 00 00 02 ........ . [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=88 params=0 setup=2 [2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7151 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=1) [2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7151) [2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x8496d80 max_trans_reply: 1024 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7151 name: lsarpc open: Yes len: 88 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 88 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0058 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 72, incoming data = 72 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000040 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 002c [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 70 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\lsarpc [2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[0].fn == 0x8153a58 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol2 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr : 02b03908 [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000009 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000009 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.S.E.R.V.E.R... [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000022 lsa_io_obj_attr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 len : 00000018 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 ptr_root_dir: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c ptr_obj_name: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 attributes : 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 ptr_sec_desc: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 ptr_sec_qos : 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c des_access: 02000000 [2006/06/20 18:19:33, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. [2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1001 se_access_check: also S-1-22-2-0 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 [2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D [010] 44 41 00 00 DA.. [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol2 [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000001 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 15 20 98 44 44 41 00 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called lsarpc successfully [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 818 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 72 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7151 name: lsarpc len: 1024 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=448 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 15 20 98 44 44 41 00 00 00 00 00 ...... . DDA..... [030] 00 . [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 130 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x82 [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 8 of length 134 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=512 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29009 (0x7151) smb_bcc=63 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ [020] 00 16 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 15 20 98 44 44 41 00 00 0C 00 ...... . DDA.... [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=46 params=0 setup=2 [2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7151 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=1) [2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7151) [2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x8496d80 max_trans_reply: 1024 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7151 name: lsarpc open: Yes len: 46 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 46 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002e [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000016 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 002e [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\lsarpc [2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: lsarpc op 0x2e - unknown [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 23 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0020 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_hdr_fault fault [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(793) 0018 status : DCERPC_FAULT_OP_RNG_ERROR [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c reserved: 00000000 [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 30 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7151 name: lsarpc len: 1024 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=512 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 130 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x82 [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 9 of length 134 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=576 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29009 (0x7151) smb_bcc=63 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 15 20 98 44 44 41 00 00 03 00 ...... . DDA.... [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=46 params=0 setup=2 [2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7151 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=1) [2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7151) [2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x8496d80 max_trans_reply: 1024 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7151 name: lsarpc open: Yes len: 46 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 46 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002e [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000016 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0007 [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\lsarpc [2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2006/06/20 18:19:33, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[2].fn == 0x8153e9a [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000001 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 15 20 98 44 44 41 00 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 info_class: 0003 [2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D [010] 44 41 00 00 DA.. [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 dom_ptr: 22000000 [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_query_info_ctr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 info_class: 0003 [2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) 000006 lsa_io_dom_query_3 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 uni_dom_max_len: 000e [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a uni_dom_str_len: 0010 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c buffer_dom_name: 00000001 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 buffer_dom_sid : 00000001 [2006/06/20 18:19:33, 8] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 uni_max_len: 00000008 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 offset : 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_str_len: 00000007 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0020 buffer : A.N.D.O.L.A.N. [2006/06/20 18:19:33, 8] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_dom_sid2 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 num_auths: 00000004 [2006/06/20 18:19:33, 9] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_dom_sid sid [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0034 sid_rev_num: 01 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0035 num_auths : 04 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0036 id_auth[0] : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0037 id_auth[1] : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0038 id_auth[2] : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0039 id_auth[3] : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 003a id_auth[4] : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 003b id_auth[5] : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 003c sub_auths : 00000015 b102d25d 35357847 fe9a3208 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 004c status: NT_STATUS_OK [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called lsarpc successfully [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 16 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 30 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7151 name: lsarpc len: 1024 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0068 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000050 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..104] [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=576 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .P...... ...."... [020] 00 0E 00 10 00 01 00 00 00 01 00 00 00 08 00 00 ........ ........ [030] 00 00 00 00 00 07 00 00 00 41 00 4E 00 44 00 4F ........ .A.N.D.O [040] 00 4C 00 41 00 4E 00 00 00 04 00 00 00 01 04 00 .L.A.N.. ........ [050] 00 00 00 00 05 15 00 00 00 5D D2 02 B1 47 78 35 ........ .]...Gx5 [060] 35 08 32 9A FE 00 00 00 00 5.2..... . [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x64 [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 10 of length 104 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=640 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. [010] 00 . [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2006/06/20 18:19:33, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \winreg. [2006/06/20 18:19:33, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe winreg opening. [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested winreg (pipes_open=1) [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name lsarpc pnum=7151 [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested winreg [2006/06/20 18:19:33, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe winreg [2006/06/20 18:19:33, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe winreg [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe winreg (pipes_open=1) [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe winreg with handle 7152 (pipes_open=2) [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name winreg pnum=7152 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=7151 [2006/06/20 18:19:33, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \winreg [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=640 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=20992 (0x5200) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x88 [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 11 of length 140 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=704 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29010 (0x7152) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7152 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7152 (pipes_open=2) [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7152 name: winreg open: Yes len: 72 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1520) api_pipe_bind_req: decode request. 1520 [2006/06/20 18:19:33, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1531) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 338cd001 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 2244 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 31f1 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : aa aa [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 90 00 38 00 10 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000001 [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1573) api_pipe_bind_req: make response. 1573 [2006/06/20 18:19:33, 3] rpc_server/srv_pipe.c:check_bind_req(982) check_bind_req for \PIPE\winreg [2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\lsarpc [2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\lsarpc [2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\samr [2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\NETLOGON [2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\srvsvc [2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\wkssvc [2006/06/20 18:19:33, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\winreg [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000d [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\winreg. [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/06/20 18:19:33, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=7152 nwritten=72 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=704 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x3b [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 12 of length 63 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=769 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29010 (0x7152) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7152 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7152 (pipes_open=2) [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7152 name: winreg len: 1024 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/06/20 18:19:33, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=7152 min=1024 max=1024 nread=68 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=769 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 120 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x78 [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 13 of length 124 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=833 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 36 (0x24) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29010 (0x7152) smb_bcc=53 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... [020] 00 0C 00 00 00 00 00 02 00 08 F5 14 01 28 D6 01 ........ .....(.. [030] 00 00 00 00 02 ..... [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=36 params=0 setup=2 [2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7152 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7152 (pipes_open=2) [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7152) [2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7152 name: winreg open: Yes len: 36 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 36 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 20 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 20 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000000c [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0002 [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 70 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\winreg [2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM [2006/06/20 18:19:33, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[3].fn == 0x815bc93 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_open_hive [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: 0114f508 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 server: d628 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 access: 02000000 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:33, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 10] registry/reg_db.c:regdb_open(265) regdb_open: refcount reset (1) [2006/06/20 18:19:33, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM] [2006/06/20 18:19:33, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM] [2006/06/20 18:19:33, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM] [2006/06/20 18:19:33, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2006/06/20 18:19:33, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2006/06/20 18:19:33, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-22-1-0. [2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-22-2-0 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 [2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D [010] 44 41 00 00 DA.. [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_open_hive [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000002 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 15 20 98 44 44 41 00 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called winreg successfully [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 510 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 20 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7152 name: winreg len: 1024 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=833 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 15 20 98 44 44 41 00 00 00 00 00 ...... . DDA..... [030] 00 . [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 268 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x10c [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 14 of length 272 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=268 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=897 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 184 (0xB8) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29010 (0x7152) smb_bcc=201 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 B8 00 00 00 02 00 00 ........ ........ [020] 00 A0 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 ........ ........ [030] 00 00 00 00 00 15 20 98 44 44 41 00 00 6E 00 6E ...... . DDA..n.n [040] 00 30 7A E1 76 37 00 00 00 00 00 00 00 37 00 00 .0z.v7.. .....7.. [050] 00 53 00 79 00 73 00 74 00 65 00 6D 00 5C 00 43 .S.y.s.t .e.m.\.C [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 43 00 6F .u.r.r.e .n.t.C.o [070] 00 6E 00 74 00 72 00 6F 00 6C 00 53 00 65 00 74 .n.t.r.o .l.S.e.t [080] 00 5C 00 73 00 65 00 72 00 76 00 69 00 63 00 65 .\.s.e.r .v.i.c.e [090] 00 73 00 5C 00 4E 00 65 00 74 00 6C 00 6F 00 67 .s.\.N.e .t.l.o.g [0A0] 00 6F 00 6E 00 5C 00 70 00 61 00 72 00 61 00 6D .o.n.\.p .a.r.a.m [0B0] 00 65 00 74 00 65 00 72 00 73 00 5C 00 00 00 62 .e.t.e.r .s.\...b [0C0] F5 00 00 00 00 19 00 02 00 ........ . [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=184 params=0 setup=2 [2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7152 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7152 (pipes_open=2) [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7152) [2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7152 name: winreg open: Yes len: 184 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 184 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 184 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 184, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 168 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 168 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 00b8 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 168 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 168, incoming data = 168 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 000000a0 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 000f [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\winreg [2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY [2006/06/20 18:19:33, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[1].fn == 0x815bf39 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_open_entry [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000002 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 15 20 98 44 44 41 00 00 [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 length: 006e [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size: 006e [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 76e17a30 [2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000037 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000037 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.s.e.r.v.i.c.e.s.\.N.e.t.l.o.g.o.n.\.p.a.r.a.m.e.t.e.r.s.\... [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0098 unknown_0 : 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 009c access: 00020019 [2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D [010] 44 41 00 00 DA.. [2006/06/20 18:19:33, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (1) [2006/06/20 18:19:33, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters] [2006/06/20 18:19:33, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] [2006/06/20 18:19:33, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] [2006/06/20 18:19:33, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2006/06/20 18:19:33, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2006/06/20 18:19:33, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00020019, for NT token with 6 entries and first sid S-1-22-1-0. [2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:19:33, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-22-2-0 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 20019 [2006/06/20 18:19:33, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (20019) granted. [2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D [010] 44 41 00 00 DA.. [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_open_entry [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd handle [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000003 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 15 20 98 44 44 41 00 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called winreg successfully [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 634 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 168 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7152 name: winreg len: 1024 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=897 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ [020] 00 00 00 00 00 15 20 98 44 44 41 00 00 00 00 00 ...... . DDA..... [030] 00 . [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 232 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0xe8 [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 15 of length 236 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=961 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 148 (0x94) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 148 (0x94) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29010 (0x7152) smb_bcc=165 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 94 00 00 00 03 00 00 ........ ........ [020] 00 7C 00 00 00 00 00 11 00 00 00 00 00 03 00 00 .|...... ........ [030] 00 00 00 00 00 15 20 98 44 44 41 00 00 2A 00 2A ...... . DDA..*.* [040] 00 04 7A E1 76 15 00 00 00 00 00 00 00 15 00 00 ..z.v... ........ [050] 00 52 00 65 00 66 00 75 00 73 00 65 00 50 00 61 .R.e.f.u .s.e.P.a [060] 00 73 00 73 00 77 00 6F 00 72 00 64 00 43 00 68 .s.s.w.o .r.d.C.h [070] 00 61 00 6E 00 67 00 65 00 00 00 53 00 64 F5 14 .a.n.g.e ...S.d.. [080] 01 94 F5 14 01 94 F5 14 01 04 00 00 00 00 00 00 ........ ........ [090] 00 00 00 00 00 5C F5 14 01 04 00 00 00 54 F5 14 .....\.. .....T.. [0A0] 01 00 00 00 00 ..... [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=148 params=0 setup=2 [2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7152 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7152 (pipes_open=2) [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7152) [2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7152 name: winreg open: Yes len: 148 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 148 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 148 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 148, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 132 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 132 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0094 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 132 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 132, incoming data = 132 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000007c [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0011 [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\winreg [2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE [2006/06/20 18:19:33, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[10].fn == 0x815c025 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_query_value [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000003 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 15 20 98 44 44 41 00 00 [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 length: 002a [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size: 002a [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 76e17a04 [2006/06/20 18:19:33, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000015 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000015 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : R.e.f.u.s.e.P.a.s.s.w.o.r.d.C.h.a.n.g.e... [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 ptr_reserved: 0114f564 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 ptr_buf: 0114f594 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c ptr_bufsize: 0114f594 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0060 bufsize: 00000004 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 buf_unk: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0068 unk1: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c ptr_buflen: 0114f55c [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0070 buflen: 00000004 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 ptr_buflen2: 0114f554 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 buflen2: 00000000 [2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D [010] 44 41 00 00 DA.. [2006/06/20 18:19:33, 7] rpc_server/srv_reg_nt.c:_reg_query_value(327) _reg_info: policy key name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters] [2006/06/20 18:19:33, 7] rpc_server/srv_reg_nt.c:_reg_query_value(328) _reg_info: policy key type = [00000000] [2006/06/20 18:19:33, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332) _reg_info: looking up value: [RefusePasswordChange] [2006/06/20 18:19:33, 8] registry/reg_frontend.c:fetch_reg_values_specific(283) fetch_reg_values_specific: Initializing cache of values for [HKLM\System\CurrentControlSet\services\Netlogon\parameters] [2006/06/20 18:19:33, 10] registry/reg_db.c:regdb_fetch_values(563) regdb_fetch_values: Looking for value of key [HKLM\System\CurrentControlSet\services\Netlogon\parameters] [2006/06/20 18:19:33, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: refuse machine password change, val: 0 [2006/06/20 18:19:33, 10] rpc_server/srv_reg_nt.c:_reg_query_value(415) _reg_info: Testing value [RefusePasswordChange] [2006/06/20 18:19:33, 10] rpc_server/srv_reg_nt.c:_reg_query_value(417) _reg_info: Found match for value [RefusePasswordChange] [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_query_value [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: f000baaa [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 type: 00000004 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 ptr: f000baaa [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000c smb_io_regval_buffer value [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c buf_max_len: 00000004 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 offset : 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 buf_len : 00000004 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0018 buffer : .... [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c ptr: f000baaa [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 buf_max_len: 00000004 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 ptr: f000baaa [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 buf_len: 00000004 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_werror(824) 002c status: WERR_OK [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called winreg successfully [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 90 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 132 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7152 name: winreg len: 1024 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 48. [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000030 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..72] [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=961 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 48 00 00 00 03 00 00 ........ .H...... [010] 00 30 00 00 00 00 00 00 00 AA BA 00 F0 04 00 00 .0...... ........ [020] 00 AA BA 00 F0 04 00 00 00 00 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 AA BA 00 F0 04 00 00 00 AA BA 00 ........ ........ [040] F0 04 00 00 00 00 00 00 00 ........ . [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x80 [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 16 of length 132 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1025 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29010 (0x7152) smb_bcc=61 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 03 00 00 ........ ........ [030] 00 00 00 00 00 15 20 98 44 44 41 00 00 ...... . DDA.. [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7152 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7152 (pipes_open=2) [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7152) [2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7152 name: winreg open: Yes len: 44 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0005 [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\winreg [2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2006/06/20 18:19:33, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[0].fn == 0x815bb9c [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_close [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000003 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 15 20 98 44 44 41 00 00 [2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D [010] 44 41 00 00 DA.. [2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D [010] 44 41 00 00 DA.. [2006/06/20 18:19:33, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/06/20 18:19:33, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (1) [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_close [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called winreg successfully [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7152 name: winreg len: 1024 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1025 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x80 [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 17 of length 132 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1089 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29010 (0x7152) smb_bcc=61 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ [030] 00 00 00 00 00 15 20 98 44 44 41 00 00 ...... . DDA.. [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/06/20 18:19:33, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:33, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:33, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7152 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7152 (pipes_open=2) [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:33, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7152) [2006/06/20 18:19:33, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7152 name: winreg open: Yes len: 44 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0005 [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\winreg [2006/06/20 18:19:33, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2006/06/20 18:19:33, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[0].fn == 0x815bb9c [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_close [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000002 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 15 20 98 44 44 41 00 00 [2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D [010] 44 41 00 00 DA.. [2006/06/20 18:19:33, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D [010] 44 41 00 00 DA.. [2006/06/20 18:19:33, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/06/20 18:19:33, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (0) [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_close [2006/06/20 18:19:33, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/06/20 18:19:33, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called winreg successfully [2006/06/20 18:19:33, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/06/20 18:19:33, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7152 name: winreg len: 1024 [2006/06/20 18:19:33, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:33, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:33, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1089 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:33, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:33, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/06/20 18:19:33, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x29 [2006/06/20 18:19:33, 3] smbd/process.c:process_smb(1112) Transaction 18 of length 45 [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1153 smt_wct=3 smb_vwv[ 0]=29010 (0x7152) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/06/20 18:19:33, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 16708) conn 0x8497e40 [2006/06/20 18:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:33, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:33, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7152 [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7152 (pipes_open=2) [2006/06/20 18:19:33, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:33, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:7152 [2006/06/20 18:19:33, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe winreg [2006/06/20 18:19:33, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name winreg pnum=7152 (pipes_open=1) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:33, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1153 smt_wct=0 smb_bcc=0 [2006/06/20 18:19:33, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x68 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 19 of length 108 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1217 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [010] 00 4E 00 00 00 .N... [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 16708) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 [2006/06/20 18:19:34, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \NETLOGON. [2006/06/20 18:19:34, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe NETLOGON opening. [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested NETLOGON (pipes_open=1) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name lsarpc pnum=7151 [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested NETLOGON [2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe NETLOGON [2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe NETLOGON (pipes_open=1) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe NETLOGON with handle 7153 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name NETLOGON pnum=7153 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=7151 [2006/06/20 18:19:34, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \NETLOGON [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1217 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=21248 (0x5300) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x88 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 20 of length 140 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1281 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29011 (0x7153) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 16708) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7153 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name NETLOGON pnum=7153 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7153 name: NETLOGON open: Yes len: 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1520) api_pipe_bind_req: decode request. 1520 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1531) api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 12345678 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1234 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : abcd [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : ef 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 01 23 45 67 cf fb [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000001 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1573) api_pipe_bind_req: make response. 1573 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:check_bind_req(982) check_bind_req for \PIPE\NETLOGON [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\lsarpc [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\lsarpc [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\samr [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\NETLOGON [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\lsass. [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=7153 nwritten=72 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1281 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x3b [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 21 of length 63 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1345 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29011 (0x7153) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 16708) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7153 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name NETLOGON pnum=7153 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7153 name: NETLOGON len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: NETLOGON: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=7153 min=1024 max=1024 nread=68 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1345 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 176 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0xb0 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 22 of length 180 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=176 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1409 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29011 (0x7153) smb_bcc=109 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 5C 00 00 00 01 00 00 ........ .\...... [020] 00 44 00 00 00 00 00 04 00 38 F4 0E 00 09 00 00 .D...... .8...... [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 53 00 45 ........ .\.\.S.E [040] 00 52 00 56 00 45 00 52 00 00 00 C9 11 06 00 00 .R.V.E.R ........ [050] 00 00 00 00 00 06 00 00 00 77 00 73 00 30 00 33 ........ .w.s.0.3 [060] 00 35 00 00 00 22 42 97 D9 AF 6D C1 66 .5..."B. ..m.f [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16708) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=92 params=0 setup=2 [2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7153 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name NETLOGON pnum=7153 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "NETLOGON" (pnum 7153) [2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7153 name: NETLOGON open: Yes len: 92 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 92 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 92 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 92, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 76 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 76 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 005c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 76 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 76, incoming data = 76 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000044 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0004 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 72 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\NETLOGON [2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL [2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[0].fn == 0x816b6c8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_req_chal [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer: 000ef438 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000009 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000009 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.S.E.R.V.E.R... [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000022 smb_io_unistr2 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_max_len: 00000006 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 offset : 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_str_len: 00000006 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0030 buffer : w.s.0.3.5... [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 00003c smb_io_chal [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 003c data: 22 42 97 d9 af 6d c1 66 [2006/06/20 18:19:34, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) init_net_r_req_chal: 41 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_req_chal [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0000 data: 09 a2 e4 28 7b 67 f1 e5 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0008 status: NT_STATUS_OK [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called NETLOGON successfully [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 30 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 76 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7153 name: NETLOGON len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000000c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..36] [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1409 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 09 A2 E4 28 7B 67 F1 ........ ....({g. [020] E5 00 00 00 00 ..... [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x29 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 23 of length 45 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1473 smt_wct=3 smb_vwv[ 0]=29011 (0x7153) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 16708) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7153 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name NETLOGON pnum=7153 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:34, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:7153 [2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe NETLOGON [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name NETLOGON pnum=7153 (pipes_open=1) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1473 smt_wct=0 smb_bcc=0 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 104 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x68 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 24 of length 108 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1537 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [010] 00 4E 00 00 00 .N... [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 16708) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 [2006/06/20 18:19:34, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \NETLOGON. [2006/06/20 18:19:34, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe NETLOGON opening. [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested NETLOGON (pipes_open=1) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name lsarpc pnum=7151 [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested NETLOGON [2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe NETLOGON [2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe NETLOGON (pipes_open=1) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe NETLOGON with handle 7154 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name NETLOGON pnum=7154 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=7151 [2006/06/20 18:19:34, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \NETLOGON [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1537 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=21504 (0x5400) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x88 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 25 of length 140 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1601 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29012 (0x7154) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 16708) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7154 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name NETLOGON pnum=7154 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7154 name: NETLOGON open: Yes len: 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1520) api_pipe_bind_req: decode request. 1520 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1531) api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 12345678 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1234 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : abcd [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : ef 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 01 23 45 67 cf fb [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000001 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1573) api_pipe_bind_req: make response. 1573 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:check_bind_req(982) check_bind_req for \PIPE\NETLOGON [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\lsarpc [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\lsarpc [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\samr [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\NETLOGON [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\lsass. [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=7154 nwritten=72 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1601 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x3b [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 26 of length 63 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1665 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29012 (0x7154) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 16708) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7154 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name NETLOGON pnum=7154 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7154 name: NETLOGON len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: NETLOGON: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=7154 min=1024 max=1024 nread=68 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1665 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 204 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0xcc [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 27 of length 208 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=204 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1729 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 120 (0x78) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29012 (0x7154) smb_bcc=137 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 78 00 00 00 01 00 00 ........ .x...... [020] 00 60 00 00 00 00 00 05 00 38 F4 0E 00 09 00 00 .`...... .8...... [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 53 00 45 ........ .\.\.S.E [040] 00 52 00 56 00 45 00 52 00 00 00 C9 11 07 00 00 .R.V.E.R ........ [050] 00 00 00 00 00 07 00 00 00 77 00 73 00 30 00 33 ........ .w.s.0.3 [060] 00 35 00 24 00 00 00 02 00 06 00 00 00 00 00 00 .5.$.... ........ [070] 00 06 00 00 00 77 00 73 00 30 00 33 00 35 00 00 .....w.s .0.3.5.. [080] 00 42 5F 8E 06 B2 69 84 C6 .B_...i. . [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16708) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=120 params=0 setup=2 [2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7154 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name NETLOGON pnum=7154 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "NETLOGON" (pnum 7154) [2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7154 name: NETLOGON open: Yes len: 120 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 120 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 120 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 120, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 104 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 104 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0078 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 104 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 104, incoming data = 104 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000060 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0005 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 72 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\NETLOGON [2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: NETLOGON op 0x5 - api_rpcTNP: rpc command: NET_AUTH [2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[1].fn == 0x816b861 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_q_auth [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_log_info [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 undoc_buffer: 000ef438 [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 unistr2 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000009 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000009 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.S.E.R.V.E.R... [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000022 smb_io_unistr2 unistr2 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_max_len: 00000007 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 offset : 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_str_len: 00000007 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0030 buffer : w.s.0.3.5.$... [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 003e sec_chan: 0002 [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000040 smb_io_unistr2 unistr2 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 uni_max_len: 00000006 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 offset : 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 uni_str_len: 00000006 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 004c buffer : w.s.0.3.5... [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000058 smb_io_chal [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0058 data: 42 5f 8e 06 b2 69 84 c6 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 net_io_r_auth [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_chal [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0000 data: 00 00 00 00 00 00 00 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0008 status: NT_STATUS_ACCESS_DENIED [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called NETLOGON successfully [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 44 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 104 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7154 name: NETLOGON len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000000c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..36] [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1729 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 22 00 00 C0 ."... [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x29 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 28 of length 45 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1793 smt_wct=3 smb_vwv[ 0]=29012 (0x7154) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 16708) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7154 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name NETLOGON pnum=7154 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=2) [2006/06/20 18:19:34, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:7154 [2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe NETLOGON [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name NETLOGON pnum=7154 (pipes_open=1) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1793 smt_wct=0 smb_bcc=0 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x80 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 29 of length 132 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1857 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29009 (0x7151) smb_bcc=61 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 15 20 98 44 44 41 00 00 ...... . DDA.. [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16708) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7151 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=1) [2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7151) [2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x8496d80 max_trans_reply: 1024 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7151 name: lsarpc open: Yes len: 44 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0000 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\lsarpc [2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[4].fn == 0x81543a7 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_close [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000001 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 15 20 98 44 44 41 00 00 [2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D [010] 44 41 00 00 DA.. [2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 15 20 98 44 ........ ..... .D [010] 44 41 00 00 DA.. [2006/06/20 18:19:34, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_close [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called lsarpc successfully [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7151 name: lsarpc len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1857 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x29 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 30 of length 45 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1921 smt_wct=3 smb_vwv[ 0]=29009 (0x7151) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 16708) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7151 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7151 (pipes_open=1) [2006/06/20 18:19:34, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:7151 [2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name lsarpc pnum=7151 (pipes_open=0) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1921 smt_wct=0 smb_bcc=0 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 39 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x27 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 31 of length 43 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=1985 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBulogoffX (pid 16708) conn 0x0 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:34, 3] smbd/reply.c:reply_ulogoffX(1614) ulogoffX vuid=101 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=1985 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x23 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 32 of length 39 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2049 smt_wct=0 smb_bcc=0 [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBtdis (pid 16708) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:34, 3] smbd/service.c:close_cnum(1136) ws035 (192.168.68.22) closed connection to service IPC$ [2006/06/20 18:19:34, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2006/06/20 18:19:34, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to / [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2049 smt_wct=0 smb_bcc=0 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2006/06/20 18:19:34, 10] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length < 0! [2006/06/20 18:19:34, 3] smbd/process.c:timeout_processing(1361) timeout_processing: End of file from client (client has disconnected). [2006/06/20 18:19:34, 5] lib/gencache.c:gencache_shutdown(90) Closing cache file [2006/06/20 18:19:34, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:34, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2006/06/20 18:19:34, 3] smbd/server.c:exit_server_common(675) Server exit (normal exit) [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 16 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 16 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 8192 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 8192 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 16 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 16 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 8192 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 8192 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2006/06/20 18:19:34, 5] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2006/06/20 18:19:34, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:19:34, 3] smbd/oplock.c:init_oplocks(860) open_oplock_ipc: initializing messages. [2006/06/20 18:19:34, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(260) Linux kernel oplocks enabled [2006/06/20 18:19:34, 4] lib/time.c:TimeInit(136) TimeInit: Serverzone is -7200 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 133 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x85 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 0 of length 137 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [060] 32 00 2. [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBnegprot (pid 16709) conn 0x0 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:34, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [PC NETWORK PROGRAM 1.0] [2006/06/20 18:19:34, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN1.0] [2006/06/20 18:19:34, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [Windows for Workgroups 3.1a] [2006/06/20 18:19:34, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LM1.2X002] [2006/06/20 18:19:34, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN2.1] [2006/06/20 18:19:34, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [NT LM 0.12] [2006/06/20 18:19:34, 10] lib/util.c:set_remote_arch(2190) set_remote_arch: Client arch is 'Win2K' [2006/06/20 18:19:34, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:19:34, 5] smbd/connection.c:claim_connection(170) claiming 0 [2006/06/20 18:19:34, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:19:34, 3] smbd/negprot.c:reply_nt1(357) using SPNEGO [2006/06/20 18:19:34, 3] smbd/negprot.c:reply_negprot(579) Selected protocol NT LM 0.12 [2006/06/20 18:19:34, 5] smbd/negprot.c:reply_negprot(585) negprot index=5 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=17664 (0x4500) smb_vwv[ 8]= 65 (0x41) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=11119 (0x2B6F) smb_vwv[13]=34129 (0x8551) smb_vwv[14]=50836 (0xC694) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 73 65 72 76 65 72 00 00 00 00 00 00 00 00 00 00 server.. ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 236 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0xec [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 1 of length 240 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=236 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 236 (0xEC) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=177 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... [030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 05 01 28 0A 00 00 00 0F 00 57 00 69 00 6E ....(... ...W.i.n [050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [060] 00 32 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .2. .S.e .r.v.i.c [070] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 .e. .P.a .c.k. .2 [080] 00 20 00 32 00 36 00 30 00 30 00 00 00 57 00 69 . .2.6.0 .0...W.i [090] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [0A0] 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 00 00 .0.2. .5 ...1.... [0B0] 00 . [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBsesssetupX (pid 16709) conn 0x0 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X(844) wct=12 flg2=0xc807 [2006/06/20 18:19:34, 2] smbd/sesssetup.c:setup_new_vc_session(794) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(655) Doing spnego session setup [2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(686) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2006/06/20 18:19:34, 10] lib/util.c:set_remote_arch(2190) set_remote_arch: Client arch is 'WinXP' [2006/06/20 18:19:34, 10] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 100 [2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_spnego_negotiate(547) Got OID 1 3 6 1 4 1 311 2 2 10 [2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_spnego_negotiate(550) Got secblob of size 40 [2006/06/20 18:19:34, 5] auth/auth.c:make_auth_context_subsystem(484) Making default auth method list for DC, security=user, encrypt passwords = yes [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam' [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam_ignoredomain [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam_ignoredomain' [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend unix [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'unix' [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend winbind [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'winbind' [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend smbserver [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'smbserver' [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend trustdomain [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'trustdomain' [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend ntdomain [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'ntdomain' [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend guest [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'guest' [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend fixed_challenge [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'fixed_challenge' [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(47) Attempting to register auth backend name_to_ntstatus [2006/06/20 18:19:34, 5] auth/auth.c:smb_register_auth(59) Successfully added auth method 'name_to_ntstatus' [2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match guest [2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(416) load_auth_module: auth method guest has a valid init [2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match sam [2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(416) load_auth_module: auth method sam has a valid init [2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match trustdomain [2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(416) load_auth_module: auth method trustdomain has a valid init [2006/06/20 18:19:34, 5] auth/auth.c:load_auth_module(416) load_auth_module: auth method winbind has a valid init [2006/06/20 18:19:34, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2006/06/20 18:19:34, 5] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module guest did not want to specify a challenge [2006/06/20 18:19:34, 5] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module sam did not want to specify a challenge [2006/06/20 18:19:34, 5] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module winbind did not want to specify a challenge [2006/06/20 18:19:34, 5] auth/auth.c:get_ntlm_challenge(137) auth_context challenge created by random [2006/06/20 18:19:34, 5] auth/auth.c:get_ntlm_challenge(138) challenge is: [2006/06/20 18:19:34, 5] lib/util.c:dump_data(2215) [000] 9C 47 EB 10 4F D6 79 9E .G..O.y. [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=306 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=64 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 205 (0xCD) smb_bcc=263 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] A1 81 CA 30 81 C7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 B1 04 81 AE 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 [030] 00 00 00 95 82 89 E2 9C 47 EB 10 4F D6 79 9E 00 ........ G..O.y.. [040] 00 00 00 00 00 00 00 70 00 70 00 3E 00 00 00 41 .......p .p.>...A [050] 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 02 00 0E .N.D.O.L .A.N.... [060] 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 01 .A.N.D.O .L.A.N.. [070] 00 0C 00 53 00 45 00 52 00 56 00 45 00 52 00 04 ...S.E.R .V.E.R.. [080] 00 1A 00 6D 00 75 00 6C 00 6F 00 63 00 6B 00 32 ...m.u.l .o.c.k.2 [090] 00 30 00 30 00 30 00 2E 00 6E 00 6C 00 03 00 28 .0.0.0.. .n.l...( [0A0] 00 73 00 65 00 72 00 76 00 65 00 72 00 2E 00 6D .s.e.r.v .e.r...m [0B0] 00 75 00 6C 00 6F 00 63 00 6B 00 32 00 30 00 30 .u.l.o.c .k.2.0.0 [0C0] 00 30 00 2E 00 6E 00 6C 00 00 00 00 00 55 00 6E .0...n.l .....U.n [0D0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0E0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 33 00 72 . .3...0 ...2.3.r [0F0] 00 63 00 33 00 00 00 41 00 4E 00 44 00 4F 00 4C .c.3...A .N.D.O.L [100] 00 41 00 4E 00 00 00 .A.N... [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 350 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x15e [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 2 of length 354 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=350 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 350 (0x15E) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 188 (0xBC) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=291 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] A1 81 B9 30 81 B6 A2 81 B3 04 81 B0 4E 54 4C 4D ...0.... ....NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 70 00 00 00 SSP..... ....p... [020] 18 00 18 00 88 00 00 00 0E 00 0E 00 48 00 00 00 ........ ....H... [030] 10 00 10 00 56 00 00 00 0A 00 0A 00 66 00 00 00 ....V... ....f... [040] 10 00 10 00 A0 00 00 00 15 82 88 E2 05 01 28 0A ........ ......(. [050] 00 00 00 0F 41 00 4E 00 44 00 4F 00 4C 00 41 00 ....A.N. D.O.L.A. [060] 4E 00 61 00 6E 00 64 00 6F 00 62 00 75 00 72 00 N.a.n.d. o.b.u.r. [070] 67 00 77 00 73 00 30 00 33 00 35 00 D0 9E 33 80 g.w.s.0. 3.5...3. [080] 00 69 F8 67 00 00 00 00 00 00 00 00 00 00 00 00 .i.g.... ........ [090] 00 00 00 00 A9 D0 BB 98 15 8C 8D 60 4B 1C E6 AE ........ ...`K... [0A0] 4F 64 A1 0F 23 9D 94 CB 73 34 7D A7 8A 09 5A B4 Od..#... s4}...Z. [0B0] 17 AC CB 75 2C 86 41 8C 10 3B FF 05 00 57 00 69 ...u,.A. .;...W.i [0C0] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [0D0] 00 30 00 32 00 20 00 53 00 65 00 72 00 76 00 69 .0.2. .S .e.r.v.i [0E0] 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 .c.e. .P .a.c.k. [0F0] 00 32 00 20 00 32 00 36 00 30 00 30 00 00 00 57 .2. .2.6 .0.0...W [100] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 [110] 00 30 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 .0.0.2. .5...1.. [120] 00 00 00 ... [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBsesssetupX (pid 16709) conn 0x0 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X(844) wct=12 flg2=0xc807 [2006/06/20 18:19:34, 2] smbd/sesssetup.c:setup_new_vc_session(794) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(655) Doing spnego session setup [2006/06/20 18:19:34, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(686) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2006/06/20 18:19:34, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(672) Got user=[andoburg] domain=[ANDOLAN] workstation=[ws035] len1=24 len2=24 [2006/06/20 18:19:34, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66) auth_context challenge set by NTLMSSP callback (NTLM2) [2006/06/20 18:19:34, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67) challenge is: [2006/06/20 18:19:34, 5] lib/util.c:dump_data(2215) [000] 1E A8 F9 60 AA 49 59 CA ...`.IY. [2006/06/20 18:19:34, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:19:34, 5] auth/auth_util.c:make_user_info_map(162) make_user_info_map: Mapping user [ANDOLAN]\[andoburg] from workstation [ws035] [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:34, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 5] auth/auth_util.c:is_trusted_domain(1934) is_trusted_domain: Checking for domain trust with [ANDOLAN] [2006/06/20 18:19:34, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(340) secrets_fetch failed! [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 10] lib/gencache.c:gencache_get(312) Cache entry with key = TDOM/ANDOLAN couldn't be found [2006/06/20 18:19:34, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain ANDOLAN found. [2006/06/20 18:19:34, 5] auth/auth_util.c:make_user_info(76) attempting to make a user_info for andoburg (andoburg) [2006/06/20 18:19:34, 5] auth/auth_util.c:make_user_info(86) making strings for andoburg's user_info struct [2006/06/20 18:19:34, 5] auth/auth_util.c:make_user_info(118) making blobs for andoburg's user_info struct [2006/06/20 18:19:34, 10] auth/auth_util.c:make_user_info(136) made an encrypted user_info for andoburg (andoburg) [2006/06/20 18:19:34, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [ANDOLAN]\[andoburg]@[ws035] with the new password interface [2006/06/20 18:19:34, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [ANDOLAN]\[andoburg]@[ws035] [2006/06/20 18:19:34, 10] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2006/06/20 18:19:34, 10] auth/auth.c:check_ntlm_password(235) challenge is: [2006/06/20 18:19:34, 5] lib/util.c:dump_data(2215) [000] 1E A8 F9 60 AA 49 59 CA ...`.IY. [2006/06/20 18:19:34, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2006/06/20 18:19:34, 8] lib/util.c:is_myname(2036) is_myname("ANDOLAN") returns 0 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:34, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(&(uid=andoburg)(objectclass=sambaSamAccount))], scope => [2] [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_close(1080) The connection to the LDAP server was closed [2006/06/20 18:19:34, 10] lib/smbldap.c:smb_ldap_setup_conn(632) smb_ldap_setup_connection: ldap://localhost [2006/06/20 18:19:34, 2] lib/smbldap.c:smbldap_open_connection(788) smbldap_open_connection: connection opened [2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_connect_system(947) ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=andolan" [2006/06/20 18:19:34, 3] lib/smbldap.c:smbldap_connect_system(992) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2006/06/20 18:19:34, 4] lib/smbldap.c:smbldap_open(1060) The LDAP server is succesfully connected [2006/06/20 18:19:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: andoburg [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username andoburg, was [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_domain(607) pdb_set_domain: setting domain ANDOLAN, was [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) pdb_set_nt_username: setting nt username andoburg, was [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(519) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 [2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonTime] = [] [2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogoffTime] = [] [2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaKickoffTime] = [] [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) pdb_set_full_name: setting full name AndoBurg B.V., was [2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomeDrive] = [] [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) pdb_set_dir_drive: setting dir drive N:, was NULL [2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomePath] = [] [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) pdb_set_homedir: setting home dir \\server\datamap, was [2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonScript] = [] [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) pdb_set_logon_script: setting logon script logon.cmd, was [2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaProfilePath] = [] [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) pdb_set_profile_path: setting profile path \\server\tempprof, was [2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [description] = [] [2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaUserWorkstations] = [] [2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaMungedDial] = [] [2006/06/20 18:19:34, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 0 [2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordCount] = [] [2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordTime] = [] [2006/06/20 18:19:34, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonHours] = [] [2006/06/20 18:19:34, 5] passdb/login_cache.c:login_cache_init(41) Opening cache file at /var/lib/samba/login_cache.tdb [2006/06/20 18:19:34, 7] passdb/login_cache.c:login_cache_read(83) Looking up login cache for user andoburg [2006/06/20 18:19:34, 7] passdb/login_cache.c:login_cache_read(97) No cache entry found [2006/06/20 18:19:34, 9] passdb/pdb_ldap.c:init_sam_from_ldap(898) No cache entry, bad count = 0, bad time = 0 [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1001))], scope => [2] [2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:34, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 0 [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username andoburg, was [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_domain(607) pdb_set_domain: setting domain ANDOLAN, was [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) pdb_set_nt_username: setting nt username andoburg, was [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) pdb_set_full_name: setting full name AndoBurg B.V., was [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) pdb_set_homedir: setting home dir \\server\datamap, was [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) pdb_set_dir_drive: setting dir drive N:, was NULL [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) pdb_set_logon_script: setting logon script logon.cmd, was [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) pdb_set_profile_path: setting profile path \\server\tempprof, was [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_workstations(820) pdb_set_workstations: setting workstations , was [2006/06/20 18:19:34, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 0 [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 [2006/06/20 18:19:34, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2969752157-892696647-4271518216-3002 from rid 3002 [2006/06/20 18:19:34, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1455) lookup_global_sam_rid: looking up RID 513. [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/06/20 18:19:34, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-513)(objectclass=sambaSamAccount))], scope => [2] [2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2969752157-892696647-4271518216-513] count=0 [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2969752157-892696647-4271518216-513))], scope => [2] [2006/06/20 18:19:34, 2] passdb/pdb_ldap.c:init_group_from_ldap(2115) init_group_from_ldap: Entry found for group: 10000 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:34, 10] passdb/lookup_sid.c:sid_to_gid(1296) sid_to_gid: S-1-5-21-2969752157-892696647-4271518216-513 -> 10000 [2006/06/20 18:19:34, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) store_gid_sid_cache: gid 10000 in cache -> S-1-5-21-2969752157-892696647-4271518216-513 [2006/06/20 18:19:34, 10] passdb/pdb_get_set.c:pdb_set_group_sid(564) pdb_set_group_sid: setting group sid S-1-5-21-2969752157-892696647-4271518216-513 [2006/06/20 18:19:34, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-2969752157-892696647-4271518216-513 from rid 513 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 9] passdb/passdb.c:pdb_update_autolock_flag(1406) pdb_update_autolock_flag: Account andoburg not autolocked, no check needed [2006/06/20 18:19:34, 4] libsmb/ntlm_check.c:ntlm_password_check(326) ntlm_password_check: Checking NT MD4 password [2006/06/20 18:19:34, 4] auth/auth_sam.c:sam_account_ok(138) sam_account_ok: Checking SMB password for user andoburg [2006/06/20 18:19:34, 5] auth/auth_sam.c:logon_hours_ok(120) logon_hours_ok: user andoburg allowed to logon at this time (Tue Jun 20 16:19:34 2006 ) [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:34, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 10] lib/util_pw.c:getpwnam_alloc(76) Got andoburg from pwnam_cache [2006/06/20 18:19:34, 10] lib/util_pw.c:getpwnam_alloc(76) Got andoburg from pwnam_cache [2006/06/20 18:19:34, 10] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [andoburg] [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/06/20 18:19:34, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1001))], scope => [2] [2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:34, 10] passdb/lookup_sid.c:gid_to_sid(1128) gid_to_sid: local 1001 -> S-1-22-2-1001 [2006/06/20 18:19:34, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) store_gid_sid_cache: gid 1001 in cache -> S-1-22-2-1001 [2006/06/20 18:19:34, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(979) fetch sid from gid cache 0 -> S-1-22-2-0 [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=10001))], scope => [2] [2006/06/20 18:19:34, 2] passdb/pdb_ldap.c:init_group_from_ldap(2115) init_group_from_ldap: Entry found for group: 10001 [2006/06/20 18:19:34, 10] passdb/lookup_sid.c:gid_to_sid(1128) gid_to_sid: local 10001 -> S-1-5-21-2969752157-892696647-4271518216-512 [2006/06/20 18:19:34, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) store_gid_sid_cache: gid 10001 in cache -> S-1-5-21-2969752157-892696647-4271518216-512 [2006/06/20 18:19:34, 5] auth/auth_util.c:make_server_info_sam(603) make_server_info_sam: made server info for user andoburg -> andoburg [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 3] auth/auth.c:check_ntlm_password(270) check_ntlm_password: sam authentication for user [andoburg] succeeded [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:34, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [andoburg] succeeded [2006/06/20 18:19:34, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [andoburg] -> [andoburg] -> [andoburg] succeeded [2006/06/20 18:19:34, 5] auth/auth_util.c:free_user_info(1784) attempting to free (and zero) a user_info structure [2006/06/20 18:19:34, 10] auth/auth_util.c:free_user_info(1788) structure was created for andoburg [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-3002)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-1001)(sambaSIDList=S-1-22-2-0)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-512)))], scope => [2] [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-3002)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-513)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-1001)(sambaSIDList=S-1-22-2-0)(sambaSIDList=S-1-5-21-2969752157-892696647-4271518216-512)))], scope => [2] [2006/06/20 18:19:34, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2969752157-892696647-4271518216-3002] [2006/06/20 18:19:34, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2969752157-892696647-4271518216-513] [2006/06/20 18:19:34, 5] lib/privileges.c:get_privileges_for_sids(459) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2006/06/20 18:19:34, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2006/06/20 18:19:34, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-11] [2006/06/20 18:19:34, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-22-2-1001] [2006/06/20 18:19:34, 3] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-22-2-0] [2006/06/20 18:19:34, 5] lib/privileges.c:get_privileges_for_sids(459) get_privileges_for_sids: sid = S-1-5-21-2969752157-892696647-4271518216-512 Privilege set: SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) fetch gid from cache 10000 -> S-1-5-21-2969752157-892696647-4271518216-513 [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:34, 10] auth/auth_util.c:create_local_token(970) Could not convert SID S-1-1-0 to gid, ignoring it [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:34, 10] auth/auth_util.c:create_local_token(970) Could not convert SID S-1-5-2 to gid, ignoring it [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))], scope => [2] [2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:34, 10] auth/auth_util.c:create_local_token(970) Could not convert SID S-1-5-11 to gid, ignoring it [2006/06/20 18:19:34, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) fetch gid from cache 1001 -> S-1-22-2-1001 [2006/06/20 18:19:34, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) fetch gid from cache 0 -> S-1-22-2-0 [2006/06/20 18:19:34, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) fetch gid from cache 10001 -> S-1-5-21-2969752157-892696647-4271518216-512 [2006/06/20 18:19:34, 10] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(133) Got NT session key of length 16 [2006/06/20 18:19:34, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(140) Got LM session key of length 16 [2006/06/20 18:19:34, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(738) ntlmssp_server_auth: Created NTLM2 session key. [2006/06/20 18:19:34, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2006/06/20 18:19:34, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2006/06/20 18:19:34, 10] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 101 [2006/06/20 18:19:34, 10] lib/util_pw.c:getpwnam_alloc(76) Got andoburg from pwnam_cache [2006/06/20 18:19:34, 10] smbd/password.c:register_vuid(277) register_vuid: (1001,1001) andoburg andoburg ANDOLAN guest=0 [2006/06/20 18:19:34, 3] smbd/password.c:register_vuid(280) User name: andoburg Real name: AndoBurg B.V. [2006/06/20 18:19:34, 3] smbd/password.c:register_vuid(301) UNIX uid 1001 is UNIX user andoburg, and will be vuid 101 [2006/06/20 18:19:34, 7] param/loadparm.c:lp_servicenumber(5112) lp_servicenumber: couldn't find andoburg [2006/06/20 18:19:34, 3] smbd/password.c:register_vuid(332) Adding homes service for user 'andoburg' using home directory: '/home/andoburg' [2006/06/20 18:19:34, 7] param/loadparm.c:lp_servicenumber(5112) lp_servicenumber: couldn't find homes [2006/06/20 18:19:34, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /etc/samba/smb.conf.local -> /etc/samba/smb.conf.local last mod_time: Thu Jan 1 01:00:00 1970 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Jun 19 18:46:01 2006 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=110 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=67 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 33 00 72 00 63 00 33 ...0...2 .3.r.c.3 [030] 00 00 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E ...A.N.D .O.L.A.N [040] 00 00 00 ... [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 78 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x4e [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 3 of length 82 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=78 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 78 (0x4E) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=35 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 5C 00 53 00 45 00 52 00 56 00 45 00 52 .\.\.S.E .R.V.E.R [010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F .\.I.P.C .$...??? [020] 3F 3F 00 ??. [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 16709) conn 0x0 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:34, 4] smbd/reply.c:reply_tcon_and_X(666) Client requested device type [?????] for share [IPC$] [2006/06/20 18:19:34, 5] smbd/service.c:make_connection(1111) making a connection to 'normal' service ipc$ [2006/06/20 18:19:34, 10] smbd/share_access.c:user_ok_token(225) user_ok_token: share IPC$ is ok for unix user andoburg [2006/06/20 18:19:34, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user andoburg [2006/06/20 18:19:34, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is andoburg [2006/06/20 18:19:34, 10] lib/util_pw.c:getpwnam_alloc(76) Got andoburg from pwnam_cache [2006/06/20 18:19:34, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [andoburg]! [2006/06/20 18:19:34, 10] smbd/service.c:set_conn_connectpath(122) set_conn_connectpath: service IPC$, connectpath = /tmp [2006/06/20 18:19:34, 3] smbd/service.c:make_connection_snum(752) Connect path is '/tmp' for service [IPC$] [2006/06/20 18:19:34, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2006/06/20 18:19:34, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/06/20 18:19:34, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. [2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1001 se_access_check: also S-1-22-2-0 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2006/06/20 18:19:34, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2006/06/20 18:19:34, 3] smbd/vfs.c:vfs_init_default(219) Initialising default vfs hooks [2006/06/20 18:19:34, 5] smbd/connection.c:claim_connection(170) claiming IPC$ 0 [2006/06/20 18:19:34, 10] smbd/share_access.c:user_ok_token(225) user_ok_token: share IPC$ is ok for unix user andoburg [2006/06/20 18:19:34, 10] smbd/share_access.c:is_share_read_only_for_token(267) is_share_read_only_for_user: share IPC$ is read-only for unix user andoburg [2006/06/20 18:19:34, 4] lib/sharesec.c:get_share_security(130) get_share_security: using default secdesc for IPC$ [2006/06/20 18:19:34, 10] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2006/06/20 18:19:34, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. [2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1001 se_access_check: also S-1-22-2-0 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2006/06/20 18:19:34, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2006/06/20 18:19:34, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid @root does not start with 'S-'. [2006/06/20 18:19:34, 5] smbd/password.c:user_in_netgroup(423) Unable to get default yp domain [2006/06/20 18:19:34, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2] [2006/06/20 18:19:34, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 3] smbd/service.c:make_connection_snum(941) ws035 (192.168.68.22) connect to service IPC$ initially as user andoburg (uid=0, gid=1001) (pid 16709) [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:34, 2] smbd/reply.c:reply_tcon_and_X(709) Serving IPC$ as a Dfs root [2006/06/20 18:19:34, 3] smbd/reply.c:reply_tcon_and_X(714) tconX service=IPC$ [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=48 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=192 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3 (0x3) smb_bcc=7 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 49 50 43 00 00 00 00 IPC.... [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x64 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 4 of length 104 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to /tmp [2006/06/20 18:19:34, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2006/06/20 18:19:34, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \lsarpc. [2006/06/20 18:19:34, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe lsarpc opening. [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=0) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe lsarpc (pipes_open=0) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 7153 (pipes_open=1) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=7153 [2006/06/20 18:19:34, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \lsarpc [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=256 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=21248 (0x5300) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x88 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 5 of length 140 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29011 (0x7153) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7153 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=1) [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7153 name: lsarpc open: Yes len: 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1520) api_pipe_bind_req: decode request. 1520 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1531) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 12345778 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1234 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : abcd [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : ef 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 01 23 45 67 89 ab [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000000 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1573) api_pipe_bind_req: make response. 1573 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:check_bind_req(982) check_bind_req for \PIPE\lsarpc [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\lsarpc [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\lsass. [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=7153 nwritten=72 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x3b [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 6 of length 63 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29011 (0x7153) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7153 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=1) [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7153 name: lsarpc len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=7153 min=1024 max=1024 nread=68 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 172 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0xac [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 7 of length 176 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=448 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29011 (0x7153) smb_bcc=105 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 58 00 00 00 01 00 00 ........ .X...... [020] 00 40 00 00 00 00 00 2C 00 D0 FA 09 00 09 00 00 .@....., ........ [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 53 00 45 ........ .\.\.S.E [040] 00 52 00 56 00 45 00 52 00 00 00 C9 11 18 00 00 .R.V.E.R ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 00 00 00 02 ........ . [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=88 params=0 setup=2 [2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7153 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=1) [2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7153) [2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x8496d80 max_trans_reply: 1024 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7153 name: lsarpc open: Yes len: 88 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 88 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0058 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 72, incoming data = 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000040 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 002c [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 70 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\lsarpc [2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[0].fn == 0x8153a58 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol2 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr : 0009fad0 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000009 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000009 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.S.E.R.V.E.R... [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000022 lsa_io_obj_attr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 len : 00000018 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 ptr_root_dir: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c ptr_obj_name: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 attributes : 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 ptr_sec_desc: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 ptr_sec_qos : 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c des_access: 02000000 [2006/06/20 18:19:34, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. [2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1001 se_access_check: also S-1-22-2-0 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 [2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol2 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000001 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 16 20 98 44 45 41 00 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called lsarpc successfully [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 818 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 72 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7153 name: lsarpc len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=448 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 16 20 98 44 45 41 00 00 00 00 00 ...... . DEA..... [030] 00 . [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 130 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x82 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 8 of length 134 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=512 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29011 (0x7153) smb_bcc=63 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 02 00 00 ........ ........ [020] 00 16 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 16 20 98 44 45 41 00 00 0C 00 ...... . DEA.... [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=46 params=0 setup=2 [2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7153 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=1) [2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7153) [2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x8496d80 max_trans_reply: 1024 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7153 name: lsarpc open: Yes len: 46 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 46 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002e [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000016 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 002e [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\lsarpc [2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: lsarpc op 0x2e - unknown [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 23 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0020 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_hdr_fault fault [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(793) 0018 status : DCERPC_FAULT_OP_RNG_ERROR [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c reserved: 00000000 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 30 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7153 name: lsarpc len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=512 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 130 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x82 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 9 of length 134 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=576 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29011 (0x7153) smb_bcc=63 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ [020] 00 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 16 20 98 44 45 41 00 00 03 00 ...... . DEA.... [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=46 params=0 setup=2 [2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7153 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=1) [2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7153) [2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x8496d80 max_trans_reply: 1024 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7153 name: lsarpc open: Yes len: 46 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 46 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002e [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000016 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0007 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\lsarpc [2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[2].fn == 0x8153e9a [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000001 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 16 20 98 44 45 41 00 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 info_class: 0003 [2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 dom_ptr: 22000000 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_query_info_ctr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 info_class: 0003 [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000006 lsa_io_dom_query_3 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 uni_dom_max_len: 000e [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a uni_dom_str_len: 0010 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c buffer_dom_name: 00000001 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 buffer_dom_sid : 00000001 [2006/06/20 18:19:34, 8] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 uni_max_len: 00000008 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 offset : 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_str_len: 00000007 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0020 buffer : A.N.D.O.L.A.N. [2006/06/20 18:19:34, 8] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_dom_sid2 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 num_auths: 00000004 [2006/06/20 18:19:34, 9] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_dom_sid sid [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0034 sid_rev_num: 01 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0035 num_auths : 04 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0036 id_auth[0] : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0037 id_auth[1] : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0038 id_auth[2] : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0039 id_auth[3] : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 003a id_auth[4] : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 003b id_auth[5] : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 003c sub_auths : 00000015 b102d25d 35357847 fe9a3208 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 004c status: NT_STATUS_OK [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called lsarpc successfully [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 30 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7153 name: lsarpc len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0068 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000050 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..104] [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=576 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 03 00 00 .P...... ...."... [020] 00 0E 00 10 00 01 00 00 00 01 00 00 00 08 00 00 ........ ........ [030] 00 00 00 00 00 07 00 00 00 41 00 4E 00 44 00 4F ........ .A.N.D.O [040] 00 4C 00 41 00 4E 00 00 00 04 00 00 00 01 04 00 .L.A.N.. ........ [050] 00 00 00 00 05 15 00 00 00 5D D2 02 B1 47 78 35 ........ .]...Gx5 [060] 35 08 32 9A FE 00 00 00 00 5.2..... . [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x64 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 10 of length 104 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=640 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 77 00 69 00 6E 00 72 00 65 00 67 00 00 .\.w.i.n .r.e.g.. [010] 00 . [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2006/06/20 18:19:34, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \winreg. [2006/06/20 18:19:34, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe winreg opening. [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested winreg (pipes_open=1) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name lsarpc pnum=7153 [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested winreg [2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe winreg [2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe winreg [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe winreg (pipes_open=1) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe winreg with handle 7154 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name winreg pnum=7154 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=7153 [2006/06/20 18:19:34, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \winreg [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=640 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=21504 (0x5400) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x88 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 11 of length 140 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=704 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29012 (0x7154) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 01 D0 8C 33 44 22 F1 31 AA AA 90 00 38 00 10 ....3D". 1....8.. [030] 03 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7154 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7154 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7154 name: winreg open: Yes len: 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1520) api_pipe_bind_req: decode request. 1520 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1531) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 338cd001 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 2244 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : 31f1 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : aa aa [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 90 00 38 00 10 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000001 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1573) api_pipe_bind_req: make response. 1573 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe.c:check_bind_req(982) check_bind_req for \PIPE\winreg [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\lsarpc [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\lsarpc [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\samr [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\NETLOGON [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\srvsvc [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\wkssvc [2006/06/20 18:19:34, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\winreg [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000d [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\winreg. [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000017 smb_io_rpc_results [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=7154 nwritten=72 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=704 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x3b [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 12 of length 63 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=768 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29012 (0x7154) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7154 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7154 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7154 name: winreg len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: winreg: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/06/20 18:19:34, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=7154 min=1024 max=1024 nread=68 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=768 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 77 69 6E 72 65 67 00 00 01 00 00 00 00 00 00 00 winreg.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 120 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x78 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 13 of length 124 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=832 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 36 (0x24) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29012 (0x7154) smb_bcc=53 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 24 00 00 00 01 00 00 ........ .$...... [020] 00 0C 00 00 00 00 00 02 00 08 F5 14 01 38 BC 01 ........ .....8.. [030] 00 00 00 00 02 ..... [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=36 params=0 setup=2 [2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7154 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7154 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7154) [2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7154 name: winreg open: Yes len: 36 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 36 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 36 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 36, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 20 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 20 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 20 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 20, incoming data = 20 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000000c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0002 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 70 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\winreg [2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM [2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[3].fn == 0x815bc93 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_open_hive [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: 0114f508 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 server: bc38 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 access: 02000000 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:34, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 10] registry/reg_db.c:regdb_open(265) regdb_open: refcount reset (1) [2006/06/20 18:19:34, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM] [2006/06/20 18:19:34, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM] [2006/06/20 18:19:34, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM] [2006/06/20 18:19:34, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2006/06/20 18:19:34, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2006/06/20 18:19:34, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-22-1-0. [2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-22-2-0 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 [2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_open_hive [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000002 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 16 20 98 44 45 41 00 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called winreg successfully [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 510 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 20 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7154 name: winreg len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=832 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 16 20 98 44 45 41 00 00 00 00 00 ...... . DEA..... [030] 00 . [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 268 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x10c [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 14 of length 272 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=268 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=896 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 184 (0xB8) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29012 (0x7154) smb_bcc=201 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 B8 00 00 00 02 00 00 ........ ........ [020] 00 A0 00 00 00 00 00 0F 00 00 00 00 00 02 00 00 ........ ........ [030] 00 00 00 00 00 16 20 98 44 45 41 00 00 6E 00 6E ...... . DEA..n.n [040] 00 30 7A E1 76 37 00 00 00 00 00 00 00 37 00 00 .0z.v7.. .....7.. [050] 00 53 00 79 00 73 00 74 00 65 00 6D 00 5C 00 43 .S.y.s.t .e.m.\.C [060] 00 75 00 72 00 72 00 65 00 6E 00 74 00 43 00 6F .u.r.r.e .n.t.C.o [070] 00 6E 00 74 00 72 00 6F 00 6C 00 53 00 65 00 74 .n.t.r.o .l.S.e.t [080] 00 5C 00 73 00 65 00 72 00 76 00 69 00 63 00 65 .\.s.e.r .v.i.c.e [090] 00 73 00 5C 00 4E 00 65 00 74 00 6C 00 6F 00 67 .s.\.N.e .t.l.o.g [0A0] 00 6F 00 6E 00 5C 00 70 00 61 00 72 00 61 00 6D .o.n.\.p .a.r.a.m [0B0] 00 65 00 74 00 65 00 72 00 73 00 5C 00 00 00 62 .e.t.e.r .s.\...b [0C0] F5 00 00 00 00 19 00 02 00 ........ . [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=184 params=0 setup=2 [2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7154 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7154 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7154) [2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7154 name: winreg open: Yes len: 184 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 184 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 184 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 184, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 168 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 168 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 00b8 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 168 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 168, incoming data = 168 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 000000a0 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 000f [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\winreg [2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY [2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[1].fn == 0x815bf39 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_open_entry [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000002 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 16 20 98 44 45 41 00 00 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 length: 006e [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size: 006e [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 76e17a30 [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000037 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000037 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.s.e.r.v.i.c.e.s.\.N.e.t.l.o.g.o.n.\.p.a.r.a.m.e.t.e.r.s.\... [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0098 unknown_0 : 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 009c access: 00020019 [2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:34, 10] registry/reg_db.c:regdb_open(248) regdb_open: incrementing refcount (1) [2006/06/20 18:19:34, 7] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters] [2006/06/20 18:19:34, 10] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] [2006/06/20 18:19:34, 10] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/System/CurrentControlSet/services/Netlogon/parameters] [2006/06/20 18:19:34, 10] lib/adt_tree.c:pathtree_find(413) pathtree_find: Exit [2006/06/20 18:19:34, 5] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2006/06/20 18:19:34, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00020019, for NT token with 6 entries and first sid S-1-22-1-0. [2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:19:34, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-22-2-0 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 20019 [2006/06/20 18:19:34, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (20019) granted. [2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_open_entry [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd handle [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000003 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 16 20 98 44 45 41 00 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called winreg successfully [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 634 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 168 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7154 name: winreg len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=896 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ [020] 00 00 00 00 00 16 20 98 44 45 41 00 00 00 00 00 ...... . DEA..... [030] 00 . [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 232 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0xe8 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 15 of length 236 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=960 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 148 (0x94) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 148 (0x94) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29012 (0x7154) smb_bcc=165 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 94 00 00 00 03 00 00 ........ ........ [020] 00 7C 00 00 00 00 00 11 00 00 00 00 00 03 00 00 .|...... ........ [030] 00 00 00 00 00 16 20 98 44 45 41 00 00 2A 00 2A ...... . DEA..*.* [040] 00 04 7A E1 76 15 00 00 00 00 00 00 00 15 00 00 ..z.v... ........ [050] 00 52 00 65 00 66 00 75 00 73 00 65 00 50 00 61 .R.e.f.u .s.e.P.a [060] 00 73 00 73 00 77 00 6F 00 72 00 64 00 43 00 68 .s.s.w.o .r.d.C.h [070] 00 61 00 6E 00 67 00 65 00 00 00 53 00 64 F5 14 .a.n.g.e ...S.d.. [080] 01 94 F5 14 01 94 F5 14 01 04 00 00 00 00 00 00 ........ ........ [090] 00 00 00 00 00 5C F5 14 01 04 00 00 00 54 F5 14 .....\.. .....T.. [0A0] 01 00 00 00 00 ..... [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=148 params=0 setup=2 [2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7154 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7154 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7154) [2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7154 name: winreg open: Yes len: 148 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 148 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 148 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 148, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 132 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 132 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0094 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 132 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 132, incoming data = 132 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000007c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0011 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\winreg [2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_QUERY_VALUE [2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[10].fn == 0x815c025 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_query_value [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000003 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 16 20 98 44 45 41 00 00 [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 prs_unistr4 name [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 length: 002a [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 size: 002a [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 ptr: 76e17a04 [2006/06/20 18:19:34, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 name [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000015 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000015 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : R.e.f.u.s.e.P.a.s.s.w.o.r.d.C.h.a.n.g.e... [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 ptr_reserved: 0114f564 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0058 ptr_buf: 0114f594 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c ptr_bufsize: 0114f594 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0060 bufsize: 00000004 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 buf_unk: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0068 unk1: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c ptr_buflen: 0114f55c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0070 buflen: 00000004 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 ptr_buflen2: 0114f554 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0078 buflen2: 00000000 [2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:34, 7] rpc_server/srv_reg_nt.c:_reg_query_value(327) _reg_info: policy key name = [HKLM\System\CurrentControlSet\services\Netlogon\parameters] [2006/06/20 18:19:34, 7] rpc_server/srv_reg_nt.c:_reg_query_value(328) _reg_info: policy key type = [00000000] [2006/06/20 18:19:34, 5] rpc_server/srv_reg_nt.c:_reg_query_value(332) _reg_info: looking up value: [RefusePasswordChange] [2006/06/20 18:19:34, 8] registry/reg_frontend.c:fetch_reg_values_specific(283) fetch_reg_values_specific: Initializing cache of values for [HKLM\System\CurrentControlSet\services\Netlogon\parameters] [2006/06/20 18:19:34, 10] registry/reg_db.c:regdb_fetch_values(563) regdb_fetch_values: Looking for value of key [HKLM\System\CurrentControlSet\services\Netlogon\parameters] [2006/06/20 18:19:34, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: refuse machine password change, val: 0 [2006/06/20 18:19:34, 10] rpc_server/srv_reg_nt.c:_reg_query_value(415) _reg_info: Testing value [RefusePasswordChange] [2006/06/20 18:19:34, 10] rpc_server/srv_reg_nt.c:_reg_query_value(417) _reg_info: Found match for value [RefusePasswordChange] [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_query_value [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: f000baaa [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 type: 00000004 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 ptr: f000baaa [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000c smb_io_regval_buffer value [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c buf_max_len: 00000004 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 offset : 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 buf_len : 00000004 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0018 buffer : .... [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c ptr: f000baaa [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 buf_max_len: 00000004 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 ptr: f000baaa [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 buf_len: 00000004 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_werror(824) 002c status: WERR_OK [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called winreg successfully [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 90 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 132 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7154 name: winreg len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 48. [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000030 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..72] [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=960 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 48 00 00 00 03 00 00 ........ .H...... [010] 00 30 00 00 00 00 00 00 00 AA BA 00 F0 04 00 00 .0...... ........ [020] 00 AA BA 00 F0 04 00 00 00 00 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 AA BA 00 F0 04 00 00 00 AA BA 00 ........ ........ [040] F0 04 00 00 00 00 00 00 00 ........ . [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x80 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 16 of length 132 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1024 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29012 (0x7154) smb_bcc=61 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 03 00 00 ........ ........ [030] 00 00 00 00 00 16 20 98 44 45 41 00 00 ...... . DEA.. [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7154 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7154 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7154) [2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7154 name: winreg open: Yes len: 44 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0005 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\winreg [2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[0].fn == 0x815bb9c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_close [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000003 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 16 20 98 44 45 41 00 00 [2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:34, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/06/20 18:19:34, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (1) [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_close [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called winreg successfully [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7154 name: winreg len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1024 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x80 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 17 of length 132 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1088 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29012 (0x7154) smb_bcc=61 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 05 00 00 00 00 00 02 00 00 ........ ........ [030] 00 00 00 00 00 16 20 98 44 45 41 00 00 ...... . DEA.. [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/06/20 18:19:34, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:34, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:34, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7154 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7154 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:34, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "winreg" (pnum 7154) [2006/06/20 18:19:34, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7154 name: winreg open: Yes len: 44 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0005 [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\winreg [2006/06/20 18:19:34, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE [2006/06/20 18:19:34, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[0].fn == 0x815bb9c [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_q_close [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000002 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 16 20 98 44 45 41 00 00 [2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:34, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:34, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/06/20 18:19:34, 10] registry/reg_db.c:regdb_close(279) regdb_close: decrementing refcount (0) [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 reg_io_r_close [2006/06/20 18:19:34, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_werror(824) 0014 status: WERR_OK [2006/06/20 18:19:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called winreg successfully [2006/06/20 18:19:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/06/20 18:19:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7154 name: winreg len: 1024 [2006/06/20 18:19:34, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: winreg: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:34, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:34, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1088 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:34, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:34, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/06/20 18:19:34, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x29 [2006/06/20 18:19:34, 3] smbd/process.c:process_smb(1112) Transaction 18 of length 45 [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1152 smt_wct=3 smb_vwv[ 0]=29012 (0x7154) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/06/20 18:19:34, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 16709) conn 0x8497e40 [2006/06/20 18:19:34, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:34, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:34, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7154 [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name winreg pnum=7154 (pipes_open=2) [2006/06/20 18:19:34, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:34, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:7154 [2006/06/20 18:19:34, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe winreg [2006/06/20 18:19:34, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name winreg pnum=7154 (pipes_open=1) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:34, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1152 smt_wct=0 smb_bcc=0 [2006/06/20 18:19:34, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 96 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x60 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 19 of length 100 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1216 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=13 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBntcreateX (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 10] smbd/nttrans.c:reply_ntcreate_and_X(501) reply_ntcreateX: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 [2006/06/20 18:19:35, 4] smbd/nttrans.c:nt_open_pipe(325) nt_open_pipe: Opening pipe \samr. [2006/06/20 18:19:35, 3] smbd/nttrans.c:nt_open_pipe(346) nt_open_pipe: Known pipe samr opening. [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested samr (pipes_open=1) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(210) open_rpc_pipe_p: name lsarpc pnum=7153 [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested samr [2006/06/20 18:19:35, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 2 for pipe samr [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe samr (pipes_open=1) [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe samr with handle 7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name samr pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=7153 [2006/06/20 18:19:35, 5] smbd/nttrans.c:do_ntcreate_pipe_open(395) do_ntcreate_pipe_open: open pipe = \samr [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1216 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=21760 (0x5500) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x88 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 20 of length 140 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1280 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29013 (0x7155) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [030] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBwriteX (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name samr pnum=7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7155 name: samr open: Yes len: 72 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0b [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0048 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1520) api_pipe_bind_req: decode request. 1520 [2006/06/20 18:19:35, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1531) api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 num_contexts: 01 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000c context_id : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e num_transfer_syntaxes: 01 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data : 12345778 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 data : 1234 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 data : abcd [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0018 data : ef 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001a data : 01 23 45 67 89 ac [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 version: 00000001 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 data : 8a885d04 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0028 data : 1ceb [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 002a data : 11c9 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002c data : 9f e8 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002e data : 08 00 2b 10 48 60 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 version: 00000002 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1573) api_pipe_bind_req: make response. 1573 [2006/06/20 18:19:35, 3] rpc_server/srv_pipe.c:check_bind_req(982) check_bind_req for \PIPE\samr [2006/06/20 18:19:35, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\lsarpc [2006/06/20 18:19:35, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\lsarpc [2006/06/20 18:19:35, 10] rpc_server/srv_pipe.c:check_bind_req(987) checking \PIPE\samr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 max_tsize: 10b8 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 max_rsize: 10b8 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 assoc_gid: 000053f0 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 len: 000c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000a str: \PIPE\lsass. [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0018 num_results: 01 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001c result : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001e reason : 0000 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 data : 8a885d04 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 data : 1ceb [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 data : 11c9 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0028 data : 9f e8 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 002a data : 08 00 2b 10 48 60 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 version: 00000002 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 0c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0044 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2006/06/20 18:19:35, 3] smbd/pipes.c:reply_pipe_write_and_X(217) writeX-IPC pnum=7155 nwritten=72 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1280 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 59 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x3b [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 21 of length 63 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=29013 (0x7155) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBreadX (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name samr pnum=7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7155 name: samr len: 1024 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2006/06/20 18:19:35, 3] smbd/pipes.c:reply_pipe_read_and_X(262) readX-IPC pnum=7155 min=1024 max=1024 nread=68 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 164 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0xa4 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 22 of length 168 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1408 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29013 (0x7155) smb_bcc=97 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 50 00 00 00 01 00 00 ........ .P...... [020] 00 38 00 00 00 00 00 40 00 D0 FA 09 00 09 00 00 .8.....@ ........ [030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 53 00 45 ........ .\.\.S.E [040] 00 52 00 56 00 45 00 52 00 00 00 C9 11 30 00 00 .R.V.E.R .....0.. [050] 00 01 00 00 00 01 00 00 00 03 00 00 00 00 00 00 ........ ........ [060] 00 . [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=80 params=0 setup=2 [2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name samr pnum=7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7155) [2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7155 name: samr open: Yes len: 80 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 80 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 64 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0050 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 64 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000038 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0040 [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 68 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\samr [2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: samr op 0x40 - api_rpcTNP: rpc command: SAMR_CONNECT5 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[49].fn == 0x819f978 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_connect5 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr_srv_name: 0009fad0 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 uni_max_len: 00000009 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 offset : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c uni_str_len: 00000009 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0010 buffer : \.\.S.E.R.V.E.R... [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 access_mask: 00000030 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 level: 00000001 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c level: 00000001 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 info1_unk1: 00000003 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 info1_unk2: 00000000 [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_connect5(2724) _samr_connect5: 2724 [2006/06/20 18:19:35, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000030, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. [2006/06/20 18:19:35, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:19:35, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1001 se_access_check: also S-1-22-2-0 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20031, current desired = 30 [2006/06/20 18:19:35, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (30) granted. [2006/06/20 18:19:35, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(210) _samr_connect5: access GRANTED (requested: 0x00000030, granted: 0x00000030) [2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(316) get_samr_info_by_sid: created new info for sid (NULL) [2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(321) get_samr_info_by_sid: created new info for NULL sid. [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_connect5(2756) _samr_connect: 2756 [2006/06/20 18:19:35, 5] rpc_parse/parse_samr.c:init_samr_r_connect5(7140) init_samr_q_connect5 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_connect5 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 level: 00000001 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 level: 00000001 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 info1_unk1: 00000003 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c info1_unk2: 00000000 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_pol_hnd connect_pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 data2: 00000004 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 001c data5: 17 20 98 44 45 41 00 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0024 status: NT_STATUS_OK [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called samr successfully [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 974 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 64 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7155 name: samr len: 1024 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 40. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0040 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000001 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000028 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..64] [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1408 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 64 (0x40) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=65 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 40 00 00 00 01 00 00 ........ .@...... [010] 00 28 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .(...... ........ [020] 00 03 00 00 00 00 00 00 00 00 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 00 00 00 ...... . DEA..... [040] 00 . [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 136 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x88 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 23 of length 140 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1472 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29013 (0x7155) smb_bcc=69 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 34 00 00 00 02 00 00 ........ .4...... [020] 00 1C 00 00 00 00 00 06 00 00 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 00 00 00 ...... . DEA..... [040] 00 00 20 00 00 .. .. [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=52 params=0 setup=2 [2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name samr pnum=7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7155) [2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7155 name: samr open: Yes len: 52 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 52 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 36 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0034 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 36 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000001c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0006 [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\samr [2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS [2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[3].fn == 0x819fcce [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_enum_domains [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000004 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 17 20 98 44 45 41 00 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 start_idx: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 max_size : 00002000 [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(222) _samr_enum_domains: access check ((granted: 0x00000030; required: 0x00000010) [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:make_enum_domains(2817) make_enum_domains [2006/06/20 18:19:35, 10] rpc_parse/parse_samr.c:init_sam_entry(1409) init_sam_entry: 0 [2006/06/20 18:19:35, 10] rpc_parse/parse_samr.c:init_sam_entry(1409) init_sam_entry: 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_samr.c:init_samr_r_enum_domains(3291) init_samr_r_enum_domains [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_enum_domains [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 next_idx : 00000002 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 ptr_entries1: 00000001 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 num_entries2: 00000002 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c ptr_entries2: 00000001 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 num_entries3: 00000002 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 sam_io_sam_entry dom[0] [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 rid: 00000000 [2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_unihdr unihdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0018 uni_str_len: 000e [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 001a uni_max_len: 000e [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c buffer : 00000001 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000020 sam_io_sam_entry dom[1] [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 rid: 00000000 [2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unihdr unihdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0024 uni_str_len: 000e [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0026 uni_max_len: 000e [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 buffer : 00000001 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_unistr2 dom[0] [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c uni_max_len: 00000007 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 offset : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 uni_str_len: 00000007 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0038 buffer : A.N.D.O.L.A.N. [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000046 smb_io_unistr2 dom[1] [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0048 uni_max_len: 00000007 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c offset : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0050 uni_str_len: 00000007 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0054 buffer : B.u.i.l.t.i.n. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 num_entries4: 00000002 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0068 status: NT_STATUS_OK [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called samr successfully [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 88 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 36 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7155 name: samr len: 1024 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 108. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0084 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000002 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000006c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..132] [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=188 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1472 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 132 (0x84) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 132 (0x84) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=133 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 84 00 00 00 02 00 00 ........ ........ [010] 00 6C 00 00 00 00 00 00 00 02 00 00 00 01 00 00 .l...... ........ [020] 00 02 00 00 00 01 00 00 00 02 00 00 00 00 00 00 ........ ........ [030] 00 0E 00 0E 00 01 00 00 00 00 00 00 00 0E 00 0E ........ ........ [040] 00 01 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [050] 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 00 .A.N.D.O .L.A.N.. [060] 00 07 00 00 00 00 00 00 00 07 00 00 00 42 00 75 ........ .....B.u [070] 00 69 00 6C 00 74 00 69 00 6E 00 00 00 02 00 00 .i.l.t.i .n...... [080] 00 00 00 00 00 ..... [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 162 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0xa2 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 24 of length 166 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=162 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1536 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 78 (0x4E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 78 (0x4E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29013 (0x7155) smb_bcc=95 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 4E 00 00 00 03 00 00 ........ .N...... [020] 00 36 00 00 00 00 00 05 00 00 00 00 00 04 00 00 .6...... ........ [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 0E 00 0E ...... . DEA..... [040] 00 B8 B7 B0 02 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [050] 00 41 00 4E 00 44 00 4F 00 4C 00 41 00 4E 00 .A.N.D.O .L.A.N. [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=78 params=0 setup=2 [2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name samr pnum=7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7155) [2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7155 name: samr open: Yes len: 78 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 78 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 78 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 78, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 62 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 62 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 004e [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 62 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 62, incoming data = 62 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000036 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0005 [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\samr [2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN [2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[41].fn == 0x819fb10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_lookup_domain [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd connect_pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000004 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 17 20 98 44 45 41 00 00 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unihdr hdr_domain [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 uni_str_len: 000e [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 uni_max_len: 000e [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 buffer : 02b0b7b8 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 uni_domain [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000007 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000007 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : A.N.D.O.L.A.N. [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(222) _samr_lookup_domain: access check ((granted: 0x00000030; required: 0x00000020) [2006/06/20 18:19:35, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2799) Returning domain sid for domain ANDOLAN -> S-1-5-21-2969752157-892696647-4271518216 [2006/06/20 18:19:35, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_domain(136) init_samr_r_lookup_domain [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_lookup_domain [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: 00000001 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_dom_sid2 sid [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 num_auths: 00000004 [2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_dom_sid sid [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0008 sid_rev_num: 01 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0009 num_auths : 04 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000a id_auth[0] : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000b id_auth[1] : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000c id_auth[2] : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000d id_auth[3] : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000e id_auth[4] : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 000f id_auth[5] : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0010 sub_auths : 00000015 b102d25d 35357847 fe9a3208 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0020 status: NT_STATUS_OK [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called samr successfully [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 14 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 62 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7155 name: samr len: 1024 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 003c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000003 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000024 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..60] [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1536 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 03 00 00 ........ .<...... [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 04 00 00 .$...... ........ [020] 00 01 04 00 00 00 00 00 05 15 00 00 00 5D D2 02 ........ .....].. [030] B1 47 78 35 35 08 32 9A FE 00 00 00 00 .Gx55.2. ..... [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 160 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0xa0 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 25 of length 164 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1600 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29013 (0x7155) smb_bcc=93 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 04 00 00 ........ .L...... [020] 00 34 00 00 00 00 00 07 00 00 00 00 00 04 00 00 .4...... ........ [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 11 02 00 ...... . DEA..... [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ [050] 00 5D D2 02 B1 47 78 35 35 08 32 9A FE .]...Gx5 5.2.. [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=76 params=0 setup=2 [2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name samr pnum=7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7155) [2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7155 name: samr open: Yes len: 76 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 76 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 60 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 004c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 60 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000034 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0007 [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\samr [2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[39].fn == 0x819d6ac [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_open_domain [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000004 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 17 20 98 44 45 41 00 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 flags: 00000211 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_dom_sid2 sid [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 num_auths: 00000004 [2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_dom_sid sid [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001c sid_rev_num: 01 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001d num_auths : 04 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001e id_auth[0] : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 001f id_auth[1] : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0020 id_auth[2] : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0021 id_auth[3] : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0022 id_auth[4] : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0023 id_auth[5] : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 0024 sub_auths : 00000015 b102d25d 35357847 fe9a3208 [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(222) _samr_open_domain: access check ((granted: 0x00000030; required: 0x00000020) [2006/06/20 18:19:35, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(179) access_check_samr_object: user rights access mask [0xd047a] [2006/06/20 18:19:35, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000201, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. [2006/06/20 18:19:35, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:19:35, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1001 se_access_check: also S-1-22-2-0 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 201 [2006/06/20 18:19:35, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (201) granted. [2006/06/20 18:19:35, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(210) _samr_open_domain: access GRANTED (requested: 0x00000201, granted: 0x000d067b) [2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(316) get_samr_info_by_sid: created new info for sid S-1-5-21-2969752157-892696647-4271518216 [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[3] [000] 00 00 00 00 05 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(625) samr_open_domain: 625 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_open_domain [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd domain_pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000005 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 17 20 98 44 45 41 00 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called samr successfully [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 956 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 60 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7155 name: samr len: 1024 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1600 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ........ ........ [020] 00 00 00 00 00 17 20 98 44 45 41 00 00 00 00 00 ...... . DEA..... [030] 00 . [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 168 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0xa8 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 26 of length 172 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1664 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 84 (0x54) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 84 (0x54) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29013 (0x7155) smb_bcc=101 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 54 00 00 00 05 00 00 ........ .T...... [020] 00 3C 00 00 00 00 00 32 00 00 00 00 00 05 00 00 .<.....2 ........ [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 0C 00 0E ...... . DEA..... [040] 00 70 86 16 00 07 00 00 00 00 00 00 00 06 00 00 .p...... ........ [050] 00 57 00 53 00 30 00 33 00 35 00 24 00 80 00 00 .W.S.0.3 .5.$.... [060] 00 B0 00 05 E0 ..... [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=84 params=0 setup=2 [2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name samr pnum=7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7155) [2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7155 name: samr open: Yes len: 84 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 84 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 84 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 84, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 68 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 68 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0054 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 68 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 68, incoming data = 68 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 0000003c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0032 [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\samr [2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: samr op 0x32 - api_rpcTNP: rpc command: SAMR_CREATE_USER [2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[33].fn == 0x819f105 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_create_user [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd domain_pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000005 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 17 20 98 44 45 41 00 00 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unihdr hdr_name [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 uni_str_len: 000c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 uni_max_len: 000e [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 buffer : 00168670 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unistr2 uni_name [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c uni_max_len: 00000007 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 offset : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 uni_str_len: 00000006 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 0028 buffer : W.S.0.3.5.$. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 acb_info : 00000080 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 access_mask: e00500b0 [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(222) _samr_create_user: access check ((granted: 0x000d067b; required: 0x00000010) [2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:can_create(2389) Checking whether [ws035$] can be created [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 10] passdb/util_wellknown.c:lookup_wellknown_name(154) map_name_to_wellknown_sid: looking up ws035$ [2006/06/20 18:19:35, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(340) secrets_fetch failed! [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(&(uid=ws035$)(objectclass=sambaSamAccount))], scope => [2] [2006/06/20 18:19:35, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1396) ldapsam_getsampwnam: Unable to locate user [ws035$] count=0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=ws035$)(cn=ws035$)))], scope => [2] [2006/06/20 18:19:35, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:can_create(2399) ws035$ does not exist, can create it [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_create_user(2503) _samr_create_user: can add this account : True [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user ws035$ [2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is ws035$ [2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(93) Trying _Get_Pwnam(), username as uppercase is WS035$ [2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(102) Checking combinations of 0 uppercase letters in ws035$ [2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals didn't find user [ws035$]! [2006/06/20 18:19:35, 3] passdb/pdb_interface.c:pdb_default_create_user(363) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w ws035$' gave 0 [2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user ws035$ [2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is ws035$ [2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [ws035$]! [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username ws035$, was [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) pdb_set_full_name: setting full name Computer, was [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_domain(607) pdb_set_domain: setting domain ANDOLAN, was [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=10002))], scope => [2] [2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_group_from_ldap(2115) init_group_from_ldap: Entry found for group: 10002 [2006/06/20 18:19:35, 10] passdb/lookup_sid.c:gid_to_sid(1128) gid_to_sid: local 10002 -> S-1-5-21-2969752157-892696647-4271518216-201017 [2006/06/20 18:19:35, 3] passdb/lookup_sid.c:store_gid_sid_cache(1038) store_gid_sid_cache: gid 10002 in cache -> S-1-5-21-2969752157-892696647-4271518216-201017 [2006/06/20 18:19:35, 3] passdb/lookup_sid.c:fetch_gid_from_cache(999) fetch gid from cache 10002 -> S-1-5-21-2969752157-892696647-4271518216-201017 [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_group_sid(564) pdb_set_group_sid: setting group sid S-1-5-21-2969752157-892696647-4271518216-201017 [2006/06/20 18:19:35, 2] lib/smbldap_util.c:smbldap_search_domain_info(219) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ANDOLAN))] [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(&(objectClass=sambaDomain)(sambaDomainName=ANDOLAN))], scope => [2] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(520) smbldap_make_mod: deleting attribute |sambaNextRid| values |201024| [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) smbldap_make_mod: adding attribute |sambaNextRid| value |201025| [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_modify(1363) smbldap_modify: dn => [sambaDomainName=ANDOLAN,dc=andolan] [2006/06/20 18:19:35, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1455) lookup_global_sam_rid: looking up RID 201025. [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-201025)(objectclass=sambaSamAccount))], scope => [2] [2006/06/20 18:19:35, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-2969752157-892696647-4271518216-201025] count=0 [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=andolan], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2969752157-892696647-4271518216-201025))], scope => [2] [2006/06/20 18:19:35, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2192) ldapsam_getgroup: Did not find group [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(&(uid=ws035$)(objectclass=sambaSamAccount))], scope => [2] [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-201025)(objectclass=sambaSamAccount))], scope => [2] [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(uid=ws035$)], scope => [2] [2006/06/20 18:19:35, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1959) ldapsam_add_sam_account: User exists without samba attributes: adding them [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(504) smbldap_make_mod: attribute |uid| not changed. [2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_ldap_from_sam(965) init_ldap_from_sam: Setting entry for user: ws035$ [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaSID] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) smbldap_make_mod: adding attribute |sambaSID| value |S-1-5-21-2969752157-892696647-4271518216-201025| [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPrimaryGroupSID] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) smbldap_make_mod: adding attribute |sambaPrimaryGroupSID| value |S-1-5-21-2969752157-892696647-4271518216-201017| [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(504) smbldap_make_mod: attribute |displayName| not changed. [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaAcctFlags] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) smbldap_make_mod: adding attribute |sambaAcctFlags| value |[DW ]| [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_modify(1363) smbldap_modify: dn => [uid=ws035$,ou=Computers,dc=andolan] [2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:ldapsam_add_sam_account(2069) ldapsam_add_sam_account: added: uid == ws035$ in the LDAP database [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(179) access_check_samr_object: user rights access mask [0xd04e4] [2006/06/20 18:19:35, 10] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x0002031b, for NT token with 8 entries and first sid S-1-5-21-2969752157-892696647-4271518216-3002. [2006/06/20 18:19:35, 3] lib/util_seaccess.c:se_access_check(250) [2006/06/20 18:19:35, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2969752157-892696647-4271518216-3002 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-513 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1001 se_access_check: also S-1-22-2-0 se_access_check: also S-1-5-21-2969752157-892696647-4271518216-512 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 2035b, current desired = 2031b [2006/06/20 18:19:35, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2031b) granted. [2006/06/20 18:19:35, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(210) _samr_create_user: access GRANTED (requested: 0x0002031b, granted: 0x000f07ff) [2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(316) get_samr_info_by_sid: created new info for sid S-1-5-21-2969752157-892696647-4271518216-201025 [2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:get_samr_dispinfo_by_sid(262) get_samr_dispinfo_by_sid: Replacing S-1-5-21-2969752157-892696647-4271518216-201025 with our domain SID [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[4] [000] 00 00 00 00 06 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_create_user [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd user_pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000006 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 17 20 98 44 45 41 00 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 access_granted: 000f07ff [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 user_rid : 00031141 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 001c status: NT_STATUS_OK [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called samr successfully [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 1201 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 68 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7155 name: samr len: 1024 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 32. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0038 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000005 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000020 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..56] [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1664 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 05 00 00 ........ .8...... [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 06 00 00 . ...... ........ [020] 00 00 00 00 00 17 20 98 44 45 41 00 00 FF 07 0F ...... . DEA..... [030] 00 41 11 03 00 00 00 00 00 .A...... . [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 130 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x82 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 27 of length 134 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1728 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29013 (0x7155) smb_bcc=63 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 06 00 00 ........ ........ [020] 00 16 00 00 00 00 00 24 00 00 00 00 00 06 00 00 .......$ ........ [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 10 00 ...... . DEA.... [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=46 params=0 setup=2 [2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name samr pnum=7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7155) [2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7155 name: samr open: Yes len: 46 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 46 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002e [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000006 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000016 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0024 [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\samr [2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: samr op 0x24 - api_rpcTNP: rpc command: SAMR_QUERY_USERINFO [2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[21].fn == 0x819ec0a [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_query_userinfo [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000006 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 17 20 98 44 45 41 00 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 switch_value: 0010 [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_query_userinfo(1986) _samr_query_userinfo: sid:S-1-5-21-2969752157-892696647-4271518216-201025 [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_query_userinfo(1997) _samr_query_userinfo: user info level: 16 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-201025)(objectclass=sambaSamAccount))], scope => [2] [2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: ws035$ [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username ws035$, was [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_domain(607) pdb_set_domain: setting domain ANDOLAN, was [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) pdb_set_nt_username: setting nt username ws035$, was [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(519) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdLastSet] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogoffTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaKickoffTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdCanChange] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdMustChange] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) pdb_set_full_name: setting full name Computer, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomeDrive] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) pdb_set_dir_drive: setting dir drive N:, was NULL [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomePath] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) pdb_set_homedir: setting home dir \\server\datamap, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonScript] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) pdb_set_logon_script: setting logon script logon.cmd, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaProfilePath] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) pdb_set_profile_path: setting profile path \\server\tempprof, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaUserWorkstations] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaMungedDial] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLMPassword] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaNTPassword] = [] [2006/06/20 18:19:35, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 0 [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordCount] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonHours] = [] [2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(83) Looking up login cache for user ws035$ [2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(97) No cache entry found [2006/06/20 18:19:35, 9] passdb/pdb_ldap.c:init_sam_from_ldap(898) No cache entry, bad count = 0, bad time = 0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 3] rpc_server/srv_samr_nt.c:get_user_info_16(1832) User:[ws035$] [2006/06/20 18:19:35, 5] rpc_parse/parse_samr.c:init_sam_user_info16(5437) init_sam_user_info16 [2006/06/20 18:19:35, 5] rpc_parse/parse_samr.c:init_samr_r_query_userinfo(6759) init_samr_r_query_userinfo [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_query_userinfo(2057) _samr_query_userinfo: 2057 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_query_userinfo [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 ptr: 00000001 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 samr_io_userinfo_ctr ctr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 switch_value: 0010 [2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) 000008 samr_io_r_user_info16 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0008 acb_info: 00000081 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 000c status: NT_STATUS_OK [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called samr successfully [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 12 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 30 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7155 name: samr len: 1024 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0028 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000006 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000010 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..40] [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1728 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 06 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 01 00 00 00 10 00 00 ........ ........ [020] 00 81 00 00 00 00 00 00 00 ........ . [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x80 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 28 of length 132 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1792 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29013 (0x7155) smb_bcc=61 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 07 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 2C 00 00 00 00 00 06 00 00 ......., ........ [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 ...... . DEA.. [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name samr pnum=7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7155) [2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7155 name: samr open: Yes len: 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000007 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 002c [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\samr [2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: samr op 0x2c - api_rpcTNP: rpc command: SAMR_GET_USRDOM_PWINFO [2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[44].fn == 0x819d86a [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_get_usrdom_pwinfo [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd user_pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000006 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 17 20 98 44 45 41 00 00 [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 5] rpc_parse/parse_samr.c:init_samr_r_get_usrdom_pwinfo(345) init_samr_r_get_usrdom_pwinfo [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_get_usrdom_pwinfo(649) _samr_get_usrdom_pwinfo: 649 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_get_usrdom_pwinfo [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0000 min_pwd_length: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0002 unknown_1: 0015 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 password_properties: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0008 status : NT_STATUS_OK [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called samr successfully [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7155 name: samr len: 1024 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0024 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000007 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 0000000c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..36] [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1792 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 00 00 15 00 00 00 00 ........ ........ [020] 00 00 00 00 00 ..... [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 884 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x374 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 29 of length 888 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=884 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1856 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 800 (0x320) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 800 (0x320) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29013 (0x7155) smb_bcc=817 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 20 03 00 00 08 00 00 ........ . ...... [020] 00 08 03 00 00 00 00 3A 00 00 00 00 00 06 00 00 .......: ........ [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 19 00 19 ...... . DEA..... [040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [070] 00 00 00 00 00 00 00 00 00 0C 00 0E 00 70 86 16 ........ .....p.. [080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E0] 00 00 00 00 00 00 00 00 00 80 00 00 00 02 00 10 ........ ........ [0F0] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [100] 00 00 00 00 00 1C 3C E4 88 ED C9 9F DA 7D 16 1A ......<. .....}.. [110] D5 C3 D6 55 CF 5B 7C 31 1A 66 07 35 94 DD 3B 6A ...U.[|1 .f.5..;j [120] 84 40 36 44 3D 2C EE 9C 3D 97 01 69 D3 75 20 49 .@6D=,.. =..i.u I [130] 64 C4 77 E6 F3 EE C6 FB 11 59 5D 8C 43 B4 62 BE d.w..... .Y].C.b. [140] B9 59 93 BA 12 A1 AF 7C 1A F2 6F F4 75 B6 24 F3 .Y.....| ..o.u.$. [150] 25 0F AD E1 CA A9 DF 18 77 6E 1A 2C F2 48 B5 FF %....... wn.,.H.. [160] E6 52 C7 E3 22 A8 CE C8 9C 5B EA 3F B9 D4 E4 40 .R.."... .[.?...@ [170] A6 EB 14 97 F5 F7 52 22 5A E4 46 42 B4 48 45 26 ......R" Z.FB.HE& [180] EC 38 33 DB F0 81 B8 10 BB 24 93 84 28 78 38 0B .83..... .$..(x8. [190] 89 8F 04 C0 A9 09 7B F2 42 3B 67 28 39 3F C5 F5 ......{. B;g(9?.. [1A0] B1 7B 87 BB 8C DD 8A 0D 16 E0 DD C4 6B 4A 0F 71 .{...... ....kJ.q [1B0] C5 0A 29 FC 11 38 EB 9A 1D 56 0C 24 11 FA 83 F9 ..)..8.. .V.$.... [1C0] 90 D0 6F 14 8D 79 2B 6F 82 17 8D 4C D9 A6 C1 E7 ..o..y+o ...L.... [1D0] 16 3F 39 85 40 C0 3B AE BB 55 D9 5E BB 8D 87 FC .?9.@.;. .U.^.... [1E0] 7E C8 7A DC 88 D7 57 2A 4E AF F1 9E D3 DC 56 73 ~.z...W* N.....Vs [1F0] 68 92 FD 00 12 FF 07 75 BE A8 1E 5B 15 02 0F 13 h......u ...[.... [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=800 params=0 setup=2 [2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name samr pnum=7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7155) [2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7155 name: samr open: Yes len: 800 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 800 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 800 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 800, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 784 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 784 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0320 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000008 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 784 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 784, incoming data = 784 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000308 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 003a [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\samr [2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO [2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[22].fn == 0x81a002b [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_set_userinfo [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000006 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 17 20 98 44 45 41 00 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 switch_value: 0019 [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000016 samr_io_userinfo_ctr ctr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0016 switch_value: 0019 [2006/06/20 18:19:35, 7] rpc_parse/parse_prs.c:prs_debug(84) 000018 sam_io_user_info25 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_time logon_time [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 low : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 001c high: 00000000 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_time logoff_time [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0020 low : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0024 high: 00000000 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000028 smb_io_time kickoff_time [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0028 low : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 002c high: 00000000 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_time pass_last_set_time [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0030 low : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0034 high: 00000000 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_time pass_can_change_time [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0038 low : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 003c high: 00000000 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000040 smb_io_time pass_must_change_time [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0040 low : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0044 high: 00000000 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_unihdr hdr_user_name [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0048 uni_str_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 004a uni_max_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 004c buffer : 00000000 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_unihdr hdr_full_name [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0050 uni_str_len: 000c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0052 uni_max_len: 000e [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0054 buffer : 00168670 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000058 smb_io_unihdr hdr_home_dir [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0058 uni_str_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 005a uni_max_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 005c buffer : 00000000 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000060 smb_io_unihdr hdr_dir_drive [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0060 uni_str_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0062 uni_max_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0064 buffer : 00000000 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000068 smb_io_unihdr hdr_logon_script [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0068 uni_str_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 006a uni_max_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 006c buffer : 00000000 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000070 smb_io_unihdr hdr_profile_path [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0070 uni_str_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0072 uni_max_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0074 buffer : 00000000 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000078 smb_io_unihdr hdr_acct_desc [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0078 uni_str_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 007a uni_max_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 007c buffer : 00000000 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000080 smb_io_unihdr hdr_workstations [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0080 uni_str_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0082 uni_max_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0084 buffer : 00000000 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000088 smb_io_unihdr hdr_unknown_str [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0088 uni_str_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 008a uni_max_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 008c buffer : 00000000 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000090 smb_io_unihdr hdr_munged_dial [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0090 uni_str_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0092 uni_max_len: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0094 buffer : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 0098 lm_pwd : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 00a8 nt_pwd : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00b8 user_rid : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00bc group_rid : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c0 acb_info : 00000080 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 00c4 fields_present : 01100002 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32s(991) 00c8 unknown_5 : 00000000 00000000 00000000 00000000 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 00dc password : 1c 3c e4 88 ed c9 9f da 7d 16 1a d5 c3 d6 55 cf 5b 7c 31 1a 66 07 35 94 dd 3b 6a 84 40 36 44 3d 2c ee 9c 3d 97 01 69 d3 75 20 49 64 c4 77 e6 f3 ee c6 fb 11 59 5d 8c 43 b4 62 be b9 59 93 ba 12 a1 af 7c 1a f2 6f f4 75 b6 24 f3 25 0f ad e1 ca a9 df 18 77 6e 1a 2c f2 48 b5 ff e6 52 c7 e3 22 a8 ce c8 9c 5b ea 3f b9 d4 e4 40 a6 eb 14 97 f5 f7 52 22 5a e4 46 42 b4 48 45 26 ec 38 33 db f0 81 b8 10 bb 24 93 84 28 78 38 0b 89 8f 04 c0 a9 09 7b f2 42 3b 67 28 39 3f c5 f5 b1 7b 87 bb 8c dd 8a 0d 16 e0 dd c4 6b 4a 0f 71 c5 0a 29 fc 11 38 eb 9a 1d 56 0c 24 11 fa 83 f9 90 d0 6f 14 8d 79 2b 6f 82 17 8d 4c d9 a6 c1 e7 16 3f 39 85 40 c0 3b ae bb 55 d9 5e bb 8d 87 fc 7e c8 7a dc 88 d7 57 2a 4e af f1 9e d3 dc 56 73 68 92 fd 00 12 ff 07 75 be a8 1e 5b 15 02 0f 13 31 02 02 be 45 18 74 db d5 ed b8 5b d6 1d f8 e4 d6 67 56 e6 b3 e7 07 97 37 10 86 42 dd 24 85 75 2a 1d 98 9e ea c5 af 2b de e7 6d 97 17 ad 77 94 b1 b6 6e a2 c5 bc 41 81 f7 fc 7a db ef c1 a6 dd 22 05 d8 61 9c 1b 87 ec 58 e8 8b fa 76 35 1 +> 7 d7 c3 cc 65 e7 92 85 8b 31 5a 50 b8 44 59 00 bf 57 84 0f 96 8f 83 6a 89 d8 82 21 4b cf b5 42 6d 08 41 20 24 72 aa cb a0 47 58 d3 0f 09 33 bf 83 68 0b c4 aa 42 ae ec d2 36 6b 4f e3 d8 3f 01 c2 0c 79 5f 2c c7 a5 ea b0 e8 7e af 9b 6a 83 6c 6b 86 23 08 77 7b 18 4d 32 2b fb 98 ed 39 36 b2 d4 62 63 88 04 d1 52 72 42 c6 e9 b1 7d ea ff fe 28 95 14 af b8 11 b2 aa bb 96 93 62 41 01 8a f3 a6 ff b4 a0 1b 81 f3 91 fc 67 de de 54 7a 6d 6e 24 be 71 a8 78 4b 68 4c 58 e2 6d 49 ed c0 12 10 82 a1 85 57 76 08 33 34 a6 28 78 6d 8f 5e 21 d3 a1 20 75 67 8d 41 b3 55 a3 4d 2f 00 2f f7 99 f1 08 93 82 89 7b 46 6d e5 37 f5 99 [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 0002f0 smb_io_unistr2 - NULL uni_user_name [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 0002f0 smb_io_unistr2 uni_full_name [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 02f0 uni_max_len: 00000007 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 02f4 offset : 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 02f8 uni_str_len: 00000006 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) 02fc buffer : W.S.0.3.5.$. [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000308 smb_io_unistr2 - NULL uni_home_dir [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000308 smb_io_unistr2 - NULL uni_dir_drive [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000308 smb_io_unistr2 - NULL uni_logon_script [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000308 smb_io_unistr2 - NULL uni_profile_path [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000308 smb_io_unistr2 - NULL uni_acct_desc [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000308 smb_io_unistr2 - NULL uni_workstations [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000308 smb_io_unistr2 - NULL uni_unknown_str [2006/06/20 18:19:35, 8] rpc_parse/parse_prs.c:prs_debug(84) 000308 smb_io_unistr2 - NULL uni_munged_dial [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(3367) _samr_set_userinfo: 3367 [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(222) _samr_set_userinfo: access check ((granted: 0x000f07ff; required: 0x000000b0) [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(3383) _samr_set_userinfo: sid:S-1-5-21-2969752157-892696647-4271518216-201025, level:25 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-201025)(objectclass=sambaSamAccount))], scope => [2] [2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: ws035$ [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username ws035$, was [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_domain(607) pdb_set_domain: setting domain ANDOLAN, was [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) pdb_set_nt_username: setting nt username ws035$, was [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(519) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdLastSet] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogoffTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaKickoffTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdCanChange] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdMustChange] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) pdb_set_full_name: setting full name Computer, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomeDrive] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) pdb_set_dir_drive: setting dir drive N:, was NULL [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomePath] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) pdb_set_homedir: setting home dir \\server\datamap, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonScript] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) pdb_set_logon_script: setting logon script logon.cmd, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaProfilePath] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) pdb_set_profile_path: setting profile path \\server\tempprof, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaUserWorkstations] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaMungedDial] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLMPassword] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaNTPassword] = [] [2006/06/20 18:19:35, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 0 [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordCount] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonHours] = [] [2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(83) Looking up login cache for user ws035$ [2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(97) No cache entry found [2006/06/20 18:19:35, 9] passdb/pdb_ldap.c:init_sam_from_ldap(898) No cache entry, bad count = 0, bad time = 0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(3417) _samr_set_userinfo: does possess sufficient rights [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 10] rpc_server/srv_samr_util.c:copy_id25_to_sam_passwd(627) INFO_25 UNI_FULL_NAME: Computer -> WS035$ [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) pdb_set_full_name: setting full name WS035$, was Computer [2006/06/20 18:19:35, 10] rpc_server/srv_samr_util.c:copy_id25_to_sam_passwd(729) INFO_25 ACCT_CTRL: 00000081 -> 00000080 [2006/06/20 18:19:35, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1777) ldapsam_update_sam_account: user ws035$ to be modified has dn: uid=ws035$,ou=Computers,dc=andolan [2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_ldap_from_sam(965) init_ldap_from_sam: Setting entry for user: ws035$ [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(520) smbldap_make_mod: deleting attribute |displayName| values |Computer| [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) smbldap_make_mod: adding attribute |displayName| value |WS035$| [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(520) smbldap_make_mod: deleting attribute |sambaAcctFlags| values |[DW ]| [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) smbldap_make_mod: adding attribute |sambaAcctFlags| value |[W ]| [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_modify(1363) smbldap_modify: dn => [uid=ws035$,ou=Computers,dc=andolan] [2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:ldapsam_update_sam_account(1804) ldapsam_update_sam_account: successfully modified uid = ws035$ in the LDAP database [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(3252) Attempting administrator password change for user ws035$ [2006/06/20 18:19:35, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: maximum password age, val: 1814400 [2006/06/20 18:19:35, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: minimum password age, val: 0 [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(3272) Changing trust account or non-unix-user password, not updating /etc/passwd [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(3290) set_user_info_pw: pdb_update_pwd() [2006/06/20 18:19:35, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1777) ldapsam_update_sam_account: user ws035$ to be modified has dn: uid=ws035$,ou=Computers,dc=andolan [2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_ldap_from_sam(965) init_ldap_from_sam: Setting entry for user: ws035$ [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(520) smbldap_make_mod: deleting attribute |displayName| values |Computer| [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) smbldap_make_mod: adding attribute |displayName| value |WS035$| [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdCanChange] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) smbldap_make_mod: adding attribute |sambaPwdCanChange| value |1150820375| [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdMustChange] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) smbldap_make_mod: adding attribute |sambaPwdMustChange| value |1152634775| [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLMPassword] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaNTPassword] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) smbldap_make_mod: adding attribute |sambaNTPassword| value |1DE5BEC007730E75346B57BD95939A14| [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdLastSet] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1150820375| [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(520) smbldap_make_mod: deleting attribute |sambaAcctFlags| values |[DW ]| [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_make_mod(529) smbldap_make_mod: adding attribute |sambaAcctFlags| value |[W ]| [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_modify(1363) smbldap_modify: dn => [uid=ws035$,ou=Computers,dc=andolan] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_modify(1377) Failed to modify dn: uid=ws035$,ou=Computers,dc=andolan, error: No such attribute (modify/delete: displayName: no such value) [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_set_userinfo [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0000 status: NT_STATUS_ACCESS_DENIED [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called samr successfully [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 910 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 784 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7155 name: samr len: 1024 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 001c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000008 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000004 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..28] [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1856 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 08 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 22 00 00 C0 ........ ."... [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x80 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 30 of length 132 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1920 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29013 (0x7155) smb_bcc=61 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 09 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 23 00 00 00 00 00 06 00 00 .......# ........ [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 ...... . DEA.. [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name samr pnum=7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7155) [2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7155 name: samr open: Yes len: 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000009 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0023 [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\samr [2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: samr op 0x23 - api_rpcTNP: rpc command: SAMR_DELETE_DOM_USER [2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[14].fn == 0x81a0ee1 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_delete_dom_user [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd user_pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000006 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 17 20 98 44 45 41 00 00 [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_delete_dom_user(4018) _samr_delete_dom_user: 4018 [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(222) _samr_delete_dom_user: access check ((granted: 0x000f07ff; required: 0x00010000) [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-201025)(objectclass=sambaSamAccount))], scope => [2] [2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: ws035$ [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username ws035$, was [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_domain(607) pdb_set_domain: setting domain ANDOLAN, was [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) pdb_set_nt_username: setting nt username ws035$, was [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(519) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdLastSet] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogoffTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaKickoffTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdCanChange] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdMustChange] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) pdb_set_full_name: setting full name WS035$, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomeDrive] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) pdb_set_dir_drive: setting dir drive N:, was NULL [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomePath] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) pdb_set_homedir: setting home dir \\server\datamap, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonScript] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) pdb_set_logon_script: setting logon script logon.cmd, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaProfilePath] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) pdb_set_profile_path: setting profile path \\server\tempprof, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaUserWorkstations] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaMungedDial] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLMPassword] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaNTPassword] = [] [2006/06/20 18:19:35, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 0 [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordCount] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonHours] = [] [2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(83) Looking up login cache for user ws035$ [2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(97) No cache entry found [2006/06/20 18:19:35, 9] passdb/pdb_ldap.c:init_sam_from_ldap(898) No cache entry, bad count = 0, bad time = 0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1455) lookup_global_sam_rid: looking up RID 201025. [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(&(sambaSID=S-1-5-21-2969752157-892696647-4271518216-201025)(objectclass=sambaSamAccount))], scope => [2] [2006/06/20 18:19:35, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: ws035$ [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username ws035$, was [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_domain(607) pdb_set_domain: setting domain ANDOLAN, was [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_nt_username(634) pdb_set_nt_username: setting nt username ws035$, was [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(519) pdb_set_user_sid_from_string: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_user_sid(506) pdb_set_user_sid: setting user sid S-1-5-21-2969752157-892696647-4271518216-201025 [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdLastSet] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogoffTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaKickoffTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdCanChange] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPwdMustChange] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_fullname(661) pdb_set_full_name: setting full name WS035$, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomeDrive] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(742) pdb_set_dir_drive: setting dir drive N:, was NULL [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaHomePath] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_homedir(769) pdb_set_homedir: setting home dir \\server\datamap, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonScript] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_logon_script(688) pdb_set_logon_script: setting logon script logon.cmd, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaProfilePath] = [] [2006/06/20 18:19:35, 10] passdb/pdb_get_set.c:pdb_set_profile_path(715) pdb_set_profile_path: setting profile path \\server\tempprof, was [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaUserWorkstations] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaMungedDial] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLMPassword] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaNTPassword] = [] [2006/06/20 18:19:35, 10] lib/account_pol.c:account_policy_get(337) account_policy_get: name: password history, val: 0 [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordCount] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaBadPasswordTime] = [] [2006/06/20 18:19:35, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLogonHours] = [] [2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(83) Looking up login cache for user ws035$ [2006/06/20 18:19:35, 7] passdb/login_cache.c:login_cache_read(97) No cache entry found [2006/06/20 18:19:35, 9] passdb/pdb_ldap.c:init_sam_from_ldap(898) No cache entry, bad count = 0, bad time = 0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user ws035$ [2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is ws035$ [2006/06/20 18:19:35, 10] lib/util_pw.c:getpwnam_alloc(76) Got ws035$ from pwnam_cache [2006/06/20 18:19:35, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [ws035$]! [2006/06/20 18:19:35, 10] passdb/lookup_sid.c:sid_to_uid(1206) sid_to_uid: S-1-5-21-2969752157-892696647-4271518216-201025 -> 10031 [2006/06/20 18:19:35, 3] passdb/pdb_ldap.c:ldapsam_delete_sam_account(1687) ldapsam_delete_sam_account: Deleting user ws035$ from LDAP. [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [dc=andolan], filter => [(&(uid=ws035$)(objectclass=sambaSamAccount))], scope => [2] [2006/06/20 18:19:35, 5] lib/smbldap.c:smbldap_delete(1427) smbldap_delete: dn => [uid=ws035$,ou=Computers,dc=andolan] [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_delete_dom_user [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called samr successfully [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7155 name: samr len: 1024 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000009 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1920 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x80 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 31 of length 132 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1984 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29013 (0x7155) smb_bcc=61 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0A 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 05 00 00 ........ ........ [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 ...... . DEA.. [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name samr pnum=7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7155) [2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7155 name: samr open: Yes len: 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000a [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0001 [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\samr [2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[0].fn == 0x819d4fc [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_close_hnd [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000005 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 17 20 98 44 45 41 00 00 [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:free_samr_cache(342) free_samr_cache: deleting cache for SID S-1-5-21-2969752157-892696647-4271518216 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(564) samr_reply_close_hnd: 564 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_close_hnd [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called samr successfully [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7155 name: samr len: 1024 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000a [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=1984 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x80 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 32 of length 132 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=2048 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29013 (0x7155) smb_bcc=61 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0B 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 01 00 00 00 00 00 04 00 00 ........ ........ [030] 00 00 00 00 00 17 20 98 44 45 41 00 00 ...... . DEA.. [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name samr pnum=7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "samr" (pnum 7155) [2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x84955e8 max_trans_reply: 1024 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7155 name: samr open: Yes len: 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000b [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0001 [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\samr [2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND [2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[0].fn == 0x819d4fc [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_q_close_hnd [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000004 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 17 20 98 44 45 41 00 00 [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 17 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/06/20 18:19:35, 10] rpc_server/srv_samr_nt.c:free_samr_cache(342) free_samr_cache: deleting cache for SID S-0-0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 1001) : sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(564) samr_reply_close_hnd: 564 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_close_hnd [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd pol [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called samr successfully [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7155 name: samr len: 1024 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 0000000b [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=2048 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x29 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 33 of length 45 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2112 smt_wct=3 smb_vwv[ 0]=29013 (0x7155) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7155 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name samr pnum=7155 (pipes_open=2) [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=2) [2006/06/20 18:19:35, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:7155 [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name samr pnum=7155 (pipes_open=1) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2112 smt_wct=0 smb_bcc=0 [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x80 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 34 of length 132 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=2176 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29011 (0x7153) smb_bcc=61 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [020] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [030] 00 00 00 00 00 16 20 98 44 45 41 00 00 ...... . DEA.. [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBtrans (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 3] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=44 params=0 setup=2 [2006/06/20 18:19:35, 5] smbd/ipc.c:handle_trans(404) calling named_pipe [2006/06/20 18:19:35, 3] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2006/06/20 18:19:35, 5] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7153 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=1) [2006/06/20 18:19:35, 3] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 7153) [2006/06/20 18:19:35, 10] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x8496d80 max_trans_reply: 1024 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 7153 name: lsarpc open: Yes len: 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 002c [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 alloc_hint: 00000014 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0004 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0006 opnum : 0000 [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_pipe_request(2220) Requested \PIPE\lsarpc [2006/06/20 18:19:35, 4] rpc_server/srv_pipe.c:api_rpcTNP(2255) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2006/06/20 18:19:35, 6] rpc_server/srv_pipe.c:api_rpcTNP(2281) api_rpc_cmds[4].fn == 0x81543a7 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_close [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000001 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 16 20 98 44 45 41 00 00 [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 20 98 44 ........ ..... .D [010] 45 41 00 00 EA.. [2006/06/20 18:19:35, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_close [2006/06/20 18:19:35, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0000 data1: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: 00000000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 0014 status: NT_STATUS_OK [2006/06/20 18:19:35, 5] rpc_server/srv_pipe.c:api_rpcTNP(2302) api_rpcTNP: called lsarpc successfully [2006/06/20 18:19:35, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 28 [2006/06/20 18:19:35, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 7153 name: lsarpc len: 1024 [2006/06/20 18:19:35, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 frag_len : 0030 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a auth_len : 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 000c call_id : 00000004 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0010 alloc_hint: 00000018 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0014 context_id: 0000 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2006/06/20 18:19:35, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2006/06/20 18:19:35, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1036 smb_uid=101 smb_mid=2176 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2006/06/20 18:19:35, 10] lib/util.c:dump_data(2215) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x29 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 35 of length 45 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2240 smt_wct=3 smb_vwv[ 0]=29011 (0x7153) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBclose (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 1001) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(455) NT user token of user S-1-5-21-2969752157-892696647-4271518216-3002 contains 8 SIDs SID[ 0]: S-1-5-21-2969752157-892696647-4271518216-3002 SID[ 1]: S-1-5-21-2969752157-892696647-4271518216-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1001 SID[ 6]: S-1-22-2-0 SID[ 7]: S-1-5-21-2969752157-892696647-4271518216-512 SE_PRIV 0x10 0x0 0x0 0x0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 1001 and contains 4 supplementary groups Group[ 0]: 10000 Group[ 1]: 1001 Group[ 2]: 0 Group[ 3]: 10001 [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_user(260) change_to_user uid=(0,0) gid=(0,1001) [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1264) search for pipe pnum=7153 [2006/06/20 18:19:35, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1268) pipe name lsarpc pnum=7153 (pipes_open=1) [2006/06/20 18:19:35, 5] smbd/pipes.c:reply_pipe_close(282) reply_pipe_close: pnum:7153 [2006/06/20 18:19:35, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) close_policy_by_pipe: deleted handle list for pipe lsarpc [2006/06/20 18:19:35, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name lsarpc pnum=7153 (pipes_open=0) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2240 smt_wct=0 smb_bcc=0 [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 39 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x27 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 36 of length 43 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=2304 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBulogoffX (pid 16709) conn 0x0 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:35, 3] smbd/reply.c:reply_ulogoffX(1614) ulogoffX vuid=101 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=2304 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2006/06/20 18:19:35, 6] smbd/process.c:process_smb(1111) got message type 0x0 of len 0x23 [2006/06/20 18:19:35, 3] smbd/process.c:process_smb(1112) Transaction 37 of length 39 [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2368 smt_wct=0 smb_bcc=0 [2006/06/20 18:19:35, 3] smbd/process.c:switch_message(914) switch message SMBtdis (pid 16709) conn 0x8497e40 [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:35, 3] smbd/service.c:close_cnum(1136) ws035 (192.168.68.22) closed connection to service IPC$ [2006/06/20 18:19:35, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2006/06/20 18:19:35, 4] smbd/vfs.c:vfs_ChDir(741) vfs_ChDir to / [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(478) [2006/06/20 18:19:35, 5] lib/util.c:show_msg(488) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2368 smt_wct=0 smb_bcc=0 [2006/06/20 18:19:35, 10] smbd/process.c:setup_select_timeout(1286) change_notify_timeout: -1 [2006/06/20 18:19:35, 10] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2006/06/20 18:19:35, 10] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length < 0! [2006/06/20 18:19:35, 3] smbd/process.c:timeout_processing(1361) timeout_processing: End of file from client (client has disconnected). [2006/06/20 18:19:35, 5] lib/gencache.c:gencache_shutdown(90) Closing cache file [2006/06/20 18:19:35, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2006/06/20 18:19:35, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_nt_user_token(449) NT user token: (NULL) [2006/06/20 18:19:35, 5] auth/auth_util.c:debug_unix_user_token(475) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2006/06/20 18:19:35, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2006/06/20 18:19:35, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2006/06/20 18:19:35, 3] smbd/server.c:exit_server_common(675) Server exit (normal exit)