The Samba-Bugzilla – Attachment 205 Details for
Bug 647
Joining clients to samba3 domain using LDAP backend
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Log 5 results
uttak.dat (text/plain), 536.25 KB, created by
Örn Hansen
on 2003-10-18 10:05:01 UTC
(
hide
)
Description:
Log 5 results
Filename:
MIME Type:
Creator:
Örn Hansen
Created:
2003-10-18 10:05:01 UTC
Size:
536.25 KB
patch
obsolete
>[2003/10/18 14:42:05, 5] lib/charcnv.c:charset_name(74) > Substituting charset 'ISO-8859-1' for LOCALE >[2003/10/18 14:42:05, 5] lib/charcnv.c:charset_name(74) > Substituting charset 'ISO-8859-1' for LOCALE >[2003/10/18 14:42:05, 2] lib/interface.c:add_interface(79) > added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 >[2003/10/18 14:42:05, 2] lib/interface.c:add_interface(79) > added interface ip=192.168.0.102 bcast=192.168.0.255 nmask=255.255.255.0 >[2003/10/18 14:42:05, 5] lib/hash.c:hash_table_init(67) > Hash size = 521. >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_KEEPALIVE = 1 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_REUSEADDR = 1 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_BROADCAST = 0 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option TCP_NODELAY = 1 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option IPTOS_LOWDELAY = 0 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option IPTOS_THROUGHPUT = 0 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDBUF = 16384 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVBUF = 87380 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDLOWAT = 1 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVLOWAT = 1 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDTIMEO = 0 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVTIMEO = 0 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_KEEPALIVE = 1 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_REUSEADDR = 1 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_BROADCAST = 0 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option TCP_NODELAY = 1 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option IPTOS_LOWDELAY = 0 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option IPTOS_THROUGHPUT = 0 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDBUF = 16384 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVBUF = 87380 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDLOWAT = 1 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVLOWAT = 1 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDTIMEO = 0 >[2003/10/18 14:44:41, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVTIMEO = 0 >[2003/10/18 14:44:41, 5] lib/gencache.c:gencache_init(59) > Opening cache file at /var/lib/samba/gencache.tdb >[2003/10/18 14:44:41, 5] libsmb/namecache.c:namecache_enable(58) > namecache_enable: enabling netbios namecache, timeout 660 seconds >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_context_list(535) > Trying to load: ldapsam:ldap://localhost:389 >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(55) > Attempting to register passdb backend ldapsam >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(68) > Successfully added passdb backend 'ldapsam' >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(55) > Attempting to register passdb backend ldapsam_compat >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(68) > Successfully added passdb backend 'ldapsam_compat' >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(55) > Attempting to register passdb backend smbpasswd >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(68) > Successfully added passdb backend 'smbpasswd' >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(55) > Attempting to register passdb backend tdbsam >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(68) > Successfully added passdb backend 'tdbsam' >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(55) > Attempting to register passdb backend guest >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:smb_register_passdb(68) > Successfully added passdb backend 'guest' >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_methods_name(431) > Attempting to find an passdb backend to match ldapsam:ldap://localhost:389 (ldapsam) >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_methods_name(452) > Found pdb backend ldapsam >[2003/10/18 14:44:41, 2] lib/smbldap.c:smbldap_search_domain_info(1295) > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=UTBILDNING))] >[2003/10/18 14:44:41, 2] lib/smbldap.c:smbldap_search_suffix(1066) > smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=UTBILDNING))] >[2003/10/18 14:44:41, 2] lib/smbldap.c:smbldap_open_connection(623) > smbldap_open_connection: connection opened >[2003/10/18 14:44:41, 3] lib/smbldap.c:smbldap_connect_system(785) > ldap_connect_system: succesful connection to the LDAP server >[2003/10/18 14:44:41, 4] lib/smbldap.c:smbldap_open(836) > The LDAP server is succesful connected >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_methods_name(455) > pdb backend ldapsam:ldap://localhost:389 has a valid init >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_context_list(535) > Trying to load: guest >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_methods_name(431) > Attempting to find an passdb backend to match guest (guest) >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_methods_name(452) > Found pdb backend guest >[2003/10/18 14:44:41, 5] passdb/pdb_interface.c:make_pdb_methods_name(455) > pdb backend guest has a valid init >[2003/10/18 14:44:41, 3] smbd/oplock.c:init_oplocks(1226) > open_oplock_ipc: opening loopback UDP socket. >[2003/10/18 14:44:41, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303) > Linux kernel oplocks enabled >[2003/10/18 14:44:41, 3] smbd/oplock.c:init_oplocks(1257) > open_oplock ipc: pid = 2893, global_oplock_port = 32769 >[2003/10/18 14:44:41, 4] lib/time.c:get_serverzone(122) > Serverzone is -7200 >[2003/10/18 14:44:41, 3] lib/access.c:check_access(313) > check_access: no hostnames in host allow/deny list. >[2003/10/18 14:44:41, 2] lib/access.c:check_access(324) > Allowed connection from (192.168.0.100) >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 0 of length 72 >[2003/10/18 14:44:41, 2] smbd/reply.c:reply_special(93) > netbios connect: name1=STUDENT name2=CITADELXP >[2003/10/18 14:44:41, 2] smbd/reply.c:reply_special(100) > netbios connect: local=student remote=citadelxp, name type = 0 >[2003/10/18 14:44:41, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2003/10/18 14:44:41, 5] smbd/reply.c:reply_special(142) > init msg_type=0x81 msg_flags=0x0 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 1 of length 137 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=133 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51283 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=98 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBnegprot (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:41, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2003/10/18 14:44:41, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [LANMAN1.0] >[2003/10/18 14:44:41, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [Windows for Workgroups 3.1a] >[2003/10/18 14:44:41, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [LM1.2X002] >[2003/10/18 14:44:41, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [LANMAN2.1] >[2003/10/18 14:44:41, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [NT LM 0.12] >[2003/10/18 14:44:41, 3] smbd/negprot.c:reply_nt1(329) > using SPNEGO >[2003/10/18 14:44:41, 3] smbd/negprot.c:reply_negprot(532) > Selected protocol NT LM 0.12 >[2003/10/18 14:44:41, 5] smbd/negprot.c:reply_negprot(538) > negprot index=5 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=17 > smb_vwv[ 0]= 5 (0x5) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=19712 (0x4D00) > smb_vwv[ 8]= 11 (0xB) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=32995 (0x80E3) > smb_vwv[11]=32896 (0x8080) > smb_vwv[12]=11202 (0x2BC2) > smb_vwv[13]=30105 (0x7599) > smb_vwv[14]=50069 (0xC395) > smb_vwv[15]=34817 (0x8801) > smb_vwv[16]=15103 (0x3AFF) > smb_bcc=58 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 2 of length 232 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=228 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=64 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 228 (0xE4) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 66 (0x42) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=169 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBsesssetupX (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X(579) > wct=12 flg2=0xc807 >[2003/10/18 14:44:41, 2] smbd/sesssetup.c:setup_new_vc_session(535) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) > Doing spnego session setup >[2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) > NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] >[2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_spnego_negotiate(385) > Got OID 1 3 6 1 4 1 311 2 2 10 >[2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_spnego_negotiate(388) > Got secblob of size 32 >[2003/10/18 14:44:41, 5] auth/auth.c:make_auth_context_subsystem(492) > Using specified auth order >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend rhosts >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'rhosts' >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend hostsequiv >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'hostsequiv' >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam' >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam_ignoredomain >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam_ignoredomain' >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend unix >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'unix' >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend winbind >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'winbind' >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend smbserver >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'smbserver' >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend trustdomain >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'trustdomain' >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend ntdomain >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'ntdomain' >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend guest >[2003/10/18 14:44:41, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'guest' >[2003/10/18 14:44:41, 5] auth/auth.c:load_auth_module(370) > load_auth_module: Attempting to find an auth method to match guest >[2003/10/18 14:44:41, 5] auth/auth.c:load_auth_module(395) > load_auth_module: auth method guest has a valid init >[2003/10/18 14:44:41, 5] auth/auth.c:load_auth_module(370) > load_auth_module: Attempting to find an auth method to match sam >[2003/10/18 14:44:41, 5] auth/auth.c:load_auth_module(395) > load_auth_module: auth method sam has a valid init >[2003/10/18 14:44:41, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(33) > Got NTLMSSP neg_flags=0xe0088297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2003/10/18 14:44:41, 5] auth/auth.c:get_ntlm_challenge(93) > auth_get_challenge: module guest did not want to specify a challenge >[2003/10/18 14:44:41, 5] auth/auth.c:get_ntlm_challenge(93) > auth_get_challenge: module sam did not want to specify a challenge >[2003/10/18 14:44:41, 5] auth/auth.c:get_ntlm_challenge(132) > auth_context challenge created by random >[2003/10/18 14:44:41, 5] auth/auth.c:get_ntlm_challenge(133) > challenge is: >[2003/10/18 14:44:41, 5] lib/util.c:dump_data(1825) > [000] 26 DA 0E 49 8A 5B 1B 09 &Ú.I.[.. >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 3 of length 354 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=350 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=128 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 350 (0x15E) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 188 (0xBC) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=291 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBsesssetupX (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X(579) > wct=12 flg2=0xc807 >[2003/10/18 14:44:41, 2] smbd/sesssetup.c:setup_new_vc_session(535) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) > Doing spnego session setup >[2003/10/18 14:44:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) > NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] >[2003/10/18 14:44:41, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286) > Got user=[administrator] domain=[utbildning] workstation=[CITADELXP] len1=24 len2=24 >[2003/10/18 14:44:41, 4] lib/username.c:map_username(132) > Scanning username map /etc/samba/users.map >[2003/10/18 14:44:41, 5] auth/auth_util.c:make_user_info_map(216) > make_user_info_map: Mapping user [utbildning]\[administrator] from workstation [CITADELXP] >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:41, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(299) > secrets_fetch failed! >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(172) > no entry for trusted domain utbildning found. >[2003/10/18 14:44:41, 5] auth/auth_util.c:make_user_info(132) > attempting to make a user_info for administrator (administrator) >[2003/10/18 14:44:41, 5] auth/auth_util.c:make_user_info(142) > making strings for administrator's user_info struct >[2003/10/18 14:44:41, 5] auth/auth_util.c:make_user_info(184) > making blobs for administrator's user_info struct >[2003/10/18 14:44:41, 3] auth/auth.c:check_ntlm_password(216) > check_ntlm_password: Checking password for unmapped user [utbildning]\[administrator]@[CITADELXP] with the new password interface >[2003/10/18 14:44:41, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: mapped user is: [utbildning]\[administrator]@[CITADELXP] >[2003/10/18 14:44:41, 5] lib/util.c:dump_data(1825) > [000] 26 DA 0E 49 8A 5B 1B 09 &Ú.I.[.. >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:41, 2] lib/smbldap.c:smbldap_search_suffix(1066) > smbldap_search_suffix: searching for:[(&(uid=administrator)(objectclass=sambaSamAccount))] >[2003/10/18 14:44:41, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) > init_sam_from_ldap: Entry found for user: Administrator >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 4] auth/auth_sam.c:sam_password_ok(208) > sam_password_ok: Checking NT MD4 password >[2003/10/18 14:44:41, 4] auth/auth_sam.c:sam_account_ok(309) > sam_account_ok: Checking SMB password for user Administrator >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 250 > Primary group is 512 and contains 3 supplementary groups > Group[ 0]: 512 > Group[ 1]: 512 > Group[ 2]: 544 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:41, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) > ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=512))] >[2003/10/18 14:44:41, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1630) > ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Query was: ou=Groups,dc=utb,dc=com,dc=utb,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=512)) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) > fetch sid from gid cache 512 -> S-1-5-21-1179238187-1290062419-276724248-2025 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:41, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) > ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=544))] >[2003/10/18 14:44:41, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1630) > ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Query was: ou=Groups,dc=utb,dc=com,dc=utb,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=544)) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:make_server_info_sam(838) > make_server_info_sam: made server info for user Administrator -> Administrator >[2003/10/18 14:44:41, 3] auth/auth.c:check_ntlm_password(265) > check_ntlm_password: sam authentication for user [administrator] succeeded >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth.c:check_ntlm_password(289) > check_ntlm_password: PAM Account for user [Administrator] succeeded >[2003/10/18 14:44:41, 2] auth/auth.c:check_ntlm_password(302) > check_ntlm_password: authentication for user [administrator] -> [administrator] -> [Administrator] succeeded >[2003/10/18 14:44:41, 5] auth/auth_util.c:free_user_info(1185) > attempting to free (and zero) a user_info structure >[2003/10/18 14:44:41, 3] smbd/password.c:register_vuid(207) > User name: Administrator Real name: Administrator >[2003/10/18 14:44:41, 3] smbd/password.c:register_vuid(225) > UNIX uid 250 is UNIX user Administrator, and will be vuid 100 >[2003/10/18 14:44:41, 2] smbd/utmp.c:sys_utmp_update(419) > utmp_update: uname:/var/run/utmp wname:/var/log/wtmp >[2003/10/18 14:44:41, 3] smbd/password.c:register_vuid(241) > Adding/updating homes service for user 'Administrator' using home directory: '/tmp' >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 4 of length 84 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=80 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=192 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=37 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBtconX (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:41, 4] smbd/reply.c:reply_tcon_and_X(266) > Client requested device type [?????] for share [IPC$] >[2003/10/18 14:44:41, 5] smbd/service.c:make_connection(869) > making a connection to 'normal' service ipc$ >[2003/10/18 14:44:41, 3] lib/access.c:check_access(313) > check_access: no hostnames in host allow/deny list. >[2003/10/18 14:44:41, 2] lib/access.c:check_access(324) > Allowed connection from (192.168.0.100) >[2003/10/18 14:44:41, 5] lib/username.c:Get_Pwnam(288) > Finding user Administrator >[2003/10/18 14:44:41, 5] lib/username.c:Get_Pwnam_internals(223) > Trying _Get_Pwnam(), username as lowercase is administrator >[2003/10/18 14:44:41, 5] lib/username.c:Get_Pwnam_internals(251) > Get_Pwnam_internals did find user [Administrator]! >[2003/10/18 14:44:41, 0] smbd/service.c:set_admin_user(321) > Administrator logged in as admin user (root privileges) >[2003/10/18 14:44:41, 3] smbd/service.c:make_connection_snum(543) > Connect path is '/tmp' for service [IPC$] >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:get_current_groups(171) > get_current_groups: user is in 2 groups: 512, 544 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:get_current_groups(171) > get_current_groups: user is in 2 groups: 512, 544 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:41, 2] lib/smbldap.c:smbldap_search_suffix(1066) > smbldap_search_suffix: searching for:[(&(uid=root)(objectclass=sambaSamAccount))] >[2003/10/18 14:44:41, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1036) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 4] passdb/passdb.c:local_uid_to_sid(1112) > local_uid_to_sid: User root [uid == 0] has no samba account >[2003/10/18 14:44:41, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) > fetch sid from gid cache 512 -> S-1-5-21-1179238187-1290062419-276724248-2025 >[2003/10/18 14:44:41, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) > fetch sid from gid cache 512 -> S-1-5-21-1179238187-1290062419-276724248-2025 >[2003/10/18 14:44:41, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) > fetch sid from gid cache 544 -> S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) > get_share_security: using default secdesc for IPC$ >[2003/10/18 14:44:41, 3] lib/util_seaccess.c:se_access_check(251) >[2003/10/18 14:44:41, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-1000 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] lib/util_seaccess.c:se_access_check(309) > se_access_check: access (2) granted. >[2003/10/18 14:44:41, 3] smbd/vfs.c:vfs_init_default(201) > Initialising default vfs hooks >[2003/10/18 14:44:41, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 3] smbd/service.c:make_connection_snum(705) > citadelxp (192.168.0.100) connect to service IPC$ initially as user Administrator (uid=0, gid=512) (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:41, 3] smbd/reply.c:reply_tcon_and_X(314) > tconX service=IPC$ >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=192 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 5 of length 104 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=256 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBntcreateX (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 4] smbd/vfs.c:vfs_ChDir(611) > vfs_ChDir to /tmp >[2003/10/18 14:44:41, 4] smbd/nttrans.c:nt_open_pipe(486) > nt_open_pipe: Opening pipe \lsarpc. >[2003/10/18 14:44:41, 3] smbd/nttrans.c:nt_open_pipe(503) > nt_open_pipe: Known pipe lsarpc opening. >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested lsarpc (pipes_open=0) >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) > Create pipe requested lsarpc >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) > Created internal pipe lsarpc (pipes_open=0) >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) > Opened pipe lsarpc with handle 76f4 (pipes_open=1) >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name lsarpc pnum=76f4 >[2003/10/18 14:44:41, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=256 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=62464 (0xF400) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 6 of length 140 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=320 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30452 (0x76F4) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBwriteX (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f4 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=1) >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0b >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0048 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) > api_pipe_bind_req: decode request. 843 >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 num_elements: 00000001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000c context_id : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000e num_syntaxes: 01 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 data : 12345778 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 data : 1234 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 data : abcd >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0018 data : ef 00 01 23 45 67 89 ab >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 version: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 data : 8a885d04 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0028 data : 1ceb >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 002a data : 11c9 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 002c data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0034 version: 00000002 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) > api_pipe_bind_req: make response. 984 >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe.c:check_bind_req(726) > check_bind_req for \PIPE\lsarpc >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 000053f0 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 len: 000c >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000a str: \PIPE\lsass. >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0018 num_results: 01 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001c result : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001e reason : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 data : 8a885d04 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0024 data : 1ceb >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0026 data : 11c9 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0028 data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0030 version: 00000002 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0c >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0044 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:41, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=76f4 nwritten=72 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=320 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 7 of length 63 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=384 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30452 (0x76F4) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBreadX (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f4 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=1) >[2003/10/18 14:44:41, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=76f4 min=1024 max=1024 nread=68 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=384 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 8 of length 176 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=448 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30452 (0x76F4) > smb_bcc=105 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=88 params=0 setup=2 >[2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f4 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=1) >[2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0058 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000040 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 002c >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\lsarpc >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_open_pol2 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 ptr : 00149910 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 uni_max_len: 0000000a >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 offset : 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c uni_str_len: 0000000a >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0010 buffer : \.\.S.T.U.D.E.N.T... >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 len : 00000018 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0028 ptr_root_dir: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 002c ptr_obj_name: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0030 attributes : 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0034 ptr_sec_desc: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0038 ptr_sec_qos : 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 003c des_access: 02000000 >[2003/10/18 14:44:41, 3] lib/util_seaccess.c:se_access_check(251) >[2003/10/18 14:44:41, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-500 > se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? > [010] 4D 0B 00 00 M... >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_open_pol2 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: b9 35 91 3f 4d 0b 00 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called lsarpc successfully >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 820 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=448 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 9 of length 134 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=512 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30452 (0x76F4) > smb_bcc=63 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=46 params=0 setup=2 >[2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f4 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=1) >[2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002e >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000002 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000016 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 002e >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\lsarpc >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: lsarpc op 0x2e - unknown >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 23 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0020 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000002 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_rpc_hdr_fault fault >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0018 status : NT code 0x1c010002 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c reserved: 00000000 >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..32] >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=512 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 10 of length 134 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=576 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30452 (0x76F4) > smb_bcc=63 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=46 params=0 setup=2 >[2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f4 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=1) >[2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002e >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000003 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000016 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0007 >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\lsarpc >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_query >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: b9 35 91 3f 4d 0b 00 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 info_class: 0003 >[2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? > [010] 4D 0B 00 00 M... >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_query >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 undoc_buffer: 22000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 info_class: 0003 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 uni_dom_max_len: 0016 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a uni_dom_str_len: 0018 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c buffer_dom_name: 00000001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 buffer_dom_sid : 00000001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0014 uni_max_len: 0000000c >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 offset : 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c uni_str_len: 0000000b >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0020 buffer : U.T.B.I.L.D.N.I.N.G... >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0038 num_auths: 00000004 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 003c sid_rev_num: 01 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 003d num_auths : 04 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 003e id_auth[0] : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 003f id_auth[1] : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0040 id_auth[2] : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0041 id_auth[3] : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0042 id_auth[4] : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0043 id_auth[5] : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32s(862) > 0044 sub_auths : 00000015 4649bf2b 4ce4ca53 107e7a18 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0054 status: NT_STATUS_OK >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called lsarpc successfully >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 512 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0070 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000003 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000058 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..112] >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=168 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=576 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 112 (0x70) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 112 (0x70) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=113 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 11 of length 104 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=640 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBntcreateX (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 4] smbd/nttrans.c:nt_open_pipe(486) > nt_open_pipe: Opening pipe \winreg. >[2003/10/18 14:44:41, 3] smbd/nttrans.c:nt_open_pipe(503) > nt_open_pipe: Known pipe winreg opening. >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested winreg (pipes_open=1) >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name lsarpc pnum=76f4 >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) > Create pipe requested winreg >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) > Created internal pipe winreg (pipes_open=1) >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) > Opened pipe winreg with handle 76f5 (pipes_open=2) >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name winreg pnum=76f5 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name lsarpc pnum=76f4 >[2003/10/18 14:44:41, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) > do_ntcreate_pipe_open: open pipe = \winreg >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=640 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=62720 (0xF500) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 12 of length 140 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=704 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30453 (0x76F5) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBwriteX (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0b >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0048 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) > api_pipe_bind_req: decode request. 843 >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) > api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 num_elements: 00000001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000c context_id : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000e num_syntaxes: 01 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 data : 338cd001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 data : 2244 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 data : 31f1 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0018 data : aa aa 90 00 38 00 10 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 version: 00000001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 data : 8a885d04 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0028 data : 1ceb >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 002a data : 11c9 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 002c data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0034 version: 00000002 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) > api_pipe_bind_req: make response. 984 >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe.c:check_bind_req(726) > check_bind_req for \PIPE\winreg >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 000053f0 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 len: 000d >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000a str: \PIPE\winreg. >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0018 num_results: 01 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001c result : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001e reason : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 data : 8a885d04 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0024 data : 1ceb >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0026 data : 11c9 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0028 data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0030 version: 00000002 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0c >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0044 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:41, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=76f5 nwritten=72 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=704 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 13 of length 63 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=768 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30453 (0x76F5) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBreadX (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:41, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=76f5 min=1024 max=1024 nread=68 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=768 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 14 of length 124 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=832 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 36 (0x24) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30453 (0x76F5) > smb_bcc=53 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=36 params=0 setup=2 >[2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0024 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 0000000c >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0002 >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\winreg >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_open_hklm >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 ptr : 012cf544 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 unknown_0: 8e68 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 unknown_1: 0001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 access_mask: 02000000 >[2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? > [010] 4D 0B 00 00 M... >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_open_hklm >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000002 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: b9 35 91 3f 4d 0b 00 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called winreg successfully >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=832 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 15 of length 272 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=268 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=896 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 184 (0xB8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 184 (0xB8) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30453 (0x76F5) > smb_bcc=201 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=184 params=0 setup=2 >[2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 00b8 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000002 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 000000a0 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 000f >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\winreg >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_entry >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000002 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: b9 35 91 3f 4d 0b 00 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 uni_str_len: 006e >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 uni_max_len: 006e >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 buffer : 75157eb0 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c uni_max_len: 00000037 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 offset : 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 uni_str_len: 00000037 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0028 buffer : S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.s.e.r.v.i.c.e.s.\.N.e.t.l.o.g.o.n.\.p.a.r.a.m.e.t.e.r.s.\... >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0098 unknown_0 : 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 009c access_desired : 00020019 >[2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? > [010] 4D 0B 00 00 M... >[2003/10/18 14:44:41, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(326) > reg_open_entry: Enter >[2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? > [010] 4D 0B 00 00 M... >[2003/10/18 14:44:41, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(337) > reg_open_entry: Exit >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_open_entry >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000003 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: b9 35 91 3f 4d 0b 00 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called winreg successfully >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 110 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000002 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=896 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 16 of length 236 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=232 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=960 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 148 (0x94) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 148 (0x94) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30453 (0x76F5) > smb_bcc=165 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=148 params=0 setup=2 >[2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0094 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000003 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 0000007c >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0011 >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\winreg >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_INFO >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_info >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000003 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: b9 35 91 3f 4d 0b 00 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 uni_str_len: 002a >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 uni_max_len: 002a >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 buffer : 75157e84 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c uni_max_len: 00000015 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 offset : 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 uni_str_len: 00000015 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0028 buffer : R.e.f.u.s.e.P.a.s.s.w.o.r.d.C.h.a.n.g.e... >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0054 ptr_reserved: 012cf598 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0058 ptr_buf: 012cf5c8 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 005c ptr_bufsize: 012cf5c8 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0060 bufsize: 00000004 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0064 buf_unk: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0068 unk1: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 006c ptr_buflen: 012cf590 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0070 buflen: 00000004 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0074 ptr_buflen2: 012cf588 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0078 buflen2: 00000000 >[2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? > [010] 4D 0B 00 00 M... >[2003/10/18 14:44:41, 5] rpc_server/srv_reg_nt.c:_reg_info(358) > _reg_info: Enter >[2003/10/18 14:44:41, 5] rpc_server/srv_reg_nt.c:_reg_info(367) > reg_info: looking up value: [RefusePasswordChange] >[2003/10/18 14:44:41, 5] rpc_server/srv_reg_nt.c:_reg_info(436) > _reg_info: Exit >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_info >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 ptr_type: 00000001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 type: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 ptr_uni_val: 00000001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c uni_max_len: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 offset : 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0014 buf_len : 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0018 buffer : >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 ptr_max_len: 00000001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c buf_max_len: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 ptr_len: 00000001 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 buf_len: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0028 status: NT_STATUS_NO_SUCH_FILE >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called winreg successfully >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 42 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0044 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000003 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 0000002c >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..68] >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=960 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 17 of length 132 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1024 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30453 (0x76F5) > smb_bcc=61 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002c >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000004 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000014 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0005 >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\winreg >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_close >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000003 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: b9 35 91 3f 4d 0b 00 00 >[2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? > [010] 4D 0B 00 00 M... >[2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? > [010] 4D 0B 00 00 M... >[2003/10/18 14:44:41, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_close >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called winreg successfully >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000004 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1024 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 18 of length 132 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1088 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30453 (0x76F5) > smb_bcc=61 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/10/18 14:44:41, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:41, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:41, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:41, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002c >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000005 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000014 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0005 >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\winreg >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_close >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000002 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: b9 35 91 3f 4d 0b 00 00 >[2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? > [010] 4D 0B 00 00 M... >[2003/10/18 14:44:41, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? > [010] 4D 0B 00 00 M... >[2003/10/18 14:44:41, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_close >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called winreg successfully >[2003/10/18 14:44:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000005 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:41, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:41, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1088 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:41, 3] smbd/process.c:process_smb(890) > Transaction 19 of length 45 >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1152 > smt_wct=3 > smb_vwv[ 0]=30453 (0x76F5) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2003/10/18 14:44:41, 3] smbd/process.c:switch_message(685) > switch message SMBclose (pid 2893) >[2003/10/18 14:44:41, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:41, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:41, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:41, 5] smbd/pipes.c:reply_pipe_close(258) > reply_pipe_close: pnum:76f5 >[2003/10/18 14:44:41, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name winreg pnum=76f5 (pipes_open=1) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:41, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1152 > smt_wct=0 > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 20 of length 108 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1216 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=21 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBntcreateX (pid 2893) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] smbd/nttrans.c:nt_open_pipe(486) > nt_open_pipe: Opening pipe \NETLOGON. >[2003/10/18 14:44:42, 3] smbd/nttrans.c:nt_open_pipe(503) > nt_open_pipe: Known pipe NETLOGON opening. >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested NETLOGON (pipes_open=1) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name lsarpc pnum=76f4 >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) > Create pipe requested NETLOGON >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) > Created internal pipe NETLOGON (pipes_open=1) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) > Opened pipe NETLOGON with handle 76f6 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name NETLOGON pnum=76f6 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name lsarpc pnum=76f4 >[2003/10/18 14:44:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) > do_ntcreate_pipe_open: open pipe = \NETLOGON >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1216 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=62976 (0xF600) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 21 of length 140 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1280 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30454 (0x76F6) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBwriteX (pid 2893) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f6 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name NETLOGON pnum=76f6 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0b >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0048 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) > api_pipe_bind_req: decode request. 843 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) > api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 num_elements: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000c context_id : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000e num_syntaxes: 01 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 data : 12345678 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 data : 1234 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 data : abcd >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0018 data : ef 00 01 23 45 67 cf fb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 version: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 data : 8a885d04 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0028 data : 1ceb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 002a data : 11c9 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 002c data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0034 version: 00000002 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) > api_pipe_bind_req: make response. 984 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:check_bind_req(726) > check_bind_req for \PIPE\NETLOGON >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 000053f0 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 len: 000c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000a str: \PIPE\lsass. >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0018 num_results: 01 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001c result : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001e reason : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 data : 8a885d04 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0024 data : 1ceb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0026 data : 11c9 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0028 data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0030 version: 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0044 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=76f6 nwritten=72 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1280 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 22 of length 63 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1344 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30454 (0x76F6) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBreadX (pid 2893) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f6 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name NETLOGON pnum=76f6 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=76f6 min=1024 max=1024 nread=68 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1344 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 23 of length 188 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=184 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1408 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 100 (0x64) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 100 (0x64) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30454 (0x76F6) > smb_bcc=117 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2893) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=100 params=0 setup=2 >[2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f6 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name NETLOGON pnum=76f6 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "NETLOGON" (pnum 76f6)000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0064 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 0000004c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0004 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\NETLOGON >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 net_io_q_req_chal >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 undoc_buffer: 0009c298 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 uni_max_len: 0000000a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 offset : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c uni_str_len: 0000000a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0010 buffer : \.\.S.T.U.D.E.N.T... >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 uni_max_len: 0000000a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0028 offset : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 002c uni_str_len: 0000000a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0030 buffer : C.I.T.A.D.E.L.X.P... >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0044 data: 96 4d 0d 20 eb 25 69 ee >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 net_io_r_req_chal >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0000 data: 51 38 64 ea 5f fd 26 f3 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0008 status: NT_STATUS_OK >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called NETLOGON successfully >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 40 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0024 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 0000000c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..36] >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1408 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 24 of length 45 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1472 > smt_wct=3 > smb_vwv[ 0]=30454 (0x76F6) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBclose (pid 2893) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f6 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name NETLOGON pnum=76f6 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 5] smbd/pipes.c:reply_pipe_close(258) > reply_pipe_close: pnum:76f6 >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name NETLOGON pnum=76f6 (pipes_open=1) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1472 > smt_wct=0 > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 25 of length 108 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1536 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=21 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBntcreateX (pid 2893) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] smbd/nttrans.c:nt_open_pipe(486) > nt_open_pipe: Opening pipe \NETLOGON. >[2003/10/18 14:44:42, 3] smbd/nttrans.c:nt_open_pipe(503) > nt_open_pipe: Known pipe NETLOGON opening. >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested NETLOGON (pipes_open=1) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name lsarpc pnum=76f4 >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) > Create pipe requested NETLOGON >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) > Created internal pipe NETLOGON (pipes_open=1) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) > Opened pipe NETLOGON with handle 76f7 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name NETLOGON pnum=76f7 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name lsarpc pnum=76f4 >[2003/10/18 14:44:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) > do_ntcreate_pipe_open: open pipe = \NETLOGON >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1536 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=63232 (0xF700) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 26 of length 140 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1600 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30455 (0x76F7) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBwriteX (pid 2893) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f7 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name NETLOGON pnum=76f7 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0b >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0048 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) > api_pipe_bind_req: decode request. 843 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) > api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 num_elements: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000c context_id : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000e num_syntaxes: 01 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 data : 12345678 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 data : 1234 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 data : abcd >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0018 data : ef 00 01 23 45 67 cf fb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 version: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 data : 8a885d04 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0028 data : 1ceb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 002a data : 11c9 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 002c data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0034 version: 00000002 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) > api_pipe_bind_req: make response. 984 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:check_bind_req(726) > check_bind_req for \PIPE\NETLOGON >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 000053f0 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 len: 000c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000a str: \PIPE\lsass. >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0018 num_results: 01 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001c result : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001e reason : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 data : 8a885d04 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0024 data : 1ceb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0026 data : 11c9 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0028 data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0030 version: 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0044 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=76f7 nwritten=72 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1600 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 27 of length 63 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1664 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30455 (0x76F7) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBreadX (pid 2893) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f7 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name NETLOGON pnum=76f7 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=76f7 min=1024 max=1024 nread=68 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1664 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 28 of length 224 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=220 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1728 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 136 (0x88) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 136 (0x88) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30455 (0x76F7) > smb_bcc=153 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2893) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=136 params=0 setup=2 >[2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f7 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name NETLOGON pnum=76f7 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "NETLOGON" (pnum 76f7)000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0088 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000070 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0005 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\NETLOGON >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: NETLOGON op 0x5 - api_rpcTNP: rpc command: NET_AUTH >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 net_io_q_auth >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 undoc_buffer: 0009c298 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 uni_max_len: 0000000a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 offset : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c uni_str_len: 0000000a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0010 buffer : \.\.S.T.U.D.E.N.T... >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 uni_max_len: 0000000b >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0028 offset : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 002c uni_str_len: 0000000b >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0030 buffer : C.I.T.A.D.E.L.X.P.$... >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0046 sec_chan: 0002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0048 uni_max_len: 0000000a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 004c offset : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0050 uni_str_len: 0000000a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0054 buffer : C.I.T.A.D.E.L.X.P... >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0068 data: d4 a7 81 72 f4 74 ec e5 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 net_io_r_auth >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0000 data: 28 ec ff bf 4a b8 1b 08 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0008 status: NT_STATUS_ACCESS_DENIED >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called NETLOGON successfully >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 62 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0024 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 0000000c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..36] >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1728 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 29 of length 45 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1792 > smt_wct=3 > smb_vwv[ 0]=30455 (0x76F7) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBclose (pid 2893) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f7 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name NETLOGON pnum=76f7 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 5] smbd/pipes.c:reply_pipe_close(258) > reply_pipe_close: pnum:76f7 >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name NETLOGON pnum=76f7 (pipes_open=1) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1792 > smt_wct=0 > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 30 of length 132 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1856 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30452 (0x76F4) > smb_bcc=61 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2893) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f4 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=1) >[2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000004 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000014 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0000 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\lsarpc >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_close >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: b9 35 91 3f 4d 0b 00 00 >[2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? > [010] 4D 0B 00 00 M... >[2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B9 35 91 3F ........ ....¹5.? > [010] 4D 0B 00 00 M... >[2003/10/18 14:44:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_close >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called lsarpc successfully >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000004 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1856 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 31 of length 45 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1920 > smt_wct=3 > smb_vwv[ 0]=30452 (0x76F4) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBclose (pid 2893) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f4 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=1) >[2003/10/18 14:44:42, 5] smbd/pipes.c:reply_pipe_close(258) > reply_pipe_close: pnum:76f4 >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name lsarpc pnum=76f4 (pipes_open=0) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1920 > smt_wct=0 > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 32 of length 43 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=1984 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBulogoffX (pid 2893) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:42, 2] smbd/utmp.c:sys_utmp_update(419) > utmp_update: uname:/var/run/utmp wname:/var/log/wtmp >[2003/10/18 14:44:42, 5] auth/auth_util.c:free_server_info(1210) > attempting to free (and zero) a server_info structure >[2003/10/18 14:44:42, 3] smbd/reply.c:reply_ulogoffX(1055) > ulogoffX vuid=100 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=1984 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 33 of length 39 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2048 > smt_wct=0 > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtdis (pid 2893) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:42, 3] smbd/service.c:close_cnum(887) > citadelxp (192.168.0.100) closed connection to service IPC$ >[2003/10/18 14:44:42, 3] smbd/connection.c:yield_connection(69) > Yielding connection to IPC$ >[2003/10/18 14:44:42, 4] smbd/vfs.c:vfs_ChDir(611) > vfs_ChDir to / >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2048 > smt_wct=0 > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:timeout_processing(1099) > timeout_processing: End of file from client (client has disconnected). >[2003/10/18 14:44:42, 5] lib/gencache.c:gencache_shutdown(88) > Closing cache file >[2003/10/18 14:44:42, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:42, 2] smbd/server.c:exit_server(558) > Closing connections >[2003/10/18 14:44:42, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2003/10/18 14:44:42, 5] smbd/oplock.c:receive_local_message(107) > receive_local_message: doing select with timeout of 1 ms >[2003/10/18 14:44:42, 3] smbd/server.c:exit_server(601) > Server exit (normal exit) >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_KEEPALIVE = 1 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_REUSEADDR = 1 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_BROADCAST = 0 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option TCP_NODELAY = 1 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option IPTOS_LOWDELAY = 0 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option IPTOS_THROUGHPUT = 0 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDBUF = 16384 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVBUF = 87380 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDLOWAT = 1 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVLOWAT = 1 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDTIMEO = 0 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVTIMEO = 0 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_KEEPALIVE = 1 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_REUSEADDR = 1 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_BROADCAST = 0 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option TCP_NODELAY = 1 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option IPTOS_LOWDELAY = 0 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option IPTOS_THROUGHPUT = 0 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDBUF = 16384 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVBUF = 87380 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDLOWAT = 1 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVLOWAT = 1 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDTIMEO = 0 >[2003/10/18 14:44:42, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVTIMEO = 0 >[2003/10/18 14:44:42, 5] lib/gencache.c:gencache_init(59) > Opening cache file at /var/lib/samba/gencache.tdb >[2003/10/18 14:44:42, 5] libsmb/namecache.c:namecache_enable(58) > namecache_enable: enabling netbios namecache, timeout 660 seconds >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_context_list(535) > Trying to load: ldapsam:ldap://localhost:389 >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(55) > Attempting to register passdb backend ldapsam >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(68) > Successfully added passdb backend 'ldapsam' >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(55) > Attempting to register passdb backend ldapsam_compat >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(68) > Successfully added passdb backend 'ldapsam_compat' >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(55) > Attempting to register passdb backend smbpasswd >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(68) > Successfully added passdb backend 'smbpasswd' >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(55) > Attempting to register passdb backend tdbsam >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(68) > Successfully added passdb backend 'tdbsam' >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(55) > Attempting to register passdb backend guest >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:smb_register_passdb(68) > Successfully added passdb backend 'guest' >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(431) > Attempting to find an passdb backend to match ldapsam:ldap://localhost:389 (ldapsam) >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(452) > Found pdb backend ldapsam >[2003/10/18 14:44:42, 2] lib/smbldap.c:smbldap_search_domain_info(1295) > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=UTBILDNING))] >[2003/10/18 14:44:42, 2] lib/smbldap.c:smbldap_search_suffix(1066) > smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=UTBILDNING))] >[2003/10/18 14:44:42, 2] lib/smbldap.c:smbldap_open_connection(623) > smbldap_open_connection: connection opened >[2003/10/18 14:44:42, 3] lib/smbldap.c:smbldap_connect_system(785) > ldap_connect_system: succesful connection to the LDAP server >[2003/10/18 14:44:42, 4] lib/smbldap.c:smbldap_open(836) > The LDAP server is succesful connected >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(455) > pdb backend ldapsam:ldap://localhost:389 has a valid init >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_context_list(535) > Trying to load: guest >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(431) > Attempting to find an passdb backend to match guest (guest) >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(452) > Found pdb backend guest >[2003/10/18 14:44:42, 5] passdb/pdb_interface.c:make_pdb_methods_name(455) > pdb backend guest has a valid init >[2003/10/18 14:44:42, 3] smbd/oplock.c:init_oplocks(1226) > open_oplock_ipc: opening loopback UDP socket. >[2003/10/18 14:44:42, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303) > Linux kernel oplocks enabled >[2003/10/18 14:44:42, 3] smbd/oplock.c:init_oplocks(1257) > open_oplock ipc: pid = 2894, global_oplock_port = 32769 >[2003/10/18 14:44:42, 4] lib/time.c:get_serverzone(122) > Serverzone is -7200 >[2003/10/18 14:44:42, 3] lib/access.c:check_access(313) > check_access: no hostnames in host allow/deny list. >[2003/10/18 14:44:42, 2] lib/access.c:check_access(324) > Allowed connection from (192.168.0.100) >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 0 of length 72 >[2003/10/18 14:44:42, 2] smbd/reply.c:reply_special(93) > netbios connect: name1=STUDENT name2=CITADELXP >[2003/10/18 14:44:42, 2] smbd/reply.c:reply_special(100) > netbios connect: local=student remote=citadelxp, name type = 0 >[2003/10/18 14:44:42, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2003/10/18 14:44:42, 5] smbd/reply.c:reply_special(142) > init msg_type=0x81 msg_flags=0x0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 1 of length 137 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=133 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51283 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=98 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBnegprot (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:42, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2003/10/18 14:44:42, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [LANMAN1.0] >[2003/10/18 14:44:42, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [Windows for Workgroups 3.1a] >[2003/10/18 14:44:42, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [LM1.2X002] >[2003/10/18 14:44:42, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [LANMAN2.1] >[2003/10/18 14:44:42, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [NT LM 0.12] >[2003/10/18 14:44:42, 3] smbd/negprot.c:reply_nt1(329) > using SPNEGO >[2003/10/18 14:44:42, 3] smbd/negprot.c:reply_negprot(532) > Selected protocol NT LM 0.12 >[2003/10/18 14:44:42, 5] smbd/negprot.c:reply_negprot(538) > negprot index=5 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=17 > smb_vwv[ 0]= 5 (0x5) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=19968 (0x4E00) > smb_vwv[ 8]= 11 (0xB) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=32995 (0x80E3) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]=50265 (0xC459) > smb_vwv[13]=30105 (0x7599) > smb_vwv[14]=50069 (0xC395) > smb_vwv[15]=34817 (0x8801) > smb_vwv[16]=15103 (0x3AFF) > smb_bcc=58 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 2 of length 232 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=228 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=64 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 228 (0xE4) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 66 (0x42) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=169 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBsesssetupX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(579) > wct=12 flg2=0xc807 >[2003/10/18 14:44:42, 2] smbd/sesssetup.c:setup_new_vc_session(535) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) > Doing spnego session setup >[2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) > NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] >[2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(385) > Got OID 1 3 6 1 4 1 311 2 2 10 >[2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(388) > Got secblob of size 32 >[2003/10/18 14:44:42, 5] auth/auth.c:make_auth_context_subsystem(492) > Using specified auth order >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend rhosts >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'rhosts' >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend hostsequiv >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'hostsequiv' >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam' >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam_ignoredomain >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam_ignoredomain' >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend unix >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'unix' >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend winbind >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'winbind' >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend smbserver >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'smbserver' >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend trustdomain >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'trustdomain' >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend ntdomain >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'ntdomain' >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend guest >[2003/10/18 14:44:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'guest' >[2003/10/18 14:44:42, 5] auth/auth.c:load_auth_module(370) > load_auth_module: Attempting to find an auth method to match guest >[2003/10/18 14:44:42, 5] auth/auth.c:load_auth_module(395) > load_auth_module: auth method guest has a valid init >[2003/10/18 14:44:42, 5] auth/auth.c:load_auth_module(370) > load_auth_module: Attempting to find an auth method to match sam >[2003/10/18 14:44:42, 5] auth/auth.c:load_auth_module(395) > load_auth_module: auth method sam has a valid init >[2003/10/18 14:44:42, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(33) > Got NTLMSSP neg_flags=0xe0088297 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_NEGOTIATE_OEM > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_LM_KEY > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH >[2003/10/18 14:44:42, 5] auth/auth.c:get_ntlm_challenge(93) > auth_get_challenge: module guest did not want to specify a challenge >[2003/10/18 14:44:42, 5] auth/auth.c:get_ntlm_challenge(93) > auth_get_challenge: module sam did not want to specify a challenge >[2003/10/18 14:44:42, 5] auth/auth.c:get_ntlm_challenge(132) > auth_context challenge created by random >[2003/10/18 14:44:42, 5] auth/auth.c:get_ntlm_challenge(133) > challenge is: >[2003/10/18 14:44:42, 5] lib/util.c:dump_data(1825) > [000] 6D 65 A4 F0 95 8B 6A CD me¤ð..jÍ >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 3 of length 354 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=350 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=128 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 350 (0x15E) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 188 (0xBC) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=291 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBsesssetupX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(579) > wct=12 flg2=0xc807 >[2003/10/18 14:44:42, 2] smbd/sesssetup.c:setup_new_vc_session(535) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) > Doing spnego session setup >[2003/10/18 14:44:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) > NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] >[2003/10/18 14:44:42, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286) > Got user=[administrator] domain=[utbildning] workstation=[CITADELXP] len1=24 len2=24 >[2003/10/18 14:44:42, 4] lib/username.c:map_username(132) > Scanning username map /etc/samba/users.map >[2003/10/18 14:44:42, 5] auth/auth_util.c:make_user_info_map(216) > make_user_info_map: Mapping user [utbildning]\[administrator] from workstation [CITADELXP] >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(299) > secrets_fetch failed! >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(172) > no entry for trusted domain utbildning found. >[2003/10/18 14:44:42, 5] auth/auth_util.c:make_user_info(132) > attempting to make a user_info for administrator (administrator) >[2003/10/18 14:44:42, 5] auth/auth_util.c:make_user_info(142) > making strings for administrator's user_info struct >[2003/10/18 14:44:42, 5] auth/auth_util.c:make_user_info(184) > making blobs for administrator's user_info struct >[2003/10/18 14:44:42, 3] auth/auth.c:check_ntlm_password(216) > check_ntlm_password: Checking password for unmapped user [utbildning]\[administrator]@[CITADELXP] with the new password interface >[2003/10/18 14:44:42, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: mapped user is: [utbildning]\[administrator]@[CITADELXP] >[2003/10/18 14:44:42, 5] lib/util.c:dump_data(1825) > [000] 6D 65 A4 F0 95 8B 6A CD me¤ð..jÍ >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 2] lib/smbldap.c:smbldap_search_suffix(1066) > smbldap_search_suffix: searching for:[(&(uid=administrator)(objectclass=sambaSamAccount))] >[2003/10/18 14:44:42, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) > init_sam_from_ldap: Entry found for user: Administrator >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 4] auth/auth_sam.c:sam_password_ok(208) > sam_password_ok: Checking NT MD4 password >[2003/10/18 14:44:42, 4] auth/auth_sam.c:sam_account_ok(309) > sam_account_ok: Checking SMB password for user Administrator >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 250 > Primary group is 512 and contains 3 supplementary groups > Group[ 0]: 512 > Group[ 1]: 512 > Group[ 2]: 544 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) > ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=512))] >[2003/10/18 14:44:42, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1630) > ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Query was: ou=Groups,dc=utb,dc=com,dc=utb,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=512)) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) > fetch sid from gid cache 512 -> S-1-5-21-1179238187-1290062419-276724248-2025 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) > ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=544))] >[2003/10/18 14:44:42, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1630) > ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Query was: ou=Groups,dc=utb,dc=com,dc=utb,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=544)) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:make_server_info_sam(838) > make_server_info_sam: made server info for user Administrator -> Administrator >[2003/10/18 14:44:42, 3] auth/auth.c:check_ntlm_password(265) > check_ntlm_password: sam authentication for user [administrator] succeeded >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth.c:check_ntlm_password(289) > check_ntlm_password: PAM Account for user [Administrator] succeeded >[2003/10/18 14:44:42, 2] auth/auth.c:check_ntlm_password(302) > check_ntlm_password: authentication for user [administrator] -> [administrator] -> [Administrator] succeeded >[2003/10/18 14:44:42, 5] auth/auth_util.c:free_user_info(1185) > attempting to free (and zero) a user_info structure >[2003/10/18 14:44:42, 3] smbd/password.c:register_vuid(207) > User name: Administrator Real name: Administrator >[2003/10/18 14:44:42, 3] smbd/password.c:register_vuid(225) > UNIX uid 250 is UNIX user Administrator, and will be vuid 100 >[2003/10/18 14:44:42, 2] smbd/utmp.c:sys_utmp_update(419) > utmp_update: uname:/var/run/utmp wname:/var/log/wtmp >[2003/10/18 14:44:42, 3] smbd/password.c:register_vuid(241) > Adding/updating homes service for user 'Administrator' using home directory: '/tmp' >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 4 of length 84 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=80 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=192 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=37 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtconX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:42, 4] smbd/reply.c:reply_tcon_and_X(266) > Client requested device type [?????] for share [IPC$] >[2003/10/18 14:44:42, 5] smbd/service.c:make_connection(869) > making a connection to 'normal' service ipc$ >[2003/10/18 14:44:42, 3] lib/access.c:check_access(313) > check_access: no hostnames in host allow/deny list. >[2003/10/18 14:44:42, 2] lib/access.c:check_access(324) > Allowed connection from (192.168.0.100) >[2003/10/18 14:44:42, 5] lib/username.c:Get_Pwnam(288) > Finding user Administrator >[2003/10/18 14:44:42, 5] lib/username.c:Get_Pwnam_internals(223) > Trying _Get_Pwnam(), username as lowercase is administrator >[2003/10/18 14:44:42, 5] lib/username.c:Get_Pwnam_internals(251) > Get_Pwnam_internals did find user [Administrator]! >[2003/10/18 14:44:42, 0] smbd/service.c:set_admin_user(321) > Administrator logged in as admin user (root privileges) >[2003/10/18 14:44:42, 3] smbd/service.c:make_connection_snum(543) > Connect path is '/tmp' for service [IPC$] >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:get_current_groups(171) > get_current_groups: user is in 2 groups: 512, 544 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:get_current_groups(171) > get_current_groups: user is in 2 groups: 512, 544 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 2] lib/smbldap.c:smbldap_search_suffix(1066) > smbldap_search_suffix: searching for:[(&(uid=root)(objectclass=sambaSamAccount))] >[2003/10/18 14:44:42, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1036) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 4] passdb/passdb.c:local_uid_to_sid(1112) > local_uid_to_sid: User root [uid == 0] has no samba account >[2003/10/18 14:44:42, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) > fetch sid from gid cache 512 -> S-1-5-21-1179238187-1290062419-276724248-2025 >[2003/10/18 14:44:42, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) > fetch sid from gid cache 512 -> S-1-5-21-1179238187-1290062419-276724248-2025 >[2003/10/18 14:44:42, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(235) > fetch sid from gid cache 544 -> S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) > get_share_security: using default secdesc for IPC$ >[2003/10/18 14:44:42, 3] lib/util_seaccess.c:se_access_check(251) >[2003/10/18 14:44:42, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-1000 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] lib/util_seaccess.c:se_access_check(309) > se_access_check: access (2) granted. >[2003/10/18 14:44:42, 3] smbd/vfs.c:vfs_init_default(201) > Initialising default vfs hooks >[2003/10/18 14:44:42, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/service.c:make_connection_snum(705) > citadelxp (192.168.0.100) connect to service IPC$ initially as user Administrator (uid=0, gid=512) (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:42, 3] smbd/reply.c:reply_tcon_and_X(314) > tconX service=IPC$ >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=192 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 5 of length 104 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=256 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBntcreateX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] smbd/vfs.c:vfs_ChDir(611) > vfs_ChDir to /tmp >[2003/10/18 14:44:42, 4] smbd/nttrans.c:nt_open_pipe(486) > nt_open_pipe: Opening pipe \lsarpc. >[2003/10/18 14:44:42, 3] smbd/nttrans.c:nt_open_pipe(503) > nt_open_pipe: Known pipe lsarpc opening. >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested lsarpc (pipes_open=0) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) > Create pipe requested lsarpc >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) > Created internal pipe lsarpc (pipes_open=0) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) > Opened pipe lsarpc with handle 76f4 (pipes_open=1) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name lsarpc pnum=76f4 >[2003/10/18 14:44:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=256 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=62464 (0xF400) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 6 of length 140 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=320 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30452 (0x76F4) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBwriteX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f4 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=1) >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0b >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0048 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) > api_pipe_bind_req: decode request. 843 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 num_elements: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000c context_id : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000e num_syntaxes: 01 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 data : 12345778 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 data : 1234 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 data : abcd >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0018 data : ef 00 01 23 45 67 89 ab >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 version: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 data : 8a885d04 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0028 data : 1ceb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 002a data : 11c9 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 002c data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0034 version: 00000002 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) > api_pipe_bind_req: make response. 984 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:check_bind_req(726) > check_bind_req for \PIPE\lsarpc >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 000053f0 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 len: 000c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000a str: \PIPE\lsass. >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0018 num_results: 01 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001c result : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001e reason : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 data : 8a885d04 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0024 data : 1ceb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0026 data : 11c9 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0028 data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0030 version: 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0044 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=76f4 nwritten=72 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=320 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 7 of length 63 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=384 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30452 (0x76F4) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBreadX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f4 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=1) >[2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=76f4 min=1024 max=1024 nread=68 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=384 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 8 of length 176 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=448 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30452 (0x76F4) > smb_bcc=105 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=88 params=0 setup=2 >[2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f4 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=1) >[2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0058 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000040 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 002c >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\lsarpc >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_open_pol2 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 ptr : 0009c298 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 uni_max_len: 0000000a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 offset : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c uni_str_len: 0000000a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0010 buffer : \.\.S.T.U.D.E.N.T... >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 len : 00000018 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0028 ptr_root_dir: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 002c ptr_obj_name: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0030 attributes : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0034 ptr_sec_desc: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0038 ptr_sec_qos : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 003c des_access: 02000000 >[2003/10/18 14:44:42, 3] lib/util_seaccess.c:se_access_check(251) >[2003/10/18 14:44:42, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-500 > se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_open_pol2 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: ba 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called lsarpc successfully >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 820 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=448 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 9 of length 134 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=512 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30452 (0x76F4) > smb_bcc=63 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=46 params=0 setup=2 >[2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f4 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=1) >[2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002e >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000002 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000016 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 002e >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\lsarpc >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: lsarpc op 0x2e - unknown >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 23 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0020 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_rpc_hdr_fault fault >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0018 status : NT code 0x1c010002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c reserved: 00000000 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..32] >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=512 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 10 of length 134 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=576 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30452 (0x76F4) > smb_bcc=63 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=46 params=0 setup=2 >[2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f4 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=1) >[2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002e >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000003 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000016 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0007 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\lsarpc >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_query >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: ba 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 info_class: 0003 >[2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_query >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 undoc_buffer: 22000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 info_class: 0003 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 uni_dom_max_len: 0016 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a uni_dom_str_len: 0018 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c buffer_dom_name: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 buffer_dom_sid : 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0014 uni_max_len: 0000000c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 offset : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c uni_str_len: 0000000b >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0020 buffer : U.T.B.I.L.D.N.I.N.G... >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0038 num_auths: 00000004 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 003c sid_rev_num: 01 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 003d num_auths : 04 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 003e id_auth[0] : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 003f id_auth[1] : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0040 id_auth[2] : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0041 id_auth[3] : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0042 id_auth[4] : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0043 id_auth[5] : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32s(862) > 0044 sub_auths : 00000015 4649bf2b 4ce4ca53 107e7a18 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0054 status: NT_STATUS_OK >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called lsarpc successfully >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 512 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0070 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000003 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000058 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..112] >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=168 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=576 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 112 (0x70) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 112 (0x70) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=113 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 11 of length 104 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=640 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBntcreateX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] smbd/nttrans.c:nt_open_pipe(486) > nt_open_pipe: Opening pipe \winreg. >[2003/10/18 14:44:42, 3] smbd/nttrans.c:nt_open_pipe(503) > nt_open_pipe: Known pipe winreg opening. >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested winreg (pipes_open=1) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name lsarpc pnum=76f4 >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) > Create pipe requested winreg >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) > Created internal pipe winreg (pipes_open=1) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) > Opened pipe winreg with handle 76f5 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name winreg pnum=76f5 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name lsarpc pnum=76f4 >[2003/10/18 14:44:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) > do_ntcreate_pipe_open: open pipe = \winreg >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=640 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=62720 (0xF500) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 12 of length 140 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=704 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30453 (0x76F5) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBwriteX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0b >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0048 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) > api_pipe_bind_req: decode request. 843 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) > api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 num_elements: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000c context_id : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000e num_syntaxes: 01 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 data : 338cd001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 data : 2244 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 data : 31f1 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0018 data : aa aa 90 00 38 00 10 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 version: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 data : 8a885d04 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0028 data : 1ceb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 002a data : 11c9 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 002c data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0034 version: 00000002 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) > api_pipe_bind_req: make response. 984 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:check_bind_req(726) > check_bind_req for \PIPE\winreg >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 000053f0 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 len: 000d >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000a str: \PIPE\winreg. >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0018 num_results: 01 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001c result : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001e reason : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 data : 8a885d04 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0024 data : 1ceb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0026 data : 11c9 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0028 data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0030 version: 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0044 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=76f5 nwritten=72 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=704 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 13 of length 63 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=768 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30453 (0x76F5) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBreadX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=76f5 min=1024 max=1024 nread=68 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=768 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 14 of length 124 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=832 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 36 (0x24) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30453 (0x76F5) > smb_bcc=53 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=36 params=0 setup=2 >[2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0024 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 0000000c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0002 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\winreg >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: winreg op 0x2 - api_rpcTNP: rpc command: REG_OPEN_HKLM >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_open_hklm >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 ptr : 012cf544 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 unknown_0: 6b50 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 unknown_1: 0001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 access_mask: 02000000 >[2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_open_hklm >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: ba 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called winreg successfully >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=832 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 15 of length 272 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=268 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=896 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 184 (0xB8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 184 (0xB8) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30453 (0x76F5) > smb_bcc=201 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=184 params=0 setup=2 >[2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 00b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000002 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 000000a0 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 000f >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\winreg >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: winreg op 0xf - api_rpcTNP: rpc command: REG_OPEN_ENTRY >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_entry >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: ba 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 uni_str_len: 006e >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 uni_max_len: 006e >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 buffer : 75157eb0 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c uni_max_len: 00000037 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 offset : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 uni_str_len: 00000037 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0028 buffer : S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.s.e.r.v.i.c.e.s.\.N.e.t.l.o.g.o.n.\.p.a.r.a.m.e.t.e.r.s.\... >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0098 unknown_0 : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 009c access_desired : 00020019 >[2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:42, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(326) > reg_open_entry: Enter >[2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:42, 5] rpc_server/srv_reg_nt.c:_reg_open_entry(337) > reg_open_entry: Exit >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_open_entry >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000003 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: ba 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called winreg successfully >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 110 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=896 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 16 of length 236 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=232 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=960 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 148 (0x94) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 148 (0x94) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30453 (0x76F5) > smb_bcc=165 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=148 params=0 setup=2 >[2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0094 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000003 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 0000007c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0011 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\winreg >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: winreg op 0x11 - api_rpcTNP: rpc command: REG_INFO >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_info >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000003 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: ba 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 uni_str_len: 002a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 uni_max_len: 002a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 buffer : 75157e84 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c uni_max_len: 00000015 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 offset : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 uni_str_len: 00000015 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0028 buffer : R.e.f.u.s.e.P.a.s.s.w.o.r.d.C.h.a.n.g.e... >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0054 ptr_reserved: 012cf598 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0058 ptr_buf: 012cf5c8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 005c ptr_bufsize: 012cf5c8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0060 bufsize: 00000004 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0064 buf_unk: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0068 unk1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 006c ptr_buflen: 012cf590 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0070 buflen: 00000004 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0074 ptr_buflen2: 012cf588 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0078 buflen2: 00000000 >[2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:42, 5] rpc_server/srv_reg_nt.c:_reg_info(358) > _reg_info: Enter >[2003/10/18 14:44:42, 5] rpc_server/srv_reg_nt.c:_reg_info(367) > reg_info: looking up value: [RefusePasswordChange] >[2003/10/18 14:44:42, 5] rpc_server/srv_reg_nt.c:_reg_info(436) > _reg_info: Exit >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_info >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 ptr_type: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 type: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 ptr_uni_val: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c uni_max_len: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 offset : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0014 buf_len : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0018 buffer : >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 ptr_max_len: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c buf_max_len: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 ptr_len: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 buf_len: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0028 status: NT_STATUS_NO_SUCH_FILE >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called winreg successfully >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 42 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0044 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000003 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 0000002c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..68] >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=960 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 17 of length 132 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1024 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30453 (0x76F5) > smb_bcc=61 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000004 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000014 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0005 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\winreg >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_close >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000003 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: ba 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_close >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called winreg successfully >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000004 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1024 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 18 of length 132 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1088 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30453 (0x76F5) > smb_bcc=61 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "winreg" (pnum 76f5)000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000005 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000014 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0005 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\winreg >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: winreg op 0x5 - api_rpcTNP: rpc command: REG_CLOSE >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_q_close >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: ba 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 reg_io_r_close >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called winreg successfully >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000005 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1088 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 19 of length 45 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1152 > smt_wct=3 > smb_vwv[ 0]=30453 (0x76F5) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBclose (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f5 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name winreg pnum=76f5 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 5] smbd/pipes.c:reply_pipe_close(258) > reply_pipe_close: pnum:76f5 >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name winreg pnum=76f5 (pipes_open=1) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1152 > smt_wct=0 > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 20 of length 100 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1216 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=13 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBntcreateX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] smbd/nttrans.c:nt_open_pipe(486) > nt_open_pipe: Opening pipe \samr. >[2003/10/18 14:44:42, 3] smbd/nttrans.c:nt_open_pipe(503) > nt_open_pipe: Known pipe samr opening. >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested samr (pipes_open=1) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name lsarpc pnum=76f4 >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) > Create pipe requested samr >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) > Created internal pipe samr (pipes_open=1) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) > Opened pipe samr with handle 76f6 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name samr pnum=76f6 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name lsarpc pnum=76f4 >[2003/10/18 14:44:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) > do_ntcreate_pipe_open: open pipe = \samr >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1216 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=62976 (0xF600) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 21 of length 140 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1280 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30454 (0x76F6) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBwriteX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f6 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f6 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0b >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0048 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) > api_pipe_bind_req: decode request. 843 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) > api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 num_elements: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000c context_id : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000e num_syntaxes: 01 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 data : 12345778 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 data : 1234 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 data : abcd >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0018 data : ef 00 01 23 45 67 89 ac >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 version: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 data : 8a885d04 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0028 data : 1ceb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 002a data : 11c9 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 002c data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0034 version: 00000002 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) > api_pipe_bind_req: make response. 984 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:check_bind_req(726) > check_bind_req for \PIPE\samr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 000053f0 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 len: 000c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000a str: \PIPE\lsass. >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0018 num_results: 01 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001c result : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001e reason : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 data : 8a885d04 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0024 data : 1ceb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0026 data : 11c9 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0028 data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0030 version: 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0044 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=76f6 nwritten=72 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1280 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 22 of length 63 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1344 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30454 (0x76F6) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBreadX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f6 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f6 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=76f6 min=1024 max=1024 nread=68 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1344 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 23 of length 168 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1408 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30454 (0x76F6) > smb_bcc=97 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=80 params=0 setup=2 >[2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f6 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f6 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 76f6)000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0050 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000038 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0040 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\samr >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: samr op 0x40 - unknown >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 23 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0020 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_rpc_hdr_fault fault >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0018 status : NT code 0x1c010002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c reserved: 00000000 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..32] >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1408 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 24 of length 45 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1472 > smt_wct=3 > smb_vwv[ 0]=30454 (0x76F6) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBclose (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f6 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f6 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 5] smbd/pipes.c:reply_pipe_close(258) > reply_pipe_close: pnum:76f6 >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name samr pnum=76f6 (pipes_open=1) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1472 > smt_wct=0 > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 25 of length 100 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1536 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=13 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBntcreateX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] smbd/nttrans.c:nt_open_pipe(486) > nt_open_pipe: Opening pipe \samr. >[2003/10/18 14:44:42, 3] smbd/nttrans.c:nt_open_pipe(503) > nt_open_pipe: Known pipe samr opening. >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested samr (pipes_open=1) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name lsarpc pnum=76f4 >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) > Create pipe requested samr >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) > Created internal pipe samr (pipes_open=1) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) > Opened pipe samr with handle 76f7 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name samr pnum=76f7 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name lsarpc pnum=76f4 >[2003/10/18 14:44:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) > do_ntcreate_pipe_open: open pipe = \samr >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1536 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=63232 (0xF700) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 26 of length 140 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1600 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30455 (0x76F7) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBwriteX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f7 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f7 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0b >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0048 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) > api_pipe_bind_req: decode request. 843 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) > api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 num_elements: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000c context_id : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000e num_syntaxes: 01 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 data : 12345778 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 data : 1234 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 data : abcd >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0018 data : ef 00 01 23 45 67 89 ac >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 version: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 data : 8a885d04 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0028 data : 1ceb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 002a data : 11c9 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 002c data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0034 version: 00000002 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) > api_pipe_bind_req: make response. 984 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe.c:check_bind_req(726) > check_bind_req for \PIPE\samr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 000053f0 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 len: 000c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000a str: \PIPE\lsass. >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0018 num_results: 01 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001c result : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001e reason : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 data : 8a885d04 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0024 data : 1ceb >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0026 data : 11c9 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0028 data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0030 version: 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0044 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=76f7 nwritten=72 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1600 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 27 of length 63 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1664 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30455 (0x76F7) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBreadX (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f7 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f7 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=76f7 min=1024 max=1024 nread=68 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1664 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 28 of length 156 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1728 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30455 (0x76F7) > smb_bcc=85 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=68 params=0 setup=2 >[2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f7 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f7 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 76f7)000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0044 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 0000002c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 003e >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\samr >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: samr op 0x3e - api_rpcTNP: rpc command: SAMR_CONNECT4 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_connect4 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 ptr_srv_name: 00149910 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 uni_max_len: 0000000a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 offset : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c uni_str_len: 0000000a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0010 buffer : \.\.S.T.U.D.E.N.T... >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 unk_0: 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0028 access_mask: 00000030 >[2003/10/18 14:44:42, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2472) > _samr_connect4: 2472 >[2003/10/18 14:44:42, 3] lib/util_seaccess.c:se_access_check(251) >[2003/10/18 14:44:42, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-500 > se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] lib/util_seaccess.c:se_access_check(309) > se_access_check: access (30) granted. >[2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:42, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2503) > _samr_connect: 2503 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_connect4 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000004 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: ba 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called samr successfully >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 752 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1728 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 29 of length 140 >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1792 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30455 (0x76F7) > smb_bcc=69 >[2003/10/18 14:44:42, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:42, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:42, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:42, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=52 params=0 setup=2 >[2003/10/18 14:44:42, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:42, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:42, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f7 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f7 (pipes_open=2) >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:42, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 76f7)000000 smb_io_rpc_hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0034 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000002 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 0000001c >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0006 >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\samr >[2003/10/18 14:44:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_enum_domains >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000004 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: ba 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0014 start_idx: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 max_size : 00002000 >[2003/10/18 14:44:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:42, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) > _samr_enum_domains: access check ((granted: 0x00000030; required: 0x00000010) >[2003/10/18 14:44:42, 5] rpc_server/srv_samr_nt.c:make_enum_domains(2555) > make_enum_domains >[2003/10/18 14:44:42, 5] rpc_parse/parse_samr.c:init_samr_r_enum_domains(3108) > init_samr_r_enum_domains >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_enum_domains >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 next_idx : 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 ptr_entries1: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 num_entries2: 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c ptr_entries2: 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 num_entries3: 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0014 rid: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0018 uni_str_len: 0014 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001a uni_max_len: 0014 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c buffer : 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 rid: 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0024 uni_str_len: 000e >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0026 uni_max_len: 000e >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0028 buffer : 00000001 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 002c uni_max_len: 0000000a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0030 offset : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0034 uni_str_len: 0000000a >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0038 buffer : U.T.B.I.L.D.N.I.N.G. >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 004c uni_max_len: 00000007 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0050 offset : 00000000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0054 uni_str_len: 00000007 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0058 buffer : B.u.i.l.t.i.n. >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0068 num_entries4: 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 006c status: NT_STATUS_OK >[2003/10/18 14:44:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called samr successfully >[2003/10/18 14:44:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 1080 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0088 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000002 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000070 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:42, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:42, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..136] >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:42, 5] lib/util.c:show_msg(466) > size=192 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1792 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 136 (0x88) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 136 (0x88) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=137 >[2003/10/18 14:44:42, 3] smbd/process.c:process_smb(890) > Transaction 30 of length 172 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=168 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1856 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 84 (0x54) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 84 (0x54) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30455 (0x76F7) > smb_bcc=101 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=84 params=0 setup=2 >[2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f7 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f7 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 76f7)000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0054 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000003 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 0000003c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0005 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\samr >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_lookup_domain >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000004 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: ba 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 uni_str_len: 0014 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 uni_max_len: 0014 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 buffer : 000dd2f0 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c uni_max_len: 0000000a >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 offset : 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 uni_str_len: 0000000a >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0028 buffer : U.T.B.I.L.D.N.I.N.G. >[2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) > _samr_lookup_domain: access check ((granted: 0x00000030; required: 0x00000010) >[2003/10/18 14:44:43, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2537) > Returning domain sid for domain UTBILDNING -> S-1-5-21-1179238187-1290062419-276724248 >[2003/10/18 14:44:43, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_domain(138) > init_samr_r_lookup_domain >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_lookup_domain >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 ptr: 00000001 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 num_auths: 00000004 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0008 sid_rev_num: 01 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0009 num_auths : 04 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000a id_auth[0] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000b id_auth[1] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000c id_auth[2] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000d id_auth[3] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000e id_auth[4] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000f id_auth[5] : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32s(862) > 0010 sub_auths : 00000015 4649bf2b 4ce4ca53 107e7a18 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0020 status: NT_STATUS_OK >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called samr successfully >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 20 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 003c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000003 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000024 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..60] >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1856 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 31 of length 164 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1920 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30455 (0x76F7) > smb_bcc=93 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=76 params=0 setup=2 >[2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f7 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f7 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 76f7)000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 004c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000004 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000034 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0007 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\samr >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_domain >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000004 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: ba 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0014 flags: 00000211 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 num_auths: 00000004 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 001c sid_rev_num: 01 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 001d num_auths : 04 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 001e id_auth[0] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 001f id_auth[1] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0020 id_auth[2] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0021 id_auth[3] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0022 id_auth[4] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0023 id_auth[5] : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32s(862) > 0024 sub_auths : 00000015 4649bf2b 4ce4ca53 107e7a18 >[2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) > _samr_open_domain: access check ((granted: 0x00000030; required: 0x00000020) >[2003/10/18 14:44:43, 3] lib/util_seaccess.c:se_access_check(251) >[2003/10/18 14:44:43, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-500 > se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] lib/util_seaccess.c:se_access_check(315) > se_access_check: access (211) denied. >[2003/10/18 14:44:43, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(87) > _samr_open_domain: ACCESS should be DENIED (requested: 0x00000211) > but overritten by euid == sec_initial_uid() >[2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[3] [000] 00 00 00 00 05 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(403) > samr_open_domain: 403 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_domain >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000005 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: bb 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called samr successfully >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 732 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000004 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1920 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 32 of length 180 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=176 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1984 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 92 (0x5C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 92 (0x5C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30455 (0x76F7) > smb_bcc=109 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=92 params=0 setup=2 >[2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f7 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f7 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 76f7)000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 005c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000005 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000044 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0032 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\samr >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: samr op 0x32 - api_rpcTNP: rpc command: SAMR_CREATE_USER >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_create_user >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000005 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: bb 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 uni_str_len: 0014 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 uni_max_len: 0016 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 buffer : 0009c298 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c uni_max_len: 0000000b >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 offset : 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 uni_str_len: 0000000a >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0028 buffer : C.I.T.A.D.E.L.X.P.$. >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 003c acb_info : 00000080 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0040 access_mask: e00500b0 >[2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) > _samr_create_user: access check ((granted: 0x00000211; required: 0x00000010) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:43, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:43, 2] lib/smbldap.c:smbldap_search_suffix(1066) > smbldap_search_suffix: searching for:[(&(uid=citadelxp$)(objectclass=sambaSamAccount))] >[2003/10/18 14:44:43, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) > init_sam_from_ldap: Entry found for user: citadelxp$ >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_create_user >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0014 access_granted: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 user_rid : 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 001c status: NT_STATUS_USER_EXISTS >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called samr successfully >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 22 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0038 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000005 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000020 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..56] >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=1984 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 33 of length 132 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2048 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30455 (0x76F7) > smb_bcc=61 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f7 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f7 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 76f7)000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000006 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000014 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0001 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\samr >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000005 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: bb 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:43, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(356) > samr_reply_close_hnd: 356 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called samr successfully >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000006 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2048 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 34 of length 132 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2112 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30455 (0x76F7) > smb_bcc=61 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f7 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f7 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 76f7)000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000007 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000014 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0001 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\samr >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000004 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: ba 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:43, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(356) > samr_reply_close_hnd: 356 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called samr successfully >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000007 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2112 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 35 of length 45 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2176 > smt_wct=3 > smb_vwv[ 0]=30455 (0x76F7) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBclose (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f7 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f7 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 5] smbd/pipes.c:reply_pipe_close(258) > reply_pipe_close: pnum:76f7 >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name samr pnum=76f7 (pipes_open=1) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2176 > smt_wct=0 > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 36 of length 100 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2240 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=13 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBntcreateX (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 4] smbd/nttrans.c:nt_open_pipe(486) > nt_open_pipe: Opening pipe \samr. >[2003/10/18 14:44:43, 3] smbd/nttrans.c:nt_open_pipe(503) > nt_open_pipe: Known pipe samr opening. >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested samr (pipes_open=1) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name lsarpc pnum=76f4 >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) > Create pipe requested samr >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) > Created internal pipe samr (pipes_open=1) >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) > Opened pipe samr with handle 76f8 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name samr pnum=76f8 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name lsarpc pnum=76f4 >[2003/10/18 14:44:43, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) > do_ntcreate_pipe_open: open pipe = \samr >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2240 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=63488 (0xF800) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 37 of length 140 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2304 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30456 (0x76F8) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBwriteX (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f8 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f8 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0b >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0048 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) > api_pipe_bind_req: decode request. 843 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) > api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 num_elements: 00000001 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000c context_id : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000e num_syntaxes: 01 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 data : 12345778 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 data : 1234 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 data : abcd >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0018 data : ef 00 01 23 45 67 89 ac >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 version: 00000001 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 data : 8a885d04 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0028 data : 1ceb >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 002a data : 11c9 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 002c data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0034 version: 00000002 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) > api_pipe_bind_req: make response. 984 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe.c:check_bind_req(726) > check_bind_req for \PIPE\samr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 000053f0 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 len: 000c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000a str: \PIPE\lsass. >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0018 num_results: 01 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001c result : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001e reason : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 data : 8a885d04 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0024 data : 1ceb >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0026 data : 11c9 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0028 data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0030 version: 00000002 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0044 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:43, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=76f8 nwritten=72 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2304 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 38 of length 63 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2368 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30456 (0x76F8) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBreadX (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f8 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f8 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=76f8 min=1024 max=1024 nread=68 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2368 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 39 of length 168 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2432 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30456 (0x76F8) > smb_bcc=97 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=80 params=0 setup=2 >[2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f8 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f8 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 76f8)000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0050 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000038 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0040 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\samr >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: samr op 0x40 - unknown >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 23 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0020 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000018 smb_io_rpc_hdr_fault fault >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0018 status : NT code 0x1c010002 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c reserved: 00000000 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..32] >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2432 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 40 of length 45 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2496 > smt_wct=3 > smb_vwv[ 0]=30456 (0x76F8) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBclose (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f8 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f8 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 5] smbd/pipes.c:reply_pipe_close(258) > reply_pipe_close: pnum:76f8 >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name samr pnum=76f8 (pipes_open=1) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2496 > smt_wct=0 > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 41 of length 100 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2560 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=13 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBntcreateX (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 4] smbd/nttrans.c:nt_open_pipe(486) > nt_open_pipe: Opening pipe \samr. >[2003/10/18 14:44:43, 3] smbd/nttrans.c:nt_open_pipe(503) > nt_open_pipe: Known pipe samr opening. >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested samr (pipes_open=1) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name lsarpc pnum=76f4 >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) > Create pipe requested samr >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) > Created internal pipe samr (pipes_open=1) >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) > Opened pipe samr with handle 76f9 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name samr pnum=76f9 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name lsarpc pnum=76f4 >[2003/10/18 14:44:43, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) > do_ntcreate_pipe_open: open pipe = \samr >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2560 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=63744 (0xF900) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 42 of length 140 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=136 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2624 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30457 (0x76F9) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 72 (0x48) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 72 (0x48) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=73 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBwriteX (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f9 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f9 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0b >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0048 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(843) > api_pipe_bind_req: decode request. 843 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(854) > api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_rb >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 num_elements: 00000001 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000c context_id : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 000e num_syntaxes: 01 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 data : 12345778 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 data : 1234 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0016 data : abcd >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0018 data : ef 00 01 23 45 67 89 ac >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 version: 00000001 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 data : 8a885d04 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0028 data : 1ceb >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 002a data : 11c9 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 002c data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0034 version: 00000002 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(984) > api_pipe_bind_req: make response. 984 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe.c:check_bind_req(726) > check_bind_req for \PIPE\samr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_ba >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0000 max_tsize: 10b8 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0002 max_rsize: 10b8 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 assoc_gid: 000053f0 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 len: 000c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000a str: \PIPE\lsass. >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0018 num_results: 01 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001c result : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 001e reason : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 data : 8a885d04 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0024 data : 1ceb >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0026 data : 11c9 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 0028 data : 9f e8 08 00 2b 10 48 60 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0030 version: 00000002 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 0c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0044 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:43, 3] smbd/pipes.c:reply_pipe_write_and_X(199) > writeX-IPC pnum=76f9 nwritten=72 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=47 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2624 > smt_wct=6 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 72 (0x48) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 43 of length 63 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2688 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=30457 (0x76F9) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBreadX (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f9 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f9 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 3] smbd/pipes.c:reply_pipe_read_and_X(242) > readX-IPC pnum=76f9 min=1024 max=1024 nread=68 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=127 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2688 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 68 (0x44) > smb_vwv[ 6]= 59 (0x3B) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=68 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 44 of length 156 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2752 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30457 (0x76F9) > smb_bcc=85 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=68 params=0 setup=2 >[2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f9 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f9 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 76f9)000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0044 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 0000002c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 003e >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\samr >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: samr op 0x3e - api_rpcTNP: rpc command: SAMR_CONNECT4 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_connect4 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 ptr_srv_name: 00135d58 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 uni_max_len: 0000000a >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 offset : 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c uni_str_len: 0000000a >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0010 buffer : \.\.S.T.U.D.E.N.T... >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0024 unk_0: 00000002 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0028 access_mask: 00000021 >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2472) > _samr_connect4: 2472 >[2003/10/18 14:44:43, 3] lib/util_seaccess.c:se_access_check(251) >[2003/10/18 14:44:43, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-500 > se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] lib/util_seaccess.c:se_access_check(309) > se_access_check: access (21) granted. >[2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 06 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_connect4(2503) > _samr_connect: 2503 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_connect4 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000006 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: bb 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called samr successfully >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 752 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000001 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2752 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 45 of length 164 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2816 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30457 (0x76F9) > smb_bcc=93 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=76 params=0 setup=2 >[2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f9 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f9 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 76f9)000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 004c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000002 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000034 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0007 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\samr >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_open_domain >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000006 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: bb 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0014 flags: 00000200 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 num_auths: 00000004 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 001c sid_rev_num: 01 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 001d num_auths : 04 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 001e id_auth[0] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 001f id_auth[1] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0020 id_auth[2] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0021 id_auth[3] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0022 id_auth[4] : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0023 id_auth[5] : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32s(862) > 0024 sub_auths : 00000015 4649bf2b 4ce4ca53 107e7a18 >[2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) > _samr_open_domain: access check ((granted: 0x00000021; required: 0x00000020) >[2003/10/18 14:44:43, 3] lib/util_seaccess.c:se_access_check(251) >[2003/10/18 14:44:43, 3] lib/util_seaccess.c:se_access_check(252) > se_access_check: user sid is S-1-5-21-1179238187-1290062419-276724248-500 > se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2025 > se_access_check: also S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] lib/util_seaccess.c:se_access_check(309) > se_access_check: access (200) granted. >[2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[3] [000] 00 00 00 00 07 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(403) > samr_open_domain: 403 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_open_domain >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000007 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: bb 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called samr successfully >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 732 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000002 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2816 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 46 of length 188 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=184 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2880 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 100 (0x64) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 100 (0x64) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30457 (0x76F9) > smb_bcc=117 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=100 params=0 setup=2 >[2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f9 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f9 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 76f9)000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0064 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000003 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 0000004c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0011 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\samr >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUP_NAMES >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_lookup_names >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000007 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: bb 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0014 num_names1: 00000001 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0018 flags : 000003e8 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 001c ptr : 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0020 num_names2: 00000001 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0024 uni_str_len: 0014 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0026 uni_max_len: 0016 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0028 buffer : 0009c298 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 002c uni_max_len: 0000000b >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0030 offset : 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0034 uni_str_len: 0000000a >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:dbg_rw_punival(807) > 0038 buffer : C.I.T.A.D.E.L.X.P.$. >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1449) > _samr_lookup_names: 1449 >[2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 07 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) > _samr_lookup_names: access check ((granted: 0x00000200; required: 0000000000) >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1468) > _samr_lookup_names: looking name on SID S-1-5-21-1179238187-1290062419-276724248 >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 512) : sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:43, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:43, 4] lib/username.c:map_username(132) > Scanning username map /etc/samba/users.map >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2003/10/18 14:44:43, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:43, 2] lib/smbldap.c:smbldap_search_suffix(1066) > smbldap_search_suffix: searching for:[(&(uid=CITADELXP$)(objectclass=sambaSamAccount))] >[2003/10/18 14:44:43, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) > init_sam_from_ldap: Entry found for user: citadelxp$ >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_names(4709) > init_samr_r_lookup_names >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1511) > _samr_lookup_names: 1511 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_lookup_names >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 num_rids1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 ptr_rids : 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0008 num_types1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c ptr_types : 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0010 status: NT_STATUS_NONE_MAPPED >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called samr successfully >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 46 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000003 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000014 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..44] >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=100 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2880 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 44 (0x2C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 47 of length 132 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2944 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30457 (0x76F9) > smb_bcc=61 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f9 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f9 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 76f9)000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000004 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000014 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0001 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\samr >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000007 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: bb 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 07 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:43, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(356) > samr_reply_close_hnd: 356 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called samr successfully >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000004 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=2944 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 48 of length 132 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=3008 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30457 (0x76F9) > smb_bcc=61 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f9 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f9 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 76f9)000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000005 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000014 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0001 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\samr >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_q_close_hnd >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000006 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: bb 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 06 00 00 00 00 00 00 00 BB 35 91 3F ........ ....»5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:43, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2003/10/18 14:44:43, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(356) > samr_reply_close_hnd: 356 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_close_hnd >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called samr successfully >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000005 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=3008 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 49 of length 45 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3072 > smt_wct=3 > smb_vwv[ 0]=30457 (0x76F9) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBclose (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f9 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name samr pnum=76f9 (pipes_open=2) >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=2) >[2003/10/18 14:44:43, 5] smbd/pipes.c:reply_pipe_close(258) > reply_pipe_close: pnum:76f9 >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name samr pnum=76f9 (pipes_open=1) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3072 > smt_wct=0 > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 50 of length 132 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=3136 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30452 (0x76F4) > smb_bcc=61 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBtrans (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 3] smbd/ipc.c:reply_trans(514) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/10/18 14:44:43, 5] smbd/ipc.c:reply_trans(533) > calling named_pipe >[2003/10/18 14:44:43, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/10/18 14:44:43, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f4 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=1) >[2003/10/18 14:44:43, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "lsarpc" (pnum 76f4)000000 smb_io_rpc_hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 002c >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000004 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr_req req >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 alloc_hint: 00000014 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0004 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0006 opnum : 0000 >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_pipe_request(1462) > Requested \PIPE\lsarpc >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe.c:api_rpcTNP(1496) > api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_q_close >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000001 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: ba 35 91 3f 4e 0b 00 00 >[2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:43, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 BA 35 91 3F ........ ....º5.? > [010] 4E 0B 00 00 N... >[2003/10/18 14:44:43, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 lsa_io_r_close >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0000 data1: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0004 data2: 00000000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 data3: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a data4: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8s(722) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0014 status: NT_STATUS_OK >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe.c:api_rpcTNP(1543) > api_rpcTNP: called lsarpc successfully >[2003/10/18 14:44:43, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 smb_io_rpc_hdr hdr >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0000 major : 05 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0001 minor : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0002 pkt_type : 02 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0003 flags : 03 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0004 pack_type0: 10 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0005 pack_type1: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0006 pack_type2: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0007 pack_type3: 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0008 frag_len : 0030 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 000a auth_len : 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 000c call_id : 00000004 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000010 smb_io_rpc_hdr_resp resp >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint32(635) > 0010 alloc_hint: 00000018 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint16(606) > 0014 context_id: 0000 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0016 cancel_ct : 00 >[2003/10/18 14:44:43, 5] rpc_parse/parse_prs.c:prs_uint8(577) > 0017 reserved : 00 >[2003/10/18 14:44:43, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=832 > smb_uid=100 > smb_mid=3136 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 51 of length 45 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3200 > smt_wct=3 > smb_vwv[ 0]=30452 (0x76F4) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBclose (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1179238187-1290062419-276724248-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1179238187-1290062419-276724248-1000 > SID[ 1]: S-1-5-21-1179238187-1290062419-276724248-2025 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-21-1179238187-1290062419-276724248-2089 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 512 and contains 2 supplementary groups > Group[ 0]: 512 > Group[ 1]: 544 >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,512) >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151) > search for pipe pnum=76f4 >[2003/10/18 14:44:43, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155) > pipe name lsarpc pnum=76f4 (pipes_open=1) >[2003/10/18 14:44:43, 5] smbd/pipes.c:reply_pipe_close(258) > reply_pipe_close: pnum:76f4 >[2003/10/18 14:44:43, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name lsarpc pnum=76f4 (pipes_open=0) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3200 > smt_wct=0 > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 52 of length 43 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=3264 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBulogoffX (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:43, 2] smbd/utmp.c:sys_utmp_update(419) > utmp_update: uname:/var/run/utmp wname:/var/log/wtmp >[2003/10/18 14:44:43, 5] auth/auth_util.c:free_server_info(1210) > attempting to free (and zero) a server_info structure >[2003/10/18 14:44:43, 3] smbd/reply.c:reply_ulogoffX(1055) > ulogoffX vuid=100 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=3264 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:process_smb(890) > Transaction 53 of length 39 >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3328 > smt_wct=0 > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:switch_message(685) > switch message SMBtdis (pid 2894) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:43, 3] smbd/service.c:close_cnum(887) > citadelxp (192.168.0.100) closed connection to service IPC$ >[2003/10/18 14:44:43, 3] smbd/connection.c:yield_connection(69) > Yielding connection to IPC$ >[2003/10/18 14:44:43, 4] smbd/vfs.c:vfs_ChDir(611) > vfs_ChDir to / >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(456) >[2003/10/18 14:44:43, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3328 > smt_wct=0 > smb_bcc=0 >[2003/10/18 14:44:43, 3] smbd/process.c:timeout_processing(1099) > timeout_processing: End of file from client (client has disconnected). >[2003/10/18 14:44:43, 5] lib/gencache.c:gencache_shutdown(88) > Closing cache file >[2003/10/18 14:44:43, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2003/10/18 14:44:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/10/18 14:44:43, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/10/18 14:44:43, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/10/18 14:44:43, 2] smbd/server.c:exit_server(558) > Closing connections >[2003/10/18 14:44:43, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2003/10/18 14:44:43, 5] smbd/oplock.c:receive_local_message(107) > receive_local_message: doing select with timeout of 1 ms >[2003/10/18 14:44:43, 3] smbd/server.c:exit_server(601) > Server exit (normal exit)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 647
: 205