[2003/11/13 11:25:28, 4] rpc_server/srv_pipe.c:api_rpcTNP(1488) api_rpcTNP: lsarpc op 0xf - api_rpcTNP: rpc command: LSA_LOOKUPSIDS [2003/11/13 11:25:28, 6] rpc_server/srv_pipe.c:api_rpcTNP(1514) api_rpc_cmds[6].fn == 0x80e7110 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 lsa_io_q_lookup_sids [2003/11/13 11:25:28, 6] rpc_parse/parse_prs.c:prs_debug(81) 000000 smb_io_pol_hnd pol_hnd [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 data1: 00000000 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0004 data2: 0000002f [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0008 data3: 0000 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint16(605) 000a data4: 0000 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 000c data5: 18 5c b3 3f 37 56 00 00 [2003/11/13 11:25:28, 6] rpc_parse/parse_prs.c:prs_debug(81) 000014 lsa_io_sid_enum sids [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0014 num_entries : 00000001 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0018 ptr_sid_enum: 000d46f8 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 001c num_entries2: 00000001 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0020 ptr_sid[0]: 0008d8c0 [2003/11/13 11:25:28, 7] rpc_parse/parse_prs.c:prs_debug(81) 000024 smb_io_dom_sid2 sid[0] [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0024 num_auths: 00000005 [2003/11/13 11:25:28, 8] rpc_parse/parse_prs.c:prs_debug(81) 000028 smb_io_dom_sid sid [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0028 sid_rev_num: 01 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0029 num_auths : 05 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 002a id_auth[0] : 00 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 002b id_auth[1] : 00 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 002c id_auth[2] : 00 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 002d id_auth[3] : 00 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 002e id_auth[4] : 00 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 002f id_auth[5] : 05 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32s(861) 0030 sub_auths : 00000015 23a7e96a ed634d1d a518f0b6 00000200 [2003/11/13 11:25:28, 6] rpc_parse/parse_prs.c:prs_debug(81) 000044 lsa_io_trans_names names [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0044 num_entries : 00000000 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0048 ptr_trans_names: 00000000 [2003/11/13 11:25:28, 6] rpc_parse/parse_prs.c:prs_debug(81) 00004c smb_io_lookup_level switch [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint16(605) 004c value: 0002 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0050 mapped_count: 00000000 [2003/11/13 11:25:28, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 2F 00 00 00 00 00 00 00 18 5C B3 3F ..../... .....\.? [010] 37 56 00 00 7V.. [2003/11/13 11:25:28, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2003/11/13 11:25:28, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(115) : conn_ctx_stack_ndx = 0 [2003/11/13 11:25:28, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/11/13 11:25:28, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/11/13 11:25:28, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/11/13 11:25:28, 5] rpc_server/srv_lsa_nt.c:init_lsa_trans_names(249) init_lsa_trans_names: looking up sid S-1-5-21-598206826-3982707997-2769875126-512 [2003/11/13 11:25:28, 5] passdb/util_sam_sid.c:map_domain_sid_to_name(156) map_domain_sid_to_name: S-1-5-21-598206826-3982707997-2769875126 [2003/11/13 11:25:28, 5] passdb/util_sam_sid.c:map_domain_sid_to_name(163) map_domain_sid_to_name: compare: S-1-5-21-598206826-3982707997-2769875126 [2003/11/13 11:25:28, 5] passdb/util_sam_sid.c:map_domain_sid_to_name(166) map_domain_sid_to_name: found 'I-BN' [2003/11/13 11:25:28, 5] passdb/passdb.c:local_lookup_sid(705) local_lookup_sid: looking up RID 512. [2003/11/13 11:25:28, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2003/11/13 11:25:28, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(115) : conn_ctx_stack_ndx = 1 [2003/11/13 11:25:28, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2003/11/13 11:25:28, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2003/11/13 11:25:28, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2003/11/13 11:25:28, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[(&(sambaSID=S-1-5-21-598206826-3982707997-2769875126-512)(objectclass=sambaSamAccount))] [2003/11/13 11:25:28, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1099) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-598206826-3982707997-2769875126-512] count=0 [2003/11/13 11:25:28, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/11/13 11:25:28, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-598206826-3982707997-2769875126-512))] [2003/11/13 11:25:28, 2] passdb/pdb_ldap.c:init_group_from_ldap(1641) init_group_from_ldap: Entry found for group: 0 [2003/11/13 11:25:28, 5] passdb/passdb.c:local_lookup_sid(749) local_lookup_sid: mapped group Domain Admins to gid 0 [2003/11/13 11:25:28, 5] rpc_server/srv_lsa_nt.c:init_lsa_trans_names(259) init_lsa_trans_names: found [2003/11/13 11:25:28, 10] rpc_server/srv_lsa_nt.c:init_lsa_trans_names(276) init_lsa_trans_names: added user 'I-BN\Domain Admins' to referenced list. [2003/11/13 11:25:28, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_debug(81) 000000 lsa_io_r_lookup_sids [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0000 ptr_dom_ref: 00000001 [2003/11/13 11:25:28, 6] rpc_parse/parse_prs.c:prs_debug(81) 000004 lsa_io_dom_r_ref dom_ref [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0004 num_ref_doms_1: 00000001 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0008 ptr_ref_dom : 00000001 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 000c max_entries : 00000020 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0010 num_ref_doms_2: 00000001 [2003/11/13 11:25:28, 7] rpc_parse/parse_prs.c:prs_debug(81) 000014 smb_io_unihdr dom_ref[0] [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0014 uni_str_len: 0008 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0016 uni_max_len: 0008 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0018 buffer : 00000001 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 001c sid_ptr[0] : 00000001 [2003/11/13 11:25:28, 7] rpc_parse/parse_prs.c:prs_debug(81) 000020 smb_io_unistr2 dom_ref[0] [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0020 uni_max_len: 00000004 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0024 undoc : 00000000 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0028 uni_str_len: 00000004 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 002c buffer : I.-.B.N. [2003/11/13 11:25:28, 7] rpc_parse/parse_prs.c:prs_debug(81) 000034 smb_io_dom_sid2 sid_ptr[0] [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0034 num_auths: 00000004 [2003/11/13 11:25:28, 8] rpc_parse/parse_prs.c:prs_debug(81) 000038 smb_io_dom_sid sid [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0038 sid_rev_num: 01 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 0039 num_auths : 04 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 003a id_auth[0] : 00 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 003b id_auth[1] : 00 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 003c id_auth[2] : 00 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 003d id_auth[3] : 00 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 003e id_auth[4] : 00 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint8(576) 003f id_auth[5] : 05 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32s(861) 0040 sub_auths : 00000015 23a7e96a ed634d1d a518f0b6 [2003/11/13 11:25:28, 6] rpc_parse/parse_prs.c:prs_debug(81) 000050 lsa_io_trans_names names [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0050 num_entries : 00000001 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0054 ptr_trans_names: 00000001 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0058 num_entries2 : 00000001 [2003/11/13 11:25:28, 7] rpc_parse/parse_prs.c:prs_debug(81) 00005c lsa_io_trans_name name[0] [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint16(605) 005c sid_name_use: 0002 [2003/11/13 11:25:28, 8] rpc_parse/parse_prs.c:prs_debug(81) 000060 smb_io_unihdr hdr_name [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0060 uni_str_len: 001a [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0062 uni_max_len: 001a [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0064 buffer : 00000001 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0068 domain_idx : 00000000 [2003/11/13 11:25:28, 7] rpc_parse/parse_prs.c:prs_debug(81) 00006c smb_io_unistr2 name[0] [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 006c uni_max_len: 0000000d [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0070 undoc : 00000000 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0074 uni_str_len: 0000000d [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 0078 buffer : D.o.m.a.i.n. .A.d.m.i.n.s. [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0094 mapped_count: 00000001 [2003/11/13 11:25:28, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) 0098 status : NT_STATUS_OK [2003/11/13 11:25:28, 5] rpc_server/srv_pipe.c:api_rpcTNP(1535) api_rpcTNP: called lsarpc successfully