[2007/11/30 08:57:13, 0] smbd/server.c:main(944) smbd version 3.0.26a-0.fc7 started. Copyright Andrew Tridgell and the Samba Team 1992-2007 [2007/11/30 08:57:13, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 doing parameter debug hires timestamp = Yes doing parameter debug pid = Yes doing parameter max log size = 1000 doing parameter time server = Yes doing parameter printcap name = /etc/printcap doing parameter logon path = doing parameter domain logons = Yes doing parameter os level = 65 doing parameter preferred master = Yes doing parameter domain master = Yes doing parameter dns proxy = No doing parameter wins support = Yes doing parameter idmap uid = 16777216-33554431 doing parameter idmap gid = 16777216-33554431 doing parameter winbind enum users = Yes doing parameter winbind enum groups = Yes doing parameter create mask = 0644 doing parameter ea support = Yes doing parameter map acl inherit = Yes doing parameter printing = cups doing parameter cups options = raw doing parameter print command = doing parameter lpq command = %p doing parameter lprm command = doing parameter map archive = No doing parameter map readonly = no doing parameter store dos attributes = Yes [2007/11/30 08:57:13.215573, 2, pid=5593] param/loadparm.c:do_section(3796) Processing section "[homes]" [2007/11/30 08:57:13.215601, 8, pid=5593] param/loadparm.c:add_a_service(2577) add_a_service: Creating snum = 0 for homes [2007/11/30 08:57:13.215616, 10, pid=5593] param/loadparm.c:hash_a_service(2614) hash_a_service: creating tdb servicehash [2007/11/30 08:57:13.215646, 10, pid=5593] param/loadparm.c:hash_a_service(2624) hash_a_service: hashing index 0 for service name homes doing parameter comment = ~%U doing parameter read only = No doing parameter browseable = No [2007/11/30 08:57:13.215707, 2, pid=5593] param/loadparm.c:do_section(3796) Processing section "[netlogon]" [2007/11/30 08:57:13.215736, 8, pid=5593] param/loadparm.c:add_a_service(2577) add_a_service: Creating snum = 1 for netlogon [2007/11/30 08:57:13.215751, 10, pid=5593] param/loadparm.c:hash_a_service(2624) hash_a_service: hashing index 1 for service name netlogon doing parameter path = /srv/samba/netlogon doing parameter guest ok = Yes doing parameter browseable = No doing parameter share modes = No [2007/11/30 08:57:13.215816, 2, pid=5593] param/loadparm.c:do_section(3796) Processing section "[profiles]" [2007/11/30 08:57:13.215841, 8, pid=5593] param/loadparm.c:add_a_service(2577) add_a_service: Creating snum = 2 for profiles [2007/11/30 08:57:13.215858, 10, pid=5593] param/loadparm.c:hash_a_service(2624) hash_a_service: hashing index 2 for service name profiles doing parameter path = /srv/samba/profiles doing parameter guest ok = Yes doing parameter browseable = No [2007/11/30 08:57:13.215906, 2, pid=5593] param/loadparm.c:do_section(3796) Processing section "[printers]" [2007/11/30 08:57:13.215930, 8, pid=5593] param/loadparm.c:add_a_service(2577) add_a_service: Creating snum = 3 for printers [2007/11/30 08:57:13.215944, 10, pid=5593] param/loadparm.c:hash_a_service(2624) hash_a_service: hashing index 3 for service name printers doing parameter path = /var/spool/samba doing parameter printable = Yes doing parameter browseable = No [2007/11/30 08:57:13.215997, 2, pid=5593] param/loadparm.c:do_section(3796) Processing section "[c$]" [2007/11/30 08:57:13.216025, 8, pid=5593] param/loadparm.c:add_a_service(2577) add_a_service: Creating snum = 4 for c$ [2007/11/30 08:57:13.216039, 10, pid=5593] param/loadparm.c:hash_a_service(2624) hash_a_service: hashing index 4 for service name c$ doing parameter path = / doing parameter browseable = No [2007/11/30 08:57:13.216092, 2, pid=5593] param/loadparm.c:do_section(3796) Processing section "[pub]" [2007/11/30 08:57:13.216117, 8, pid=5593] param/loadparm.c:add_a_service(2577) add_a_service: Creating snum = 5 for pub [2007/11/30 08:57:13.216132, 10, pid=5593] param/loadparm.c:hash_a_service(2624) hash_a_service: hashing index 5 for service name pub doing parameter path = /srv/pub doing parameter guest ok = Yes [2007/11/30 08:57:13.216165, 4, pid=5593] param/loadparm.c:lp_load(5071) pm_process() returned Yes [2007/11/30 08:57:13.216201, 8, pid=5593] param/loadparm.c:add_a_service(2577) add_a_service: Creating snum = 6 for IPC$ [2007/11/30 08:57:13.216217, 10, pid=5593] param/loadparm.c:hash_a_service(2624) hash_a_service: hashing index 6 for service name IPC$ [2007/11/30 08:57:13.216235, 3, pid=5593] param/loadparm.c:lp_add_ipc(2711) adding IPC service [2007/11/30 08:57:13.216248, 10, pid=5593] param/loadparm.c:set_server_role(4315) set_server_role: role = ROLE_DOMAIN_PDC [2007/11/30 08:57:13.216273, 5, pid=5593] lib/charcnv.c:charset_name(82) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2007/11/30 08:57:13.216297, 5, pid=5593] lib/charcnv.c:charset_name(82) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2007/11/30 08:57:13.216319, 5, pid=5593] lib/charcnv.c:charset_name(82) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2007/11/30 08:57:13.216339, 5, pid=5593] lib/charcnv.c:charset_name(82) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2007/11/30 08:57:13.216359, 5, pid=5593] lib/charcnv.c:charset_name(82) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2007/11/30 08:57:13.216378, 5, pid=5593] lib/charcnv.c:charset_name(82) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2007/11/30 08:57:13.216397, 5, pid=5593] lib/charcnv.c:charset_name(82) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2007/11/30 08:57:13.216417, 5, pid=5593] lib/charcnv.c:charset_name(82) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2007/11/30 08:57:13.216436, 5, pid=5593] lib/charcnv.c:charset_name(82) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2007/11/30 08:57:13.216457, 5, pid=5593] lib/charcnv.c:charset_name(82) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2007/11/30 08:57:13.216481, 5, pid=5593] lib/charcnv.c:charset_name(82) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2007/11/30 08:57:13.216502, 5, pid=5593] lib/charcnv.c:charset_name(82) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2007/11/30 08:57:13.216522, 3, pid=5593] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2007/11/30 08:57:13.216552, 3, pid=5593] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2007/11/30 08:57:13.216570, 3, pid=5593] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2007/11/30 08:57:13.216593, 3, pid=5593] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2007/11/30 08:57:13.216620, 6, pid=5593] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:57:13.216709, 2, pid=5593] lib/interface.c:add_interface(81) added interface ip=192.168.64.1 bcast=192.168.64.255 nmask=255.255.255.0 [2007/11/30 08:57:13.216733, 2, pid=5593] lib/interface.c:add_interface(81) added interface ip=192.168.1.2 bcast=192.168.1.255 nmask=255.255.255.0 [2007/11/30 08:57:13.216798, 5, pid=5593] lib/util.c:init_names(309) Netbios name list:- my_netbios_names[0]="GODAI" [2007/11/30 08:57:13.216883, 3, pid=5593] smbd/server.c:main(982) loaded services [2007/11/30 08:57:13.216898, 3, pid=5593] smbd/server.c:main(997) Becoming a daemon. [2007/11/30 08:57:13.217305, 8, pid=5594] lib/util.c:fcntl_lock(2013) fcntl_lock fd=6 op=6 offset=0 count=1 type=1 [2007/11/30 08:57:13.217367, 8, pid=5594] lib/util.c:fcntl_lock(2032) fcntl_lock: Lock call successful [2007/11/30 08:57:13.217452, 2, pid=5594] lib/tallocmsg.c:register_msg_pool_usage(105) Registered MSG_REQ_POOL_USAGE [2007/11/30 08:57:13.217487, 2, pid=5594] lib/dmallocmsg.c:register_dmalloc_msgs(75) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2007/11/30 08:57:13.217508, 5, pid=5594] passdb/pdb_interface.c:smb_register_passdb(68) Attempting to register passdb backend ldapsam [2007/11/30 08:57:13.217525, 5, pid=5594] passdb/pdb_interface.c:smb_register_passdb(81) Successfully added passdb backend 'ldapsam' [2007/11/30 08:57:13.217538, 5, pid=5594] passdb/pdb_interface.c:smb_register_passdb(68) Attempting to register passdb backend ldapsam_compat [2007/11/30 08:57:13.217551, 5, pid=5594] passdb/pdb_interface.c:smb_register_passdb(81) Successfully added passdb backend 'ldapsam_compat' [2007/11/30 08:57:13.217566, 5, pid=5594] passdb/pdb_interface.c:smb_register_passdb(68) Attempting to register passdb backend NDS_ldapsam [2007/11/30 08:57:13.217580, 5, pid=5594] passdb/pdb_interface.c:smb_register_passdb(81) Successfully added passdb backend 'NDS_ldapsam' [2007/11/30 08:57:13.217593, 5, pid=5594] passdb/pdb_interface.c:smb_register_passdb(68) Attempting to register passdb backend NDS_ldapsam_compat [2007/11/30 08:57:13.217606, 5, pid=5594] passdb/pdb_interface.c:smb_register_passdb(81) Successfully added passdb backend 'NDS_ldapsam_compat' [2007/11/30 08:57:13.217620, 5, pid=5594] passdb/pdb_interface.c:smb_register_passdb(68) Attempting to register passdb backend smbpasswd [2007/11/30 08:57:13.217634, 5, pid=5594] passdb/pdb_interface.c:smb_register_passdb(81) Successfully added passdb backend 'smbpasswd' [2007/11/30 08:57:13.217648, 5, pid=5594] passdb/pdb_interface.c:smb_register_passdb(68) Attempting to register passdb backend tdbsam [2007/11/30 08:57:13.217663, 5, pid=5594] passdb/pdb_interface.c:smb_register_passdb(81) Successfully added passdb backend 'tdbsam' [2007/11/30 08:57:13.217677, 5, pid=5594] passdb/pdb_interface.c:make_pdb_method_name(121) Attempting to find an passdb backend to match tdbsam (tdbsam) [2007/11/30 08:57:13.217691, 5, pid=5594] passdb/pdb_interface.c:make_pdb_method_name(142) Found pdb backend tdbsam [2007/11/30 08:57:13.217711, 5, pid=5594] passdb/pdb_interface.c:make_pdb_method_name(153) pdb backend tdbsam has a valid init [2007/11/30 08:57:13.218175, 5, pid=5594] lib/gencache.c:gencache_init(61) Opening cache file at /var/lib/samba/gencache.tdb [2007/11/30 08:57:13.218207, 5, pid=5594] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2007/11/30 08:57:13.218264, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2007/11/30 08:57:13.218285, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] [2007/11/30 08:57:13.218330, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2007/11/30 08:57:13.218355, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2007/11/30 08:57:13.218380, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2007/11/30 08:57:13.218408, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Print] [2007/11/30 08:57:13.218444, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] with subkey [Printers] [2007/11/30 08:57:13.218475, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] with subkey [NULL] [2007/11/30 08:57:13.218502, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2007/11/30 08:57:13.218528, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] [2007/11/30 08:57:13.218556, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2007/11/30 08:57:13.218581, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2007/11/30 08:57:13.218605, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2007/11/30 08:57:13.218633, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Ports] [2007/11/30 08:57:13.218669, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] with subkey [NULL] [2007/11/30 08:57:13.218693, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print] [2007/11/30 08:57:13.218708, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2007/11/30 08:57:13.218735, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2007/11/30 08:57:13.218760, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2007/11/30 08:57:13.218796, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] [2007/11/30 08:57:13.218832, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [NULL] [2007/11/30 08:57:13.218858, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] [2007/11/30 08:57:13.218873, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2007/11/30 08:57:13.218900, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2007/11/30 08:57:13.218928, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2007/11/30 08:57:13.218962, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [LanmanServer] [2007/11/30 08:57:13.219016, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer] with subkey [Shares] [2007/11/30 08:57:13.219045, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] with subkey [NULL] [2007/11/30 08:57:13.219070, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2007/11/30 08:57:13.219088, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2007/11/30 08:57:13.219160, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2007/11/30 08:57:13.219195, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2007/11/30 08:57:13.219259, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Eventlog] [2007/11/30 08:57:13.219390, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] with subkey [NULL] [2007/11/30 08:57:13.219423, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] [2007/11/30 08:57:13.219458, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] [2007/11/30 08:57:13.219498, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2007/11/30 08:57:13.219524, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2007/11/30 08:57:13.219550, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2007/11/30 08:57:13.219606, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] [2007/11/30 08:57:13.219645, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [NULL] [2007/11/30 08:57:13.219674, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] [2007/11/30 08:57:13.219690, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] [2007/11/30 08:57:13.219718, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2007/11/30 08:57:13.219743, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2007/11/30 08:57:13.219769, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2007/11/30 08:57:13.219798, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] [2007/11/30 08:57:13.219835, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [009] [2007/11/30 08:57:13.219864, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] with subkey [NULL] [2007/11/30 08:57:13.219889, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] [2007/11/30 08:57:13.219904, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2007/11/30 08:57:13.219931, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2007/11/30 08:57:13.219957, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2007/11/30 08:57:13.219993, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] [2007/11/30 08:57:13.220029, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [Monitors] [2007/11/30 08:57:13.220057, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] with subkey [NULL] [2007/11/30 08:57:13.220095, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] [2007/11/30 08:57:13.220111, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2007/11/30 08:57:13.220139, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2007/11/30 08:57:13.220165, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2007/11/30 08:57:13.220199, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [ProductOptions] [2007/11/30 08:57:13.220236, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] with subkey [NULL] [2007/11/30 08:57:13.220260, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] [2007/11/30 08:57:13.220276, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2007/11/30 08:57:13.220305, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2007/11/30 08:57:13.220332, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2007/11/30 08:57:13.220367, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Terminal Server] [2007/11/30 08:57:13.220404, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server] with subkey [DefaultUserConfiguration] [2007/11/30 08:57:13.220435, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] with subkey [NULL] [2007/11/30 08:57:13.220464, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] [2007/11/30 08:57:13.220480, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2007/11/30 08:57:13.220508, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2007/11/30 08:57:13.220534, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2007/11/30 08:57:13.220571, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [TcpIp] [2007/11/30 08:57:13.220625, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp] with subkey [Parameters] [2007/11/30 08:57:13.220654, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] with subkey [NULL] [2007/11/30 08:57:13.220678, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] [2007/11/30 08:57:13.220693, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM] with subkey [SYSTEM] [2007/11/30 08:57:13.220721, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2007/11/30 08:57:13.220770, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2007/11/30 08:57:13.220826, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Netlogon] [2007/11/30 08:57:13.220883, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon] with subkey [Parameters] [2007/11/30 08:57:13.220917, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] with subkey [NULL] [2007/11/30 08:57:13.220942, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKU] [2007/11/30 08:57:13.220960, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKU] with subkey [NULL] [2007/11/30 08:57:13.220979, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKCR] [2007/11/30 08:57:13.220994, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKCR] with subkey [NULL] [2007/11/30 08:57:13.221012, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKPD] [2007/11/30 08:57:13.221034, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKPD] with subkey [NULL] [2007/11/30 08:57:13.221069, 6, pid=5594] registry/reg_db.c:init_registry_data(118) init_registry_data: Adding [HKPT] [2007/11/30 08:57:13.221084, 10, pid=5594] registry/reg_db.c:init_registry_data(144) init_registry_data: Storing key [HKPT] with subkey [NULL] [2007/11/30 08:57:13.221103, 10, pid=5594] registry/reg_db.c:regdb_fetch_values(594) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2007/11/30 08:57:13.221125, 8, pid=5594] registry/reg_db.c:regdb_unpack_values(544) specific: [Samba Printer Port], len: 2 [2007/11/30 08:57:13.221143, 10, pid=5594] registry/reg_db.c:regdb_fetch_values(594) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2007/11/30 08:57:13.221162, 8, pid=5594] registry/reg_db.c:regdb_unpack_values(544) specific: [DefaultSpoolDirectory], len: 70 [2007/11/30 08:57:13.221177, 10, pid=5594] registry/reg_db.c:regdb_fetch_values(594) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2007/11/30 08:57:13.221195, 8, pid=5594] registry/reg_db.c:regdb_unpack_values(544) specific: [DisplayName], len: 20 [2007/11/30 08:57:13.221211, 8, pid=5594] registry/reg_db.c:regdb_unpack_values(544) specific: [ErrorControl], len: 4 [2007/11/30 08:57:13.221225, 10, pid=5594] registry/reg_db.c:regdb_fetch_values(594) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2007/11/30 08:57:13.221242, 8, pid=5594] registry/reg_db.c:regdb_unpack_values(544) specific: [DisplayName], len: 20 [2007/11/30 08:57:13.221257, 8, pid=5594] registry/reg_db.c:regdb_unpack_values(544) specific: [ErrorControl], len: 4 [2007/11/30 08:57:13.225683, 10, pid=5594] registry/reg_cachehook.c:reghook_cache_add(61) reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] [2007/11/30 08:57:13.225709, 8, pid=5594] lib/adt_tree.c:pathtree_add(201) pathtree_add: Enter [2007/11/30 08:57:13.225732, 10, pid=5594] lib/adt_tree.c:pathtree_add(268) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree [2007/11/30 08:57:13.225750, 8, pid=5594] lib/adt_tree.c:pathtree_add(270) pathtree_add: Exit [2007/11/30 08:57:13.225768, 10, pid=5594] registry/reg_cachehook.c:reghook_cache_add(61) reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] [2007/11/30 08:57:13.225786, 8, pid=5594] lib/adt_tree.c:pathtree_add(201) pathtree_add: Enter [2007/11/30 08:57:13.225807, 10, pid=5594] lib/adt_tree.c:pathtree_add(268) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] to tree [2007/11/30 08:57:13.225849, 8, pid=5594] lib/adt_tree.c:pathtree_add(270) pathtree_add: Exit [2007/11/30 08:57:13.225864, 10, pid=5594] registry/reg_cachehook.c:reghook_cache_add(61) reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] [2007/11/30 08:57:13.225877, 8, pid=5594] lib/adt_tree.c:pathtree_add(201) pathtree_add: Enter [2007/11/30 08:57:13.225893, 10, pid=5594] lib/adt_tree.c:pathtree_add(268) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] to tree [2007/11/30 08:57:13.225906, 8, pid=5594] lib/adt_tree.c:pathtree_add(270) pathtree_add: Exit [2007/11/30 08:57:13.225920, 10, pid=5594] registry/reg_cachehook.c:reghook_cache_add(61) reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] [2007/11/30 08:57:13.225933, 8, pid=5594] lib/adt_tree.c:pathtree_add(201) pathtree_add: Enter [2007/11/30 08:57:13.225948, 10, pid=5594] lib/adt_tree.c:pathtree_add(268) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree [2007/11/30 08:57:13.225962, 8, pid=5594] lib/adt_tree.c:pathtree_add(270) pathtree_add: Exit [2007/11/30 08:57:13.226331, 3, pid=5594] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.226355, 3, pid=5594] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:13.226370, 3, pid=5594] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.226383, 5, pid=5594] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:13.226401, 5, pid=5594] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:13.226466, 3, pid=5594] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 08:57:13.226482, 3, pid=5594] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 08:57:13.226496, 3, pid=5594] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 08:57:13.226509, 5, pid=5594] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:13.226522, 5, pid=5594] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:13.226575, 4, pid=5594] passdb/pdb_tdb.c:tdbsam_open(869) tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb [2007/11/30 08:57:13.226612, 10, pid=5594] passdb/pdb_get_set.c:pdb_set_username(581) pdb_set_username: setting username root, was [2007/11/30 08:57:13.226629, 10, pid=5594] passdb/pdb_get_set.c:pdb_set_domain(604) pdb_set_domain: setting domain ZARTSOFT, was [2007/11/30 08:57:13.226643, 10, pid=5594] passdb/pdb_get_set.c:pdb_set_nt_username(627) pdb_set_nt_username: setting nt username , was [2007/11/30 08:57:13.226656, 10, pid=5594] passdb/pdb_get_set.c:pdb_set_fullname(650) pdb_set_full_name: setting full name root, was [2007/11/30 08:57:13.226676, 4, pid=5594] lib/substitute.c:automount_server(407) Home server: godai [2007/11/30 08:57:13.226703, 10, pid=5594] passdb/pdb_get_set.c:pdb_set_homedir(743) pdb_set_homedir: setting home dir \\godai\root, was [2007/11/30 08:57:13.226718, 10, pid=5594] passdb/pdb_get_set.c:pdb_set_dir_drive(719) pdb_set_dir_drive: setting dir drive , was NULL [2007/11/30 08:57:13.226732, 10, pid=5594] passdb/pdb_get_set.c:pdb_set_logon_script(673) pdb_set_logon_script: setting logon script , was [2007/11/30 08:57:13.226746, 10, pid=5594] passdb/pdb_get_set.c:pdb_set_profile_path(696) pdb_set_profile_path: setting profile path , was [2007/11/30 08:57:13.226760, 10, pid=5594] passdb/pdb_get_set.c:pdb_set_workstations(786) pdb_set_workstations: setting workstations , was [2007/11/30 08:57:13.226787, 3, pid=5594] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2007/11/30 08:57:13.226802, 3, pid=5594] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2007/11/30 08:57:13.226815, 3, pid=5594] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2007/11/30 08:57:13.226829, 5, pid=5594] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:13.226841, 5, pid=5594] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:13.226900, 10, pid=5594] lib/privileges.c:grant_privilege(572) grant_privilege: S-1-1-0 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:13.226944, 10, pid=5594] lib/privileges.c:grant_privilege(572) grant_privilege: S-1-5-32-548 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:13.226983, 10, pid=5594] lib/privileges.c:grant_privilege(572) grant_privilege: S-1-5-32-549 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:13.227021, 10, pid=5594] lib/privileges.c:grant_privilege(572) grant_privilege: S-1-5-32-550 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:13.227059, 10, pid=5594] lib/privileges.c:grant_privilege(572) grant_privilege: S-1-5-32-551 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:13.227097, 10, pid=5594] lib/privileges.c:grant_privilege(572) grant_privilege: S-1-5-32-544 original privilege mask: SE_PRIV 0xff0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0xff0 0x0 0x0 0x0 [2007/11/30 08:57:13.227134, 10, pid=5594] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 08:57:13.227152, 3, pid=5594] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 08:57:13.227170, 10, pid=5594] passdb/pdb_get_set.c:pdb_set_user_sid(510) pdb_set_user_sid: setting user sid S-1-5-21-2274471336-3138038065-606154707-512 [2007/11/30 08:57:13.227187, 10, pid=5594] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2274471336-3138038065-606154707-512 from rid 512 [2007/11/30 08:57:13.227207, 8, pid=5594] passdb/pdb_tdb.c:tdbsam_close(882) tdbsam_close: Reference count is now 0. [2007/11/30 08:57:13.227234, 3, pid=5594] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.227256, 3, pid=5594] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:13.227271, 10, pid=5594] passdb/lookup_sid.c:legacy_uid_to_sid(1166) LEGACY: uid 0 -> sid S-1-5-21-2274471336-3138038065-606154707-512 [2007/11/30 08:57:13.227302, 3, pid=5594] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.227317, 3, pid=5594] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:13.227331, 3, pid=5594] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.227345, 5, pid=5594] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:13.227357, 5, pid=5594] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:13.227566, 3, pid=5594] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:13.227586, 10, pid=5594] passdb/lookup_sid.c:legacy_gid_to_sid(1197) LEGACY: gid 0 -> sid S-1-22-2-0 [2007/11/30 08:57:13.227604, 10, pid=5594] auth/auth_util.c:create_local_nt_token(844) Create local NT token for S-1-5-21-2274471336-3138038065-606154707-512 [2007/11/30 08:57:13.227648, 3, pid=5594] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.227664, 3, pid=5594] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:13.227678, 3, pid=5594] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.227691, 5, pid=5594] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:13.227703, 5, pid=5594] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:13.227735, 3, pid=5594] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:13.227750, 10, pid=5594] passdb/lookup_sid.c:legacy_sid_to_gid(1300) LEGACY: sid S-1-5-32-544 -> gid 16777218 [2007/11/30 08:57:13.227765, 3, pid=5594] passdb/lookup_sid.c:store_gid_sid_cache(1133) store_gid_sid_cache: gid 16777218 in cache -> S-1-5-32-544 [2007/11/30 08:57:13.227792, 3, pid=5594] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.227807, 3, pid=5594] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:13.227820, 3, pid=5594] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.227833, 5, pid=5594] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:13.227846, 5, pid=5594] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:13.227875, 3, pid=5594] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:13.227889, 10, pid=5594] passdb/lookup_sid.c:legacy_sid_to_gid(1300) LEGACY: sid S-1-5-32-545 -> gid 16777219 [2007/11/30 08:57:13.227904, 3, pid=5594] passdb/lookup_sid.c:store_gid_sid_cache(1133) store_gid_sid_cache: gid 16777219 in cache -> S-1-5-32-545 [2007/11/30 08:57:13.227966, 5, pid=5594] lib/privileges.c:get_privileges_for_sids(460) get_privileges_for_sids: sid = S-1-5-21-2274471336-3138038065-606154707-512 Privilege set: SE_PRIV 0xff0 0x0 0x0 0x0 [2007/11/30 08:57:13.227996, 5, pid=5594] lib/privileges.c:get_privileges_for_sids(460) get_privileges_for_sids: sid = S-1-5-32-544 Privilege set: SE_PRIV 0xff0 0x0 0x0 0x0 [2007/11/30 08:57:13.228023, 5, pid=5594] lib/privileges.c:get_privileges_for_sids(460) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:13.228049, 3, pid=5594] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2007/11/30 08:57:13.228067, 3, pid=5594] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-11] [2007/11/30 08:57:13.228082, 10, pid=5594] registry/reg_db.c:regdb_open(277) regdb_open: incrementing refcount (1) [2007/11/30 08:57:13.228096, 7, pid=5594] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services] [2007/11/30 08:57:13.228114, 10, pid=5594] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2007/11/30 08:57:13.228128, 10, pid=5594] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2007/11/30 08:57:13.228143, 10, pid=5594] lib/adt_tree.c:pathtree_find(414) pathtree_find: Exit [2007/11/30 08:57:13.228182, 5, pid=5594] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2007/11/30 08:57:13.228197, 10, pid=5594] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-5-21-2274471336-3138038065-606154707-512. [2007/11/30 08:57:13.228214, 3, pid=5594] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:57:13.228234, 3, pid=5594] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-512 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2007/11/30 08:57:13.228283, 5, pid=5594] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2007/11/30 08:57:13.228358, 10, pid=5594] registry/reg_db.c:regdb_open(277) regdb_open: incrementing refcount (2) [2007/11/30 08:57:13.228373, 7, pid=5594] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2007/11/30 08:57:13.228391, 10, pid=5594] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2007/11/30 08:57:13.228405, 10, pid=5594] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2007/11/30 08:57:13.228420, 10, pid=5594] lib/adt_tree.c:pathtree_find(414) pathtree_find: Exit [2007/11/30 08:57:13.228439, 5, pid=5594] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2007/11/30 08:57:13.228453, 10, pid=5594] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-5-21-2274471336-3138038065-606154707-512. [2007/11/30 08:57:13.228471, 3, pid=5594] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:57:13.228480, 3, pid=5594] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-512 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2007/11/30 08:57:13.228526, 5, pid=5594] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2007/11/30 08:57:13.228571, 10, pid=5594] registry/reg_db.c:regdb_store_values(624) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2007/11/30 08:57:13.228599, 10, pid=5594] registry/reg_db.c:regdb_close(308) regdb_close: decrementing refcount (2) [2007/11/30 08:57:13.228616, 10, pid=5594] registry/reg_db.c:regdb_open(277) regdb_open: incrementing refcount (2) [2007/11/30 08:57:13.228630, 7, pid=5594] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2007/11/30 08:57:13.228648, 10, pid=5594] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2007/11/30 08:57:13.228662, 10, pid=5594] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2007/11/30 08:57:13.228678, 10, pid=5594] lib/adt_tree.c:pathtree_find(414) pathtree_find: Exit [2007/11/30 08:57:13.228697, 5, pid=5594] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2007/11/30 08:57:13.228711, 10, pid=5594] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-5-21-2274471336-3138038065-606154707-512. [2007/11/30 08:57:13.228728, 3, pid=5594] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:57:13.228737, 3, pid=5594] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-512 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2007/11/30 08:57:13.228796, 5, pid=5594] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2007/11/30 08:57:13.228816, 5, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000000 sec_io_desc sec_desc [2007/11/30 08:57:13.228842, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0000 revision : 0001 [2007/11/30 08:57:13.228857, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0002 type : 8004 [2007/11/30 08:57:13.228872, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0004 off_owner_sid: 00000000 [2007/11/30 08:57:13.228886, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0008 off_grp_sid : 00000000 [2007/11/30 08:57:13.228899, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 000c off_sacl : 00000000 [2007/11/30 08:57:13.228912, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0010 off_dacl : 00000014 [2007/11/30 08:57:13.228927, 6, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000014 sec_io_acl dacl [2007/11/30 08:57:13.228942, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0014 revision: 0002 [2007/11/30 08:57:13.228956, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0018 num_aces : 00000004 [2007/11/30 08:57:13.228969, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 00001c sec_io_ace ace_list[00]: [2007/11/30 08:57:13.228983, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 001c type : 00 [2007/11/30 08:57:13.228997, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 001d flags: 00 [2007/11/30 08:57:13.229012, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0020 access_mask: 0002018d [2007/11/30 08:57:13.229026, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_dom_sid trustee [2007/11/30 08:57:13.229039, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0024 sid_rev_num: 01 [2007/11/30 08:57:13.229052, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0025 num_auths : 01 [2007/11/30 08:57:13.229065, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0026 id_auth[0] : 00 [2007/11/30 08:57:13.229079, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0027 id_auth[1] : 00 [2007/11/30 08:57:13.229092, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0028 id_auth[2] : 00 [2007/11/30 08:57:13.229105, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0029 id_auth[3] : 00 [2007/11/30 08:57:13.229118, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 002a id_auth[4] : 00 [2007/11/30 08:57:13.229131, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 002b id_auth[5] : 01 [2007/11/30 08:57:13.229144, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 002c sub_auths : 00000000 [2007/11/30 08:57:13.229158, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 001e size : 0014 [2007/11/30 08:57:13.229173, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000030 sec_io_ace ace_list[01]: [2007/11/30 08:57:13.229187, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0030 type : 00 [2007/11/30 08:57:13.229199, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0031 flags: 00 [2007/11/30 08:57:13.229212, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0034 access_mask: 000201fd [2007/11/30 08:57:13.229225, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_dom_sid trustee [2007/11/30 08:57:13.229239, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0038 sid_rev_num: 01 [2007/11/30 08:57:13.229252, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0039 num_auths : 02 [2007/11/30 08:57:13.229283, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003a id_auth[0] : 00 [2007/11/30 08:57:13.229297, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003b id_auth[1] : 00 [2007/11/30 08:57:13.229311, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003c id_auth[2] : 00 [2007/11/30 08:57:13.229324, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003d id_auth[3] : 00 [2007/11/30 08:57:13.229337, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003e id_auth[4] : 00 [2007/11/30 08:57:13.229350, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003f id_auth[5] : 05 [2007/11/30 08:57:13.229363, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 0040 sub_auths : 00000020 00000223 [2007/11/30 08:57:13.229378, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0032 size : 0018 [2007/11/30 08:57:13.229391, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000048 sec_io_ace ace_list[02]: [2007/11/30 08:57:13.229404, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0048 type : 00 [2007/11/30 08:57:13.229417, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0049 flags: 00 [2007/11/30 08:57:13.229430, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 004c access_mask: 000f01ff [2007/11/30 08:57:13.229443, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_dom_sid trustee [2007/11/30 08:57:13.229456, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0050 sid_rev_num: 01 [2007/11/30 08:57:13.229469, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0051 num_auths : 02 [2007/11/30 08:57:13.229482, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0052 id_auth[0] : 00 [2007/11/30 08:57:13.229495, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0053 id_auth[1] : 00 [2007/11/30 08:57:13.229508, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0054 id_auth[2] : 00 [2007/11/30 08:57:13.229521, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0055 id_auth[3] : 00 [2007/11/30 08:57:13.229534, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0056 id_auth[4] : 00 [2007/11/30 08:57:13.229547, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0057 id_auth[5] : 05 [2007/11/30 08:57:13.229562, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 0058 sub_auths : 00000020 00000225 [2007/11/30 08:57:13.229576, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 004a size : 0018 [2007/11/30 08:57:13.229594, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000060 sec_io_ace ace_list[03]: [2007/11/30 08:57:13.229607, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0060 type : 00 [2007/11/30 08:57:13.229620, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0061 flags: 00 [2007/11/30 08:57:13.229632, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0064 access_mask: 000f01ff [2007/11/30 08:57:13.229645, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000068 smb_io_dom_sid trustee [2007/11/30 08:57:13.229658, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0068 sid_rev_num: 01 [2007/11/30 08:57:13.229671, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0069 num_auths : 02 [2007/11/30 08:57:13.229684, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006a id_auth[0] : 00 [2007/11/30 08:57:13.229697, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006b id_auth[1] : 00 [2007/11/30 08:57:13.229710, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006c id_auth[2] : 00 [2007/11/30 08:57:13.229723, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006d id_auth[3] : 00 [2007/11/30 08:57:13.229736, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006e id_auth[4] : 00 [2007/11/30 08:57:13.229761, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006f id_auth[5] : 05 [2007/11/30 08:57:13.229774, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 0070 sub_auths : 00000020 00000220 [2007/11/30 08:57:13.229788, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0062 size : 0018 [2007/11/30 08:57:13.229801, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0016 size : 0064 [2007/11/30 08:57:13.229818, 10, pid=5594] registry/reg_db.c:regdb_store_values(624) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2007/11/30 08:57:13.229840, 10, pid=5594] registry/reg_db.c:regdb_close(308) regdb_close: decrementing refcount (2) [2007/11/30 08:57:13.229904, 10, pid=5594] registry/reg_db.c:regdb_open(277) regdb_open: incrementing refcount (2) [2007/11/30 08:57:13.229918, 7, pid=5594] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2007/11/30 08:57:13.229936, 10, pid=5594] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2007/11/30 08:57:13.229950, 10, pid=5594] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2007/11/30 08:57:13.229965, 10, pid=5594] lib/adt_tree.c:pathtree_find(414) pathtree_find: Exit [2007/11/30 08:57:13.229986, 5, pid=5594] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2007/11/30 08:57:13.230000, 10, pid=5594] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-5-21-2274471336-3138038065-606154707-512. [2007/11/30 08:57:13.230018, 3, pid=5594] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:57:13.230027, 3, pid=5594] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-512 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2007/11/30 08:57:13.230073, 5, pid=5594] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2007/11/30 08:57:13.230123, 10, pid=5594] registry/reg_db.c:regdb_store_values(624) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2007/11/30 08:57:13.230147, 10, pid=5594] registry/reg_db.c:regdb_close(308) regdb_close: decrementing refcount (2) [2007/11/30 08:57:13.230162, 10, pid=5594] registry/reg_db.c:regdb_open(277) regdb_open: incrementing refcount (2) [2007/11/30 08:57:13.230176, 7, pid=5594] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2007/11/30 08:57:13.230193, 10, pid=5594] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2007/11/30 08:57:13.230208, 10, pid=5594] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2007/11/30 08:57:13.230223, 10, pid=5594] lib/adt_tree.c:pathtree_find(414) pathtree_find: Exit [2007/11/30 08:57:13.230243, 5, pid=5594] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2007/11/30 08:57:13.230256, 10, pid=5594] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-5-21-2274471336-3138038065-606154707-512. [2007/11/30 08:57:13.230273, 3, pid=5594] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:57:13.230293, 3, pid=5594] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-512 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2007/11/30 08:57:13.230342, 5, pid=5594] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2007/11/30 08:57:13.230358, 5, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000000 sec_io_desc sec_desc [2007/11/30 08:57:13.230372, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0000 revision : 0001 [2007/11/30 08:57:13.230385, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0002 type : 8004 [2007/11/30 08:57:13.230398, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0004 off_owner_sid: 00000000 [2007/11/30 08:57:13.230412, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0008 off_grp_sid : 00000000 [2007/11/30 08:57:13.230425, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 000c off_sacl : 00000000 [2007/11/30 08:57:13.230438, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0010 off_dacl : 00000014 [2007/11/30 08:57:13.230452, 6, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000014 sec_io_acl dacl [2007/11/30 08:57:13.230465, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0014 revision: 0002 [2007/11/30 08:57:13.230479, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0018 num_aces : 00000004 [2007/11/30 08:57:13.230492, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 00001c sec_io_ace ace_list[00]: [2007/11/30 08:57:13.230505, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 001c type : 00 [2007/11/30 08:57:13.230518, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 001d flags: 00 [2007/11/30 08:57:13.230531, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0020 access_mask: 0002018d [2007/11/30 08:57:13.230544, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_dom_sid trustee [2007/11/30 08:57:13.230559, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0024 sid_rev_num: 01 [2007/11/30 08:57:13.230573, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0025 num_auths : 01 [2007/11/30 08:57:13.230589, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0026 id_auth[0] : 00 [2007/11/30 08:57:13.230603, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0027 id_auth[1] : 00 [2007/11/30 08:57:13.230616, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0028 id_auth[2] : 00 [2007/11/30 08:57:13.230629, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0029 id_auth[3] : 00 [2007/11/30 08:57:13.230642, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 002a id_auth[4] : 00 [2007/11/30 08:57:13.230655, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 002b id_auth[5] : 01 [2007/11/30 08:57:13.230668, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 002c sub_auths : 00000000 [2007/11/30 08:57:13.230681, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 001e size : 0014 [2007/11/30 08:57:13.230695, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000030 sec_io_ace ace_list[01]: [2007/11/30 08:57:13.230708, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0030 type : 00 [2007/11/30 08:57:13.230721, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0031 flags: 00 [2007/11/30 08:57:13.230734, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0034 access_mask: 000201fd [2007/11/30 08:57:13.230747, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_dom_sid trustee [2007/11/30 08:57:13.230772, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0038 sid_rev_num: 01 [2007/11/30 08:57:13.230787, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0039 num_auths : 02 [2007/11/30 08:57:13.230801, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003a id_auth[0] : 00 [2007/11/30 08:57:13.230815, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003b id_auth[1] : 00 [2007/11/30 08:57:13.230828, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003c id_auth[2] : 00 [2007/11/30 08:57:13.230842, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003d id_auth[3] : 00 [2007/11/30 08:57:13.230854, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003e id_auth[4] : 00 [2007/11/30 08:57:13.230868, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003f id_auth[5] : 05 [2007/11/30 08:57:13.230881, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 0040 sub_auths : 00000020 00000223 [2007/11/30 08:57:13.230895, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0032 size : 0018 [2007/11/30 08:57:13.230909, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000048 sec_io_ace ace_list[02]: [2007/11/30 08:57:13.230922, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0048 type : 00 [2007/11/30 08:57:13.230935, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0049 flags: 00 [2007/11/30 08:57:13.230948, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 004c access_mask: 000f01ff [2007/11/30 08:57:13.230961, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_dom_sid trustee [2007/11/30 08:57:13.230974, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0050 sid_rev_num: 01 [2007/11/30 08:57:13.230988, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0051 num_auths : 02 [2007/11/30 08:57:13.231001, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0052 id_auth[0] : 00 [2007/11/30 08:57:13.231014, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0053 id_auth[1] : 00 [2007/11/30 08:57:13.231027, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0054 id_auth[2] : 00 [2007/11/30 08:57:13.231040, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0055 id_auth[3] : 00 [2007/11/30 08:57:13.231054, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0056 id_auth[4] : 00 [2007/11/30 08:57:13.231067, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0057 id_auth[5] : 05 [2007/11/30 08:57:13.231080, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 0058 sub_auths : 00000020 00000225 [2007/11/30 08:57:13.231094, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 004a size : 0018 [2007/11/30 08:57:13.231109, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000060 sec_io_ace ace_list[03]: [2007/11/30 08:57:13.231122, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0060 type : 00 [2007/11/30 08:57:13.231135, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0061 flags: 00 [2007/11/30 08:57:13.231148, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0064 access_mask: 000f01ff [2007/11/30 08:57:13.231162, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000068 smb_io_dom_sid trustee [2007/11/30 08:57:13.231175, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0068 sid_rev_num: 01 [2007/11/30 08:57:13.231188, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0069 num_auths : 02 [2007/11/30 08:57:13.231201, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006a id_auth[0] : 00 [2007/11/30 08:57:13.231214, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006b id_auth[1] : 00 [2007/11/30 08:57:13.231227, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006c id_auth[2] : 00 [2007/11/30 08:57:13.231253, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006d id_auth[3] : 00 [2007/11/30 08:57:13.231267, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006e id_auth[4] : 00 [2007/11/30 08:57:13.231281, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006f id_auth[5] : 05 [2007/11/30 08:57:13.231294, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 0070 sub_auths : 00000020 00000220 [2007/11/30 08:57:13.231308, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0062 size : 0018 [2007/11/30 08:57:13.231321, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0016 size : 0064 [2007/11/30 08:57:13.231337, 10, pid=5594] registry/reg_db.c:regdb_store_values(624) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2007/11/30 08:57:13.231359, 10, pid=5594] registry/reg_db.c:regdb_close(308) regdb_close: decrementing refcount (2) [2007/11/30 08:57:13.231423, 10, pid=5594] registry/reg_db.c:regdb_open(277) regdb_open: incrementing refcount (2) [2007/11/30 08:57:13.231438, 7, pid=5594] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2007/11/30 08:57:13.231456, 10, pid=5594] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2007/11/30 08:57:13.231471, 10, pid=5594] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2007/11/30 08:57:13.231486, 10, pid=5594] lib/adt_tree.c:pathtree_find(414) pathtree_find: Exit [2007/11/30 08:57:13.231507, 5, pid=5594] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2007/11/30 08:57:13.231521, 10, pid=5594] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-5-21-2274471336-3138038065-606154707-512. [2007/11/30 08:57:13.231539, 3, pid=5594] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:57:13.231548, 3, pid=5594] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-512 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2007/11/30 08:57:13.231601, 5, pid=5594] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2007/11/30 08:57:13.231642, 10, pid=5594] registry/reg_db.c:regdb_store_values(624) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2007/11/30 08:57:13.231667, 10, pid=5594] registry/reg_db.c:regdb_close(308) regdb_close: decrementing refcount (2) [2007/11/30 08:57:13.231682, 10, pid=5594] registry/reg_db.c:regdb_open(277) regdb_open: incrementing refcount (2) [2007/11/30 08:57:13.231695, 7, pid=5594] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2007/11/30 08:57:13.231714, 10, pid=5594] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2007/11/30 08:57:13.231728, 10, pid=5594] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2007/11/30 08:57:13.231744, 10, pid=5594] lib/adt_tree.c:pathtree_find(414) pathtree_find: Exit [2007/11/30 08:57:13.231764, 5, pid=5594] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2007/11/30 08:57:13.231789, 10, pid=5594] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-5-21-2274471336-3138038065-606154707-512. [2007/11/30 08:57:13.231808, 3, pid=5594] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:57:13.231817, 3, pid=5594] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-512 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2007/11/30 08:57:13.231864, 5, pid=5594] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2007/11/30 08:57:13.231881, 5, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000000 sec_io_desc sec_desc [2007/11/30 08:57:13.231895, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0000 revision : 0001 [2007/11/30 08:57:13.231909, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0002 type : 8004 [2007/11/30 08:57:13.231922, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0004 off_owner_sid: 00000000 [2007/11/30 08:57:13.231936, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0008 off_grp_sid : 00000000 [2007/11/30 08:57:13.231949, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 000c off_sacl : 00000000 [2007/11/30 08:57:13.231962, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0010 off_dacl : 00000014 [2007/11/30 08:57:13.231975, 6, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000014 sec_io_acl dacl [2007/11/30 08:57:13.231988, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0014 revision: 0002 [2007/11/30 08:57:13.232001, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0018 num_aces : 00000004 [2007/11/30 08:57:13.232015, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 00001c sec_io_ace ace_list[00]: [2007/11/30 08:57:13.232028, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 001c type : 00 [2007/11/30 08:57:13.232041, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 001d flags: 00 [2007/11/30 08:57:13.232054, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0020 access_mask: 0002018d [2007/11/30 08:57:13.232067, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_dom_sid trustee [2007/11/30 08:57:13.232081, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0024 sid_rev_num: 01 [2007/11/30 08:57:13.232094, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0025 num_auths : 01 [2007/11/30 08:57:13.232107, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0026 id_auth[0] : 00 [2007/11/30 08:57:13.232120, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0027 id_auth[1] : 00 [2007/11/30 08:57:13.232134, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0028 id_auth[2] : 00 [2007/11/30 08:57:13.232147, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0029 id_auth[3] : 00 [2007/11/30 08:57:13.232160, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 002a id_auth[4] : 00 [2007/11/30 08:57:13.232173, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 002b id_auth[5] : 01 [2007/11/30 08:57:13.232186, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 002c sub_auths : 00000000 [2007/11/30 08:57:13.232200, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 001e size : 0014 [2007/11/30 08:57:13.232213, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000030 sec_io_ace ace_list[01]: [2007/11/30 08:57:13.232226, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0030 type : 00 [2007/11/30 08:57:13.232239, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0031 flags: 00 [2007/11/30 08:57:13.232263, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0034 access_mask: 000201fd [2007/11/30 08:57:13.232277, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_dom_sid trustee [2007/11/30 08:57:13.232291, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0038 sid_rev_num: 01 [2007/11/30 08:57:13.232304, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0039 num_auths : 02 [2007/11/30 08:57:13.232318, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003a id_auth[0] : 00 [2007/11/30 08:57:13.232331, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003b id_auth[1] : 00 [2007/11/30 08:57:13.232344, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003c id_auth[2] : 00 [2007/11/30 08:57:13.232357, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003d id_auth[3] : 00 [2007/11/30 08:57:13.232371, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003e id_auth[4] : 00 [2007/11/30 08:57:13.232384, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003f id_auth[5] : 05 [2007/11/30 08:57:13.232397, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 0040 sub_auths : 00000020 00000223 [2007/11/30 08:57:13.232411, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0032 size : 0018 [2007/11/30 08:57:13.232424, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000048 sec_io_ace ace_list[02]: [2007/11/30 08:57:13.232438, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0048 type : 00 [2007/11/30 08:57:13.232451, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0049 flags: 00 [2007/11/30 08:57:13.232464, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 004c access_mask: 000f01ff [2007/11/30 08:57:13.232477, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_dom_sid trustee [2007/11/30 08:57:13.232490, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0050 sid_rev_num: 01 [2007/11/30 08:57:13.232503, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0051 num_auths : 02 [2007/11/30 08:57:13.232516, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0052 id_auth[0] : 00 [2007/11/30 08:57:13.232529, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0053 id_auth[1] : 00 [2007/11/30 08:57:13.232543, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0054 id_auth[2] : 00 [2007/11/30 08:57:13.232558, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0055 id_auth[3] : 00 [2007/11/30 08:57:13.232571, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0056 id_auth[4] : 00 [2007/11/30 08:57:13.232587, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0057 id_auth[5] : 05 [2007/11/30 08:57:13.232601, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 0058 sub_auths : 00000020 00000225 [2007/11/30 08:57:13.232615, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 004a size : 0018 [2007/11/30 08:57:13.232628, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000060 sec_io_ace ace_list[03]: [2007/11/30 08:57:13.232641, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0060 type : 00 [2007/11/30 08:57:13.232654, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0061 flags: 00 [2007/11/30 08:57:13.232667, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0064 access_mask: 000f01ff [2007/11/30 08:57:13.232681, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000068 smb_io_dom_sid trustee [2007/11/30 08:57:13.232694, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0068 sid_rev_num: 01 [2007/11/30 08:57:13.232707, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0069 num_auths : 02 [2007/11/30 08:57:13.232720, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006a id_auth[0] : 00 [2007/11/30 08:57:13.232745, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006b id_auth[1] : 00 [2007/11/30 08:57:13.232759, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006c id_auth[2] : 00 [2007/11/30 08:57:13.232772, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006d id_auth[3] : 00 [2007/11/30 08:57:13.232785, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006e id_auth[4] : 00 [2007/11/30 08:57:13.232798, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006f id_auth[5] : 05 [2007/11/30 08:57:13.232811, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 0070 sub_auths : 00000020 00000220 [2007/11/30 08:57:13.232825, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0062 size : 0018 [2007/11/30 08:57:13.232838, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0016 size : 0064 [2007/11/30 08:57:13.232854, 10, pid=5594] registry/reg_db.c:regdb_store_values(624) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2007/11/30 08:57:13.232877, 10, pid=5594] registry/reg_db.c:regdb_close(308) regdb_close: decrementing refcount (2) [2007/11/30 08:57:13.232940, 10, pid=5594] registry/reg_db.c:regdb_open(277) regdb_open: incrementing refcount (2) [2007/11/30 08:57:13.232955, 7, pid=5594] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2007/11/30 08:57:13.232972, 10, pid=5594] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2007/11/30 08:57:13.232986, 10, pid=5594] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2007/11/30 08:57:13.233002, 10, pid=5594] lib/adt_tree.c:pathtree_find(414) pathtree_find: Exit [2007/11/30 08:57:13.233021, 5, pid=5594] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2007/11/30 08:57:13.233035, 10, pid=5594] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-5-21-2274471336-3138038065-606154707-512. [2007/11/30 08:57:13.233053, 3, pid=5594] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:57:13.233062, 3, pid=5594] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-512 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2007/11/30 08:57:13.233108, 5, pid=5594] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2007/11/30 08:57:13.233149, 10, pid=5594] registry/reg_db.c:regdb_store_values(624) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2007/11/30 08:57:13.233173, 10, pid=5594] registry/reg_db.c:regdb_close(308) regdb_close: decrementing refcount (2) [2007/11/30 08:57:13.233187, 10, pid=5594] registry/reg_db.c:regdb_open(277) regdb_open: incrementing refcount (2) [2007/11/30 08:57:13.233200, 7, pid=5594] registry/reg_frontend.c:regkey_open_internal(359) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2007/11/30 08:57:13.233218, 10, pid=5594] registry/reg_cachehook.c:reghook_cache_find(95) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2007/11/30 08:57:13.233232, 10, pid=5594] lib/adt_tree.c:pathtree_find(341) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2007/11/30 08:57:13.233247, 10, pid=5594] lib/adt_tree.c:pathtree_find(414) pathtree_find: Exit [2007/11/30 08:57:13.233278, 5, pid=5594] registry/reg_frontend.c:registry_access_check(59) registry_access_check: using root's token [2007/11/30 08:57:13.233292, 10, pid=5594] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-5-21-2274471336-3138038065-606154707-512. [2007/11/30 08:57:13.233309, 3, pid=5594] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:57:13.233318, 3, pid=5594] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-512 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 [2007/11/30 08:57:13.233366, 5, pid=5594] lib/util_seaccess.c:se_access_check(308) se_access_check: access (f003f) granted. [2007/11/30 08:57:13.233382, 5, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000000 sec_io_desc sec_desc [2007/11/30 08:57:13.233396, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0000 revision : 0001 [2007/11/30 08:57:13.233410, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0002 type : 8004 [2007/11/30 08:57:13.233423, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0004 off_owner_sid: 00000000 [2007/11/30 08:57:13.233437, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0008 off_grp_sid : 00000000 [2007/11/30 08:57:13.233450, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 000c off_sacl : 00000000 [2007/11/30 08:57:13.233463, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0010 off_dacl : 00000014 [2007/11/30 08:57:13.233476, 6, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000014 sec_io_acl dacl [2007/11/30 08:57:13.233489, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0014 revision: 0002 [2007/11/30 08:57:13.233503, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0018 num_aces : 00000004 [2007/11/30 08:57:13.233517, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 00001c sec_io_ace ace_list[00]: [2007/11/30 08:57:13.233530, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 001c type : 00 [2007/11/30 08:57:13.233543, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 001d flags: 00 [2007/11/30 08:57:13.233558, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0020 access_mask: 0002018d [2007/11/30 08:57:13.233571, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_dom_sid trustee [2007/11/30 08:57:13.233611, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0024 sid_rev_num: 01 [2007/11/30 08:57:13.233630, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0025 num_auths : 01 [2007/11/30 08:57:13.233648, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0026 id_auth[0] : 00 [2007/11/30 08:57:13.233666, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0027 id_auth[1] : 00 [2007/11/30 08:57:13.233683, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0028 id_auth[2] : 00 [2007/11/30 08:57:13.233701, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0029 id_auth[3] : 00 [2007/11/30 08:57:13.233719, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 002a id_auth[4] : 00 [2007/11/30 08:57:13.233736, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 002b id_auth[5] : 01 [2007/11/30 08:57:13.233754, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 002c sub_auths : 00000000 [2007/11/30 08:57:13.233772, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 001e size : 0014 [2007/11/30 08:57:13.233791, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000030 sec_io_ace ace_list[01]: [2007/11/30 08:57:13.233824, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0030 type : 00 [2007/11/30 08:57:13.233842, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0031 flags: 00 [2007/11/30 08:57:13.233860, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0034 access_mask: 000201fd [2007/11/30 08:57:13.233877, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000038 smb_io_dom_sid trustee [2007/11/30 08:57:13.233896, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0038 sid_rev_num: 01 [2007/11/30 08:57:13.233914, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0039 num_auths : 02 [2007/11/30 08:57:13.233932, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003a id_auth[0] : 00 [2007/11/30 08:57:13.233949, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003b id_auth[1] : 00 [2007/11/30 08:57:13.233967, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003c id_auth[2] : 00 [2007/11/30 08:57:13.233984, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003d id_auth[3] : 00 [2007/11/30 08:57:13.234002, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003e id_auth[4] : 00 [2007/11/30 08:57:13.234019, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 003f id_auth[5] : 05 [2007/11/30 08:57:13.234037, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 0040 sub_auths : 00000020 00000223 [2007/11/30 08:57:13.234055, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0032 size : 0018 [2007/11/30 08:57:13.234073, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000048 sec_io_ace ace_list[02]: [2007/11/30 08:57:13.234091, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0048 type : 00 [2007/11/30 08:57:13.234108, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0049 flags: 00 [2007/11/30 08:57:13.234125, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 004c access_mask: 000f01ff [2007/11/30 08:57:13.234142, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000050 smb_io_dom_sid trustee [2007/11/30 08:57:13.234159, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0050 sid_rev_num: 01 [2007/11/30 08:57:13.234177, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0051 num_auths : 02 [2007/11/30 08:57:13.234194, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0052 id_auth[0] : 00 [2007/11/30 08:57:13.234212, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0053 id_auth[1] : 00 [2007/11/30 08:57:13.234229, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0054 id_auth[2] : 00 [2007/11/30 08:57:13.234246, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0055 id_auth[3] : 00 [2007/11/30 08:57:13.234263, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0056 id_auth[4] : 00 [2007/11/30 08:57:13.234281, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0057 id_auth[5] : 05 [2007/11/30 08:57:13.234298, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 0058 sub_auths : 00000020 00000225 [2007/11/30 08:57:13.234317, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 004a size : 0018 [2007/11/30 08:57:13.234334, 7, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000060 sec_io_ace ace_list[03]: [2007/11/30 08:57:13.234352, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0060 type : 00 [2007/11/30 08:57:13.234369, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0061 flags: 00 [2007/11/30 08:57:13.234386, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32(710) 0064 access_mask: 000f01ff [2007/11/30 08:57:13.234403, 8, pid=5594] rpc_parse/parse_prs.c:prs_debug(84) 000068 smb_io_dom_sid trustee [2007/11/30 08:57:13.234421, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0068 sid_rev_num: 01 [2007/11/30 08:57:13.234452, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 0069 num_auths : 02 [2007/11/30 08:57:13.234471, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006a id_auth[0] : 00 [2007/11/30 08:57:13.234488, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006b id_auth[1] : 00 [2007/11/30 08:57:13.234506, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006c id_auth[2] : 00 [2007/11/30 08:57:13.234523, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006d id_auth[3] : 00 [2007/11/30 08:57:13.234541, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006e id_auth[4] : 00 [2007/11/30 08:57:13.234560, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint8(616) 006f id_auth[5] : 05 [2007/11/30 08:57:13.234577, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint32s(997) 0070 sub_auths : 00000020 00000220 [2007/11/30 08:57:13.234600, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0062 size : 0018 [2007/11/30 08:57:13.234618, 5, pid=5594] rpc_parse/parse_prs.c:prs_uint16(681) 0016 size : 0064 [2007/11/30 08:57:13.234639, 10, pid=5594] registry/reg_db.c:regdb_store_values(624) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2007/11/30 08:57:13.234672, 10, pid=5594] registry/reg_db.c:regdb_close(308) regdb_close: decrementing refcount (2) [2007/11/30 08:57:13.234692, 10, pid=5594] registry/reg_db.c:regdb_close(308) regdb_close: decrementing refcount (1) [2007/11/30 08:57:13.234729, 10, pid=5594] registry/reg_db.c:regdb_close(308) regdb_close: decrementing refcount (0) [2007/11/30 08:57:13.234912, 10, pid=5594] printing/nt_printing.c:update_c_setprinter(711) update_c_setprinter: c_setprinter = 0 [2007/11/30 08:57:13.234948, 3, pid=5594] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.234970, 3, pid=5594] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:13.234988, 3, pid=5594] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.235005, 5, pid=5594] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:13.235023, 5, pid=5594] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:13.235056, 6, pid=5594] passdb/pdb_interface.c:pdb_getsampwsid(281) pdb_getsampwsid: Building guest account [2007/11/30 08:57:13.235122, 10, pid=5594] passdb/pdb_get_set.c:pdb_set_username(581) pdb_set_username: setting username guest, was [2007/11/30 08:57:13.235144, 10, pid=5594] passdb/pdb_get_set.c:pdb_set_fullname(650) pdb_set_full_name: setting full name , was [2007/11/30 08:57:13.235164, 10, pid=5594] passdb/pdb_get_set.c:pdb_set_domain(604) pdb_set_domain: setting domain ZARTSOFT, was [2007/11/30 08:57:13.235184, 10, pid=5594] passdb/pdb_get_set.c:pdb_set_user_sid(510) pdb_set_user_sid: setting user sid S-1-5-21-2274471336-3138038065-606154707-501 [2007/11/30 08:57:13.235205, 10, pid=5594] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2274471336-3138038065-606154707-501 from rid 501 [2007/11/30 08:57:13.235238, 3, pid=5594] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:13.235258, 10, pid=5594] lib/util_pw.c:getpwnam_alloc(76) Got guest from pwnam_cache [2007/11/30 08:57:13.235278, 10, pid=5594] lib/util_pw.c:getpwnam_alloc(76) Got guest from pwnam_cache [2007/11/30 08:57:13.235335, 10, pid=5594] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [guest] [2007/11/30 08:57:13.235522, 3, pid=5594] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.235546, 3, pid=5594] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:13.235583, 3, pid=5594] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.235605, 5, pid=5594] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:13.235623, 5, pid=5594] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:13.235756, 3, pid=5594] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:13.235777, 10, pid=5594] passdb/lookup_sid.c:legacy_gid_to_sid(1197) LEGACY: gid 514 -> sid S-1-22-2-514 [2007/11/30 08:57:13.235798, 5, pid=5594] auth/auth_util.c:make_server_info_sam(623) make_server_info_sam: made server info for user guest -> guest [2007/11/30 08:57:13.235818, 10, pid=5594] auth/auth_util.c:create_local_nt_token(844) Create local NT token for S-1-5-21-2274471336-3138038065-606154707-501 [2007/11/30 08:57:13.235841, 3, pid=5594] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777218 -> S-1-5-32-544 [2007/11/30 08:57:13.235861, 3, pid=5594] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777219 -> S-1-5-32-545 [2007/11/30 08:57:13.235934, 3, pid=5594] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2274471336-3138038065-606154707-501] [2007/11/30 08:57:13.235961, 3, pid=5594] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-22-2-514] [2007/11/30 08:57:13.235986, 5, pid=5594] lib/privileges.c:get_privileges_for_sids(460) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:13.236021, 3, pid=5594] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2007/11/30 08:57:13.236046, 3, pid=5594] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2007/11/30 08:57:13.236065, 10, pid=5594] passdb/lookup_sid.c:sid_to_gid(1437) sid S-1-22-2-514 -> gid 514 [2007/11/30 08:57:13.236103, 3, pid=5594] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.236123, 3, pid=5594] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:13.236141, 3, pid=5594] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.236158, 5, pid=5594] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:13.236175, 5, pid=5594] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:13.236213, 3, pid=5594] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:13.236232, 10, pid=5594] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-1-0 [2007/11/30 08:57:13.236251, 10, pid=5594] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-1-0 to gid, ignoring it [2007/11/30 08:57:13.236290, 3, pid=5594] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.236310, 3, pid=5594] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:13.236327, 3, pid=5594] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.236344, 5, pid=5594] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:13.236361, 5, pid=5594] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:13.236397, 3, pid=5594] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:13.236418, 10, pid=5594] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-5-2 [2007/11/30 08:57:13.236436, 10, pid=5594] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-2 to gid, ignoring it [2007/11/30 08:57:13.236488, 3, pid=5594] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.236508, 3, pid=5594] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:13.236525, 3, pid=5594] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:13.236543, 5, pid=5594] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:13.236563, 5, pid=5594] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:13.236607, 3, pid=5594] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:13.236627, 10, pid=5594] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-5-32-546 [2007/11/30 08:57:13.236646, 10, pid=5594] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-32-546 to gid, ignoring it [2007/11/30 08:57:13.236664, 10, pid=5594] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-501 contains 5 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-501 SID[ 1]: S-1-22-2-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:13.236733, 5, pid=5594] smbd/connection.c:claim_connection(182) claiming 0 [2007/11/30 08:57:13.236865, 3, pid=5594] printing/printing.c:start_background_queue(1388) start_background_queue: Starting background LPQ thread [2007/11/30 08:57:13.237220, 5, pid=5596] printing/printing.c:start_background_queue(1398) start_background_queue: background LPQ thread started [2007/11/30 08:57:13.237309, 5, pid=5596] smbd/connection.c:claim_connection(182) claiming smbd lpq backend 0 [2007/11/30 08:57:13.237391, 5, pid=5596] printing/printing.c:start_background_queue(1410) start_background_queue: background LPQ thread waiting for messages [2007/11/30 08:57:13.237550, 10, pid=5594] lib/util_sock.c:open_socket_in(839) bind succeeded on port 445 [2007/11/30 08:57:13.237586, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 08:57:13.237611, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 08:57:13.237629, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 08:57:13.237648, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 0 [2007/11/30 08:57:13.237666, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 08:57:13.237683, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 08:57:13.237701, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 08:57:13.237720, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 08:57:13.237738, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 08:57:13.237756, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2007/11/30 08:57:13.237773, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2007/11/30 08:57:13.237791, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 08:57:13.237809, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 08:57:13.237827, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 08:57:13.237844, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 08:57:13.237864, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 08:57:13.237899, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 08:57:13.237918, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 08:57:13.237936, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 08:57:13.237954, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 08:57:13.237972, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 08:57:13.237989, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 08:57:13.238007, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 08:57:13.238026, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 08:57:13.238043, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2007/11/30 08:57:13.238061, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2007/11/30 08:57:13.238078, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 08:57:13.238096, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 08:57:13.238114, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 08:57:13.238131, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 08:57:13.238170, 10, pid=5594] lib/util_sock.c:open_socket_in(839) bind succeeded on port 139 [2007/11/30 08:57:13.238191, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 08:57:13.238210, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 08:57:13.238227, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 08:57:13.238246, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 0 [2007/11/30 08:57:13.238263, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 08:57:13.238281, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 08:57:13.238300, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 08:57:13.238318, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 08:57:13.238336, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 08:57:13.238353, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2007/11/30 08:57:13.238371, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2007/11/30 08:57:13.238389, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 08:57:13.238407, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 08:57:13.238424, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 08:57:13.238441, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 08:57:13.238461, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 08:57:13.238480, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 08:57:13.238497, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 08:57:13.238515, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 08:57:13.238532, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 08:57:13.238566, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 08:57:13.238585, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 08:57:13.238607, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 08:57:13.238625, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 08:57:13.238643, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2007/11/30 08:57:13.238660, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2007/11/30 08:57:13.238678, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 08:57:13.238696, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 08:57:13.238713, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 08:57:13.238731, 5, pid=5594] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 08:57:13.238770, 2, pid=5594] smbd/server.c:open_sockets_smbd(458) waiting for a connection [2007/11/30 08:57:21.569585, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 08:57:21.569696, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 08:57:21.569731, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 08:57:21.569755, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 08:57:21.569795, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 08:57:21.569922, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 08:57:21.569942, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 08:57:21.569962, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 08:57:21.569981, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 08:57:21.570000, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2007/11/30 08:57:21.570018, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2007/11/30 08:57:21.570038, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 08:57:21.570057, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 08:57:21.570076, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 08:57:21.570095, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 08:57:21.570168, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 08:57:21.570190, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 08:57:21.570209, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 08:57:21.570228, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 08:57:21.570247, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 08:57:21.570267, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 08:57:21.570286, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 08:57:21.570308, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 08:57:21.570328, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 08:57:21.570370, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2007/11/30 08:57:21.570392, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2007/11/30 08:57:21.570412, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 08:57:21.570431, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 08:57:21.570450, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 08:57:21.570469, 5, pid=5598] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 08:57:21.570784, 6, pid=5598] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:57:21.570841, 3, pid=5598] smbd/oplock.c:init_oplocks(863) init_oplocks: initializing messages. [2007/11/30 08:57:21.570986, 3, pid=5598] smbd/oplock_linux.c:linux_init_kernel_oplocks(276) Linux kernel oplocks enabled [2007/11/30 08:57:21.571089, 10, pid=5598] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 133 [2007/11/30 08:57:21.571125, 6, pid=5598] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x85 [2007/11/30 08:57:21.571147, 3, pid=5598] smbd/process.c:process_smb(1068) Transaction 0 of length 137 [2007/11/30 08:57:21.571167, 5, pid=5598] lib/util.c:show_msg(506) [2007/11/30 08:57:21.571179, 5, pid=5598] lib/util.c:show_msg(516) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2007/11/30 08:57:21.571250, 10, pid=5598] lib/util.c:dump_data(2285) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [060] 32 00 2. [2007/11/30 08:57:21.571369, 3, pid=5598] smbd/process.c:switch_message(926) switch message SMBnegprot (pid 5598) conn 0x0 [2007/11/30 08:57:21.571394, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.571416, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.571440, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.571477, 5, pid=5598] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:21.571502, 3, pid=5598] smbd/negprot.c:reply_negprot(505) Requested protocol [PC NETWORK PROGRAM 1.0] [2007/11/30 08:57:21.571524, 3, pid=5598] smbd/negprot.c:reply_negprot(505) Requested protocol [LANMAN1.0] [2007/11/30 08:57:21.571542, 3, pid=5598] smbd/negprot.c:reply_negprot(505) Requested protocol [Windows for Workgroups 3.1a] [2007/11/30 08:57:21.571560, 3, pid=5598] smbd/negprot.c:reply_negprot(505) Requested protocol [LM1.2X002] [2007/11/30 08:57:21.571577, 3, pid=5598] smbd/negprot.c:reply_negprot(505) Requested protocol [LANMAN2.1] [2007/11/30 08:57:21.571594, 3, pid=5598] smbd/negprot.c:reply_negprot(505) Requested protocol [NT LM 0.12] [2007/11/30 08:57:21.571621, 10, pid=5598] lib/util.c:set_remote_arch(2260) set_remote_arch: Client arch is 'Win2K' [2007/11/30 08:57:21.571653, 6, pid=5598] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:57:21.571695, 5, pid=5598] smbd/connection.c:claim_connection(182) claiming 0 [2007/11/30 08:57:21.571775, 6, pid=5598] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:57:21.571848, 3, pid=5598] smbd/negprot.c:reply_nt1(364) using SPNEGO [2007/11/30 08:57:21.571867, 3, pid=5598] smbd/negprot.c:reply_negprot(606) Selected protocol NT LM 0.12 [2007/11/30 08:57:21.571884, 5, pid=5598] smbd/negprot.c:reply_negprot(612) negprot index=5 [2007/11/30 08:57:21.571901, 5, pid=5598] lib/util.c:show_msg(506) [2007/11/30 08:57:21.571913, 5, pid=5598] lib/util.c:show_msg(516) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=56832 (0xDE00) smb_vwv[ 8]= 21 (0x15) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=35558 (0x8AE6) smb_vwv[13]= 1307 (0x51B) smb_vwv[14]=51251 (0xC833) smb_vwv[15]=54273 (0xD401) smb_vwv[16]= 254 (0xFE) smb_bcc=58 [2007/11/30 08:57:21.572077, 10, pid=5598] lib/util.c:dump_data(2285) [000] 67 6F 64 61 69 00 00 00 00 00 00 00 00 00 00 00 godai... ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2007/11/30 08:57:21.572510, 10, pid=5598] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 278 [2007/11/30 08:57:21.572537, 6, pid=5598] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x116 [2007/11/30 08:57:21.572556, 3, pid=5598] smbd/process.c:process_smb(1068) Transaction 1 of length 282 [2007/11/30 08:57:21.572573, 5, pid=5598] lib/util.c:show_msg(506) [2007/11/30 08:57:21.572585, 5, pid=5598] lib/util.c:show_msg(516) size=278 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=9472 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 278 (0x116) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=219 [2007/11/30 08:57:21.572724, 10, pid=5598] lib/util.c:dump_data(2285) [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 82 .(NTLMSS P....... [030] 08 A2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 05 02 CE 0E 00 00 00 0F 00 57 00 69 00 6E ........ ...W.i.n [050] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [060] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [070] 00 20 00 52 00 32 00 20 00 33 00 37 00 39 00 30 . .R.2. .3.7.9.0 [080] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [090] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [0A0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0B0] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r. [0C0] 00 32 00 30 00 30 00 33 00 20 00 52 00 32 00 20 .2.0.0.3 . .R.2. [0D0] 00 35 00 2E 00 32 00 00 00 00 00 .5...2.. ... [2007/11/30 08:57:21.572922, 3, pid=5598] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5598) conn 0x0 [2007/11/30 08:57:21.572941, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.572959, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.572995, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.573025, 5, pid=5598] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:21.573051, 3, pid=5598] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc807 [2007/11/30 08:57:21.573074, 2, pid=5598] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/11/30 08:57:21.573095, 3, pid=5598] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 08:57:21.573119, 3, pid=5598] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 R2 5.2] [2007/11/30 08:57:21.573154, 10, pid=5598] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 100 [2007/11/30 08:57:21.573178, 10, pid=5598] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 74, pblob->length = 74 [2007/11/30 08:57:21.573206, 5, pid=5598] smbd/sesssetup.c:parse_spnego_mechanisms(667) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2007/11/30 08:57:21.573224, 3, pid=5598] smbd/sesssetup.c:reply_spnego_negotiate(697) reply_spnego_negotiate: Got secblob of size 40 [2007/11/30 08:57:21.573255, 5, pid=5598] auth/auth.c:make_auth_context_subsystem(483) Making default auth method list for DC, security=user, encrypt passwords = yes [2007/11/30 08:57:21.573280, 5, pid=5598] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam [2007/11/30 08:57:21.573299, 5, pid=5598] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam' [2007/11/30 08:57:21.573317, 5, pid=5598] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam_ignoredomain [2007/11/30 08:57:21.573334, 5, pid=5598] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam_ignoredomain' [2007/11/30 08:57:21.573354, 5, pid=5598] auth/auth.c:smb_register_auth(47) Attempting to register auth backend unix [2007/11/30 08:57:21.573372, 5, pid=5598] auth/auth.c:smb_register_auth(59) Successfully added auth method 'unix' [2007/11/30 08:57:21.573391, 5, pid=5598] auth/auth.c:smb_register_auth(47) Attempting to register auth backend winbind [2007/11/30 08:57:21.573409, 5, pid=5598] auth/auth.c:smb_register_auth(59) Successfully added auth method 'winbind' [2007/11/30 08:57:21.573425, 5, pid=5598] auth/auth.c:smb_register_auth(47) Attempting to register auth backend smbserver [2007/11/30 08:57:21.573443, 5, pid=5598] auth/auth.c:smb_register_auth(59) Successfully added auth method 'smbserver' [2007/11/30 08:57:21.573462, 5, pid=5598] auth/auth.c:smb_register_auth(47) Attempting to register auth backend trustdomain [2007/11/30 08:57:21.573479, 5, pid=5598] auth/auth.c:smb_register_auth(59) Successfully added auth method 'trustdomain' [2007/11/30 08:57:21.573497, 5, pid=5598] auth/auth.c:smb_register_auth(47) Attempting to register auth backend ntdomain [2007/11/30 08:57:21.573514, 5, pid=5598] auth/auth.c:smb_register_auth(59) Successfully added auth method 'ntdomain' [2007/11/30 08:57:21.573532, 5, pid=5598] auth/auth.c:smb_register_auth(47) Attempting to register auth backend guest [2007/11/30 08:57:21.573550, 5, pid=5598] auth/auth.c:smb_register_auth(59) Successfully added auth method 'guest' [2007/11/30 08:57:21.573567, 5, pid=5598] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match guest [2007/11/30 08:57:21.573585, 5, pid=5598] auth/auth.c:load_auth_module(416) load_auth_module: auth method guest has a valid init [2007/11/30 08:57:21.573603, 5, pid=5598] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match sam [2007/11/30 08:57:21.573621, 5, pid=5598] auth/auth.c:load_auth_module(416) load_auth_module: auth method sam has a valid init [2007/11/30 08:57:21.573654, 5, pid=5598] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2007/11/30 08:57:21.573673, 5, pid=5598] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match trustdomain [2007/11/30 08:57:21.573692, 5, pid=5598] auth/auth.c:load_auth_module(416) load_auth_module: auth method trustdomain has a valid init [2007/11/30 08:57:21.573709, 5, pid=5598] auth/auth.c:load_auth_module(416) load_auth_module: auth method winbind has a valid init [2007/11/30 08:57:21.573738, 3, pid=5598] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xa2088207 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_56 [2007/11/30 08:57:21.573800, 5, pid=5598] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module guest did not want to specify a challenge [2007/11/30 08:57:21.573819, 5, pid=5598] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module sam did not want to specify a challenge [2007/11/30 08:57:21.573837, 5, pid=5598] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module winbind did not want to specify a challenge [2007/11/30 08:57:21.573868, 5, pid=5598] auth/auth.c:get_ntlm_challenge(137) auth_context challenge created by random [2007/11/30 08:57:21.573885, 5, pid=5598] auth/auth.c:get_ntlm_challenge(138) challenge is: [2007/11/30 08:57:21.573902, 5, pid=5598] lib/util.c:dump_data(2285) [000] 88 13 A8 87 0A F3 C6 DB ........ [2007/11/30 08:57:21.574736, 5, pid=5598] lib/util.c:show_msg(506) [2007/11/30 08:57:21.574759, 5, pid=5598] lib/util.c:show_msg(516) size=332 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=9472 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 221 (0xDD) smb_bcc=289 [2007/11/30 08:57:21.574860, 10, pid=5598] lib/util.c:dump_data(2285) [000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 10 00 10 00 30 TLMSSP.. .......0 [030] 00 00 00 05 82 89 A2 88 13 A8 87 0A F3 C6 DB 00 ........ ........ [040] 00 00 00 00 00 00 00 7E 00 7E 00 40 00 00 00 5A .......~ .~.@...Z [050] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 02 .A.R.T.S .O.F.T.. [060] 00 10 00 5A 00 41 00 52 00 54 00 53 00 4F 00 46 ...Z.A.R .T.S.O.F [070] 00 54 00 01 00 0A 00 47 00 4F 00 44 00 41 00 49 .T.....G .O.D.A.I [080] 00 04 00 22 00 6C 00 6F 00 63 00 61 00 6C 00 2E ...".l.o .c.a.l.. [090] 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 00 74 .z.a.r.t .s.o.f.t [0A0] 00 2E 00 72 00 75 00 03 00 2E 00 67 00 6F 00 64 ...r.u.. ...g.o.d [0B0] 00 61 00 69 00 2E 00 6C 00 6F 00 63 00 61 00 6C .a.i...l .o.c.a.l [0C0] 00 2E 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 ...z.a.r .t.s.o.f [0D0] 00 74 00 2E 00 72 00 75 00 00 00 00 00 55 00 6E .t...r.u .....U.n [0E0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0F0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 36 00 61 . .3...0 ...2.6.a [100] 00 2D 00 30 00 2E 00 66 00 63 00 37 00 00 00 5A .-.0...f .c.7...Z [110] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 00 .A.R.T.S .O.F.T.. [120] 00 . [2007/11/30 08:57:21.575381, 10, pid=5598] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 294 [2007/11/30 08:57:21.575406, 6, pid=5598] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x126 [2007/11/30 08:57:21.575425, 3, pid=5598] smbd/process.c:process_smb(1068) Transaction 2 of length 298 [2007/11/30 08:57:21.575443, 5, pid=5598] lib/util.c:show_msg(506) [2007/11/30 08:57:21.575471, 5, pid=5598] lib/util.c:show_msg(516) size=294 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=9536 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 294 (0x126) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 91 (0x5B) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=235 [2007/11/30 08:57:21.575613, 10, pid=5598] lib/util.c:dump_data(2285) [000] A1 59 30 57 A2 55 04 53 4E 54 4C 4D 53 53 50 00 .Y0W.U.S NTLMSSP. [010] 03 00 00 00 01 00 01 00 52 00 00 00 00 00 00 00 ........ R....... [020] 53 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 S....... H....... [030] 48 00 00 00 0A 00 0A 00 48 00 00 00 00 00 00 00 H....... H....... [040] 53 00 00 00 05 8A 88 A2 05 02 CE 0E 00 00 00 0F S....... ........ [050] 4B 00 59 00 4F 00 4B 00 4F 00 00 57 00 69 00 6E K.Y.O.K. O..W.i.n [060] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [070] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [080] 00 20 00 52 00 32 00 20 00 33 00 37 00 39 00 30 . .R.2. .3.7.9.0 [090] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [0A0] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [0B0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0C0] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r. [0D0] 00 32 00 30 00 30 00 33 00 20 00 52 00 32 00 20 .2.0.0.3 . .R.2. [0E0] 00 35 00 2E 00 32 00 00 00 00 00 .5...2.. ... [2007/11/30 08:57:21.575820, 3, pid=5598] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5598) conn 0x0 [2007/11/30 08:57:21.575840, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.575858, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.575874, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.575905, 5, pid=5598] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:21.575925, 3, pid=5598] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc807 [2007/11/30 08:57:21.575943, 2, pid=5598] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/11/30 08:57:21.575960, 3, pid=5598] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 08:57:21.575979, 3, pid=5598] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 R2 5.2] [2007/11/30 08:57:21.576001, 10, pid=5598] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 91, pblob->length = 91 [2007/11/30 08:57:21.576025, 3, pid=5598] libsmb/ntlmssp.c:ntlmssp_server_auth(739) Got user=[] domain=[] workstation=[KYOKO] len1=1 len2=0 [2007/11/30 08:57:21.576062, 6, pid=5598] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:57:21.576109, 5, pid=5598] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user []\[] from workstation [KYOKO] [2007/11/30 08:57:21.576129, 3, pid=5598] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:21.576149, 3, pid=5598] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:21.576167, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:21.576202, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.576220, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.576249, 5, pid=5598] auth/auth_util.c:is_trusted_domain(2198) is_trusted_domain: Checking for domain trust with [ZARTSOFT] [2007/11/30 08:57:21.576290, 5, pid=5598] passdb/secrets.c:secrets_fetch_trusted_domain_password(473) secrets_fetch failed! [2007/11/30 08:57:21.576318, 3, pid=5598] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.576358, 10, pid=5598] lib/gencache.c:gencache_get(212) Cache entry with key = TDOM/ZARTSOFT couldn't be found [2007/11/30 08:57:21.576380, 5, pid=5598] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain ZARTSOFT found. [2007/11/30 08:57:21.576399, 5, pid=5598] auth/auth_util.c:make_user_info(75) attempting to make a user_info for () [2007/11/30 08:57:21.576417, 5, pid=5598] auth/auth_util.c:make_user_info(85) making strings for 's user_info struct [2007/11/30 08:57:21.576435, 5, pid=5598] auth/auth_util.c:make_user_info(117) making blobs for 's user_info struct [2007/11/30 08:57:21.576453, 10, pid=5598] auth/auth_util.c:make_user_info(135) made an encrypted user_info for () [2007/11/30 08:57:21.576473, 3, pid=5598] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user []\[]@[KYOKO] with the new password interface [2007/11/30 08:57:21.576493, 3, pid=5598] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [ZARTSOFT]\[]@[KYOKO] [2007/11/30 08:57:21.576511, 10, pid=5598] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by random [2007/11/30 08:57:21.576529, 10, pid=5598] auth/auth.c:check_ntlm_password(235) challenge is: [2007/11/30 08:57:21.576546, 5, pid=5598] lib/util.c:dump_data(2285) [000] 88 13 A8 87 0A F3 C6 DB ........ [2007/11/30 08:57:21.576712, 3, pid=5598] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:21.576734, 3, pid=5598] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:21.576753, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:21.576770, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.576787, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.576825, 10, pid=5598] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 08:57:21.576851, 3, pid=5598] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.576885, 10, pid=5598] passdb/pdb_get_set.c:pdb_set_username(581) pdb_set_username: setting username guest, was [2007/11/30 08:57:21.576906, 10, pid=5598] passdb/pdb_get_set.c:pdb_set_domain(604) pdb_set_domain: setting domain ZARTSOFT, was [2007/11/30 08:57:21.576925, 10, pid=5598] passdb/pdb_get_set.c:pdb_set_nt_username(627) pdb_set_nt_username: setting nt username , was [2007/11/30 08:57:21.576944, 10, pid=5598] passdb/pdb_get_set.c:pdb_set_fullname(650) pdb_set_full_name: setting full name , was [2007/11/30 08:57:21.576963, 4, pid=5598] lib/substitute.c:automount_server(407) Home server: godai [2007/11/30 08:57:21.576989, 10, pid=5598] passdb/pdb_get_set.c:pdb_set_homedir(743) pdb_set_homedir: setting home dir \\godai\guest, was [2007/11/30 08:57:21.577008, 10, pid=5598] passdb/pdb_get_set.c:pdb_set_dir_drive(719) pdb_set_dir_drive: setting dir drive , was NULL [2007/11/30 08:57:21.577029, 10, pid=5598] passdb/pdb_get_set.c:pdb_set_logon_script(673) pdb_set_logon_script: setting logon script , was [2007/11/30 08:57:21.577048, 10, pid=5598] passdb/pdb_get_set.c:pdb_set_profile_path(696) pdb_set_profile_path: setting profile path , was [2007/11/30 08:57:21.577084, 10, pid=5598] passdb/pdb_get_set.c:pdb_set_workstations(786) pdb_set_workstations: setting workstations , was [2007/11/30 08:57:21.577104, 3, pid=5598] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:21.577127, 3, pid=5598] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:21.577145, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:21.577163, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.577180, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.577213, 10, pid=5598] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 08:57:21.577236, 3, pid=5598] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.577256, 10, pid=5598] passdb/pdb_get_set.c:pdb_set_user_sid(510) pdb_set_user_sid: setting user sid S-1-5-21-2274471336-3138038065-606154707-501 [2007/11/30 08:57:21.577288, 10, pid=5598] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2274471336-3138038065-606154707-501 from rid 501 [2007/11/30 08:57:21.577322, 3, pid=5598] auth/auth.c:check_ntlm_password(270) check_ntlm_password: guest authentication for user [] succeeded [2007/11/30 08:57:21.577343, 5, pid=5598] auth/auth.c:check_ntlm_password(309) check_ntlm_password: guest authentication for user [] -> [] -> [guest] succeeded [2007/11/30 08:57:21.577362, 5, pid=5598] auth/auth_util.c:free_user_info(2045) attempting to free (and zero) a user_info structure [2007/11/30 08:57:21.577380, 10, pid=5598] auth/auth_util.c:free_user_info(2049) structure was created for [2007/11/30 08:57:21.577400, 10, pid=5598] auth/auth_util.c:create_local_nt_token(844) Create local NT token for S-1-5-21-2274471336-3138038065-606154707-501 [2007/11/30 08:57:21.577425, 3, pid=5598] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777218 -> S-1-5-32-544 [2007/11/30 08:57:21.577447, 3, pid=5598] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777219 -> S-1-5-32-545 [2007/11/30 08:57:21.577515, 3, pid=5598] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2274471336-3138038065-606154707-501] [2007/11/30 08:57:21.577543, 5, pid=5598] lib/privileges.c:get_privileges_for_sids(460) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:21.577579, 3, pid=5598] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2007/11/30 08:57:21.577603, 3, pid=5598] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2007/11/30 08:57:21.577657, 3, pid=5598] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:21.577677, 3, pid=5598] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:21.577696, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:21.577714, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.577730, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.577770, 3, pid=5598] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.577790, 10, pid=5598] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-1-0 [2007/11/30 08:57:21.577811, 10, pid=5598] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-1-0 to gid, ignoring it [2007/11/30 08:57:21.577864, 3, pid=5598] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:21.577884, 3, pid=5598] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:21.577902, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:21.577919, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.577936, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.577974, 3, pid=5598] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.577993, 10, pid=5598] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-5-2 [2007/11/30 08:57:21.578012, 10, pid=5598] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-2 to gid, ignoring it [2007/11/30 08:57:21.578048, 3, pid=5598] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:21.578067, 3, pid=5598] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:21.578085, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:21.578102, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.578123, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.578161, 3, pid=5598] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.578181, 10, pid=5598] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-5-32-546 [2007/11/30 08:57:21.578200, 10, pid=5598] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-32-546 to gid, ignoring it [2007/11/30 08:57:21.578219, 10, pid=5598] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-501 contains 4 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:21.578282, 10, pid=5598] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2007/11/30 08:57:21.578302, 10, pid=5598] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144) Got LM session key of length 16 [2007/11/30 08:57:21.578321, 10, pid=5598] libsmb/ntlmssp.c:ntlmssp_server_auth(841) ntlmssp_server_auth: Using unmodified nt session key. [2007/11/30 08:57:21.578339, 3, pid=5598] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2007/11/30 08:57:21.578357, 3, pid=5598] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xa2088205 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_56 [2007/11/30 08:57:21.578431, 10, pid=5598] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 101 [2007/11/30 08:57:21.578452, 10, pid=5598] lib/util_pw.c:getpwnam_alloc(76) Got guest from pwnam_cache [2007/11/30 08:57:21.578471, 10, pid=5598] smbd/password.c:register_vuid(277) register_vuid: (514,514) guest ZARTSOFT guest=1 [2007/11/30 08:57:21.578489, 3, pid=5598] smbd/password.c:register_vuid(280) User name: guest Real name: [2007/11/30 08:57:21.578507, 3, pid=5598] smbd/password.c:register_vuid(301) UNIX uid 514 is UNIX user guest, and will be vuid 101 [2007/11/30 08:57:21.578542, 6, pid=5598] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:57:21.578584, 5, pid=5598] lib/util.c:show_msg(506) [2007/11/30 08:57:21.578611, 5, pid=5598] lib/util.c:show_msg(516) size=120 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=9536 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=77 [2007/11/30 08:57:21.578710, 10, pid=5598] lib/util.c:dump_data(2285) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 36 00 61 00 2D 00 30 ...0...2 .6.a.-.0 [030] 00 2E 00 66 00 63 00 37 00 00 00 5A 00 41 00 52 ...f.c.7 ...Z.A.R [040] 00 54 00 53 00 4F 00 46 00 54 00 00 00 .T.S.O.F .T... [2007/11/30 08:57:21.578971, 10, pid=5598] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 76 [2007/11/30 08:57:21.579001, 6, pid=5598] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x4c [2007/11/30 08:57:21.579021, 3, pid=5598] smbd/process.c:process_smb(1068) Transaction 3 of length 80 [2007/11/30 08:57:21.579039, 5, pid=5598] lib/util.c:show_msg(506) [2007/11/30 08:57:21.579050, 5, pid=5598] lib/util.c:show_msg(516) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=9600 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2007/11/30 08:57:21.579150, 10, pid=5598] lib/util.c:dump_data(2285) [000] 00 5C 00 5C 00 47 00 4F 00 44 00 41 00 49 00 5C .\.\.G.O .D.A.I.\ [010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [020] 00 . [2007/11/30 08:57:21.579200, 3, pid=5598] smbd/process.c:switch_message(926) switch message SMBtconX (pid 5598) conn 0x0 [2007/11/30 08:57:21.579219, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.579238, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.579255, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.579285, 5, pid=5598] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:21.579312, 4, pid=5598] smbd/reply.c:reply_tcon_and_X(506) Client requested device type [?????] for share [IPC$] [2007/11/30 08:57:21.579348, 5, pid=5598] smbd/service.c:make_connection(1205) making a connection to 'normal' service ipc$ [2007/11/30 08:57:21.579387, 5, pid=5598] lib/username.c:Get_Pwnam_alloc(131) Finding user guest [2007/11/30 08:57:21.579407, 5, pid=5598] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is guest [2007/11/30 08:57:21.579425, 10, pid=5598] lib/util_pw.c:getpwnam_alloc(76) Got guest from pwnam_cache [2007/11/30 08:57:21.579442, 5, pid=5598] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [guest]! [2007/11/30 08:57:21.579471, 10, pid=5598] smbd/service.c:set_conn_connectpath(156) set_conn_connectpath: service IPC$, connectpath = /tmp [2007/11/30 08:57:21.579491, 3, pid=5598] smbd/service.c:make_connection_snum(806) Connect path is '/tmp' for service [IPC$] [2007/11/30 08:57:21.579567, 4, pid=5598] lib/sharesec.c:get_share_security(132) get_share_security: using default secdesc for IPC$ [2007/11/30 08:57:21.579592, 10, pid=5598] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/11/30 08:57:21.579617, 10, pid=5598] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 4 entries and first sid S-1-5-21-2274471336-3138038065-606154707-501. [2007/11/30 08:57:21.579641, 3, pid=5598] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:57:21.579653, 3, pid=5598] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2007/11/30 08:57:21.579719, 5, pid=5598] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2007/11/30 08:57:21.579740, 3, pid=5598] smbd/vfs.c:vfs_init_default(95) Initialising default vfs hooks [2007/11/30 08:57:21.579764, 5, pid=5598] smbd/vfs.c:smb_register_vfs(85) Successfully added vfs backend '/[Default VFS]/' [2007/11/30 08:57:21.579784, 5, pid=5598] smbd/vfs.c:smb_register_vfs(85) Successfully added vfs backend 'posixacl' [2007/11/30 08:57:21.579802, 3, pid=5598] smbd/vfs.c:vfs_init_custom(128) Initialising custom vfs hooks from [/[Default VFS]/] Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2007/11/30 08:57:21.579831, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2007/11/30 08:57:21.579862, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2007/11/30 08:57:21.579891, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2007/11/30 08:57:21.579919, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2007/11/30 08:57:21.579948, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2007/11/30 08:57:21.579976, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2007/11/30 08:57:21.580005, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2007/11/30 08:57:21.580033, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2007/11/30 08:57:21.580061, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2007/11/30 08:57:21.580090, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2007/11/30 08:57:21.580123, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2007/11/30 08:57:21.580152, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2007/11/30 08:57:21.580180, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2007/11/30 08:57:21.580209, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2007/11/30 08:57:21.580250, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2007/11/30 08:57:21.580279, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2007/11/30 08:57:21.580308, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2007/11/30 08:57:21.580337, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2007/11/30 08:57:21.580365, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2007/11/30 08:57:21.580394, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2007/11/30 08:57:21.580422, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2007/11/30 08:57:21.580451, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2007/11/30 08:57:21.580479, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2007/11/30 08:57:21.580509, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2007/11/30 08:57:21.580541, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2007/11/30 08:57:21.580570, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2007/11/30 08:57:21.580599, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2007/11/30 08:57:21.580627, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2007/11/30 08:57:21.580655, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2007/11/30 08:57:21.580684, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2007/11/30 08:57:21.580712, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2007/11/30 08:57:21.580755, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2007/11/30 08:57:21.580784, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2007/11/30 08:57:21.580813, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2007/11/30 08:57:21.580841, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2007/11/30 08:57:21.580870, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2007/11/30 08:57:21.580898, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2007/11/30 08:57:21.580927, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2007/11/30 08:57:21.580955, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2007/11/30 08:57:21.580984, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2007/11/30 08:57:21.581012, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2007/11/30 08:57:21.581041, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2007/11/30 08:57:21.581069, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2007/11/30 08:57:21.581098, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2007/11/30 08:57:21.581130, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2007/11/30 08:57:21.581159, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2007/11/30 08:57:21.581188, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2007/11/30 08:57:21.581219, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2007/11/30 08:57:21.581249, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2007/11/30 08:57:21.581294, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2007/11/30 08:57:21.581323, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2007/11/30 08:57:21.581352, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2007/11/30 08:57:21.581380, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2007/11/30 08:57:21.581408, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2007/11/30 08:57:21.581437, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2007/11/30 08:57:21.581465, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2007/11/30 08:57:21.581493, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2007/11/30 08:57:21.581522, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2007/11/30 08:57:21.581550, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2007/11/30 08:57:21.581578, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2007/11/30 08:57:21.581606, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2007/11/30 08:57:21.581634, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2007/11/30 08:57:21.581663, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2007/11/30 08:57:21.581691, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2007/11/30 08:57:21.581719, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2007/11/30 08:57:21.581748, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2007/11/30 08:57:21.581791, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2007/11/30 08:57:21.581820, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2007/11/30 08:57:21.581848, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2007/11/30 08:57:21.581877, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2007/11/30 08:57:21.581908, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2007/11/30 08:57:21.581937, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2007/11/30 08:57:21.581966, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2007/11/30 08:57:21.581995, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2007/11/30 08:57:21.582024, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2007/11/30 08:57:21.582052, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2007/11/30 08:57:21.582081, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2007/11/30 08:57:21.582113, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2007/11/30 08:57:21.582141, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2007/11/30 08:57:21.582170, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2007/11/30 08:57:21.582198, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2007/11/30 08:57:21.582226, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2007/11/30 08:57:21.582255, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2007/11/30 08:57:21.582284, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2007/11/30 08:57:21.582324, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2007/11/30 08:57:21.582353, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2007/11/30 08:57:21.582382, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2007/11/30 08:57:21.582410, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2007/11/30 08:57:21.582439, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2007/11/30 08:57:21.582467, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2007/11/30 08:57:21.582496, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2007/11/30 08:57:21.582524, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2007/11/30 08:57:21.582552, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2007/11/30 08:57:21.582584, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2007/11/30 08:57:21.582612, 5, pid=5598] smbd/vfs.c:vfs_init_custom(174) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2007/11/30 08:57:21.582643, 5, pid=5598] smbd/connection.c:claim_connection(182) claiming IPC$ 0 [2007/11/30 08:57:21.582680, 10, pid=5598] smbd/share_access.c:user_ok_token(232) user_ok_token: share IPC$ is ok for unix user guest [2007/11/30 08:57:21.582704, 10, pid=5598] smbd/share_access.c:is_share_read_only_for_token(274) is_share_read_only_for_user: share IPC$ is read-only for unix user guest [2007/11/30 08:57:21.582731, 4, pid=5598] lib/sharesec.c:get_share_security(132) get_share_security: using default secdesc for IPC$ [2007/11/30 08:57:21.582750, 10, pid=5598] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/11/30 08:57:21.582770, 10, pid=5598] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-2274471336-3138038065-606154707-501. [2007/11/30 08:57:21.582794, 3, pid=5598] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:57:21.582806, 3, pid=5598] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2007/11/30 08:57:21.582867, 5, pid=5598] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2007/11/30 08:57:21.582888, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (514, 514) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.582907, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-501 contains 4 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:21.582966, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 514 Primary group is 514 and contains 0 supplementary groups [2007/11/30 08:57:21.583030, 5, pid=5598] smbd/uid.c:change_to_user(273) change_to_user uid=(514,514) gid=(0,514) [2007/11/30 08:57:21.583057, 3, pid=5598] smbd/service.c:make_connection_snum(1033) kyoko (192.168.64.5) connect to service IPC$ initially as user guest (uid=514, gid=514) (pid 5598) [2007/11/30 08:57:21.583080, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.583099, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.583120, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.583167, 5, pid=5598] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:21.583190, 3, pid=5598] smbd/reply.c:reply_tcon_and_X(574) tconX service=IPC$ [2007/11/30 08:57:21.583209, 5, pid=5598] lib/util.c:show_msg(506) [2007/11/30 08:57:21.583221, 5, pid=5598] lib/util.c:show_msg(516) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=9600 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2007/11/30 08:57:21.583334, 10, pid=5598] lib/util.c:dump_data(2285) [000] 49 50 43 00 00 00 00 IPC.... [2007/11/30 08:57:21.583517, 10, pid=5598] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 118 [2007/11/30 08:57:21.583542, 6, pid=5598] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x76 [2007/11/30 08:57:21.583561, 3, pid=5598] smbd/process.c:process_smb(1068) Transaction 4 of length 122 [2007/11/30 08:57:21.583578, 5, pid=5598] lib/util.c:show_msg(506) [2007/11/30 08:57:21.583590, 5, pid=5598] lib/util.c:show_msg(516) size=118 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=748 smb_uid=101 smb_mid=9664 smt_wct=14 smb_vwv[ 0]= 26 (0x1A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 4200 (0x1068) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 5000 (0x1388) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 26 (0x1A) smb_vwv[10]= 92 (0x5C) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=55 [2007/11/30 08:57:21.583742, 10, pid=5598] lib/util.c:dump_data(2285) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 4C 00 41 .\.P.I.P .E.\.L.A [010] 00 4E 00 4D 00 41 00 4E 00 00 00 00 00 68 00 57 .N.M.A.N .....h.W [020] 72 4C 65 68 44 4F 00 42 31 36 42 42 44 7A 00 01 rLehDO.B 16BBDz.. [030] 00 68 10 FF FF FF FF .h..... [2007/11/30 08:57:21.583807, 3, pid=5598] smbd/process.c:switch_message(926) switch message SMBtrans (pid 5598) conn 0x555555c19c20 [2007/11/30 08:57:21.583828, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (514, 514) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.583847, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-501 contains 4 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:21.583924, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 514 Primary group is 514 and contains 0 supplementary groups [2007/11/30 08:57:21.583980, 5, pid=5598] smbd/uid.c:change_to_user(273) change_to_user uid=(514,514) gid=(0,514) [2007/11/30 08:57:21.584006, 4, pid=5598] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to /tmp [2007/11/30 08:57:21.584046, 3, pid=5598] smbd/ipc.c:handle_trans(373) trans <\PIPE\LANMAN> data=0 params=26 setup=0 [2007/11/30 08:57:21.584075, 5, pid=5598] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/11/30 08:57:21.584094, 3, pid=5598] smbd/ipc.c:named_pipe(340) named pipe command on name [2007/11/30 08:57:21.584118, 3, pid=5598] smbd/lanman.c:api_reply(4406) Got API command 104 of form (tdscnt=0,tpscnt=26,mdrcnt=4200,mprcnt=8) [2007/11/30 08:57:21.584142, 3, pid=5598] smbd/lanman.c:api_reply(4410) Doing NetServerEnum [2007/11/30 08:57:21.584165, 4, pid=5598] smbd/lanman.c:api_RNetServerEnum(1335) server request level: B16BBDz 3fffffff domains_req:No local_only:No [2007/11/30 08:57:21.584207, 4, pid=5598] smbd/lanman.c:get_server_info(1104) Servertype search: 3fffffff [2007/11/30 08:57:21.584249, 4, pid=5598] smbd/lanman.c:get_server_info(1163) s: dom mismatch ZARTSOFT 80001000 ZARTSOFT [2007/11/30 08:57:21.584274, 4, pid=5598] smbd/lanman.c:get_server_info(1176) **SV** GODAI 899b2b godai ZARTSOFT [2007/11/30 08:57:21.584294, 4, pid=5598] smbd/lanman.c:api_RNetServerEnum(1371) fill_srv_info GODAI 899b2b godai ZARTSOFT [2007/11/30 08:57:21.584319, 4, pid=5598] smbd/lanman.c:api_RNetServerEnum(1408) fill_srv_info GODAI 899b2b godai ZARTSOFT [2007/11/30 08:57:21.584343, 3, pid=5598] smbd/lanman.c:api_RNetServerEnum(1426) NetServerEnum domain = ZARTSOFT uLevel=1 counted=1 total=1 [2007/11/30 08:57:21.584365, 5, pid=5598] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..8] data[0..32] [2007/11/30 08:57:21.584385, 5, pid=5598] lib/util.c:show_msg(506) [2007/11/30 08:57:21.584397, 5, pid=5598] lib/util.c:show_msg(516) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=748 smb_uid=101 smb_mid=9664 smt_wct=10 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 64 (0x40) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2007/11/30 08:57:21.584529, 10, pid=5598] lib/util.c:dump_data(2285) [000] 00 00 00 00 00 01 00 01 00 47 4F 44 41 49 00 00 ........ .GODAI.. [010] 00 00 00 00 00 00 00 00 00 00 00 2B 9B 89 00 1A ........ ...+.... [020] 00 00 00 67 6F 64 61 69 00 ...godai . [2007/11/30 08:57:21.584722, 10, pid=5598] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 39 [2007/11/30 08:57:21.584746, 6, pid=5598] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x27 [2007/11/30 08:57:21.584765, 3, pid=5598] smbd/process.c:process_smb(1068) Transaction 5 of length 43 [2007/11/30 08:57:21.584783, 5, pid=5598] lib/util.c:show_msg(506) [2007/11/30 08:57:21.584794, 5, pid=5598] lib/util.c:show_msg(516) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=9728 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2007/11/30 08:57:21.584881, 3, pid=5598] smbd/process.c:switch_message(926) switch message SMBulogoffX (pid 5598) conn 0x0 [2007/11/30 08:57:21.584900, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.584935, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.584953, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.584997, 5, pid=5598] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:21.585026, 3, pid=5598] smbd/reply.c:reply_ulogoffX(1560) ulogoffX vuid=101 [2007/11/30 08:57:21.585045, 5, pid=5598] lib/util.c:show_msg(506) [2007/11/30 08:57:21.585057, 5, pid=5598] lib/util.c:show_msg(516) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=9728 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2007/11/30 08:57:21.585287, 10, pid=5598] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/11/30 08:57:21.585311, 6, pid=5598] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x23 [2007/11/30 08:57:21.585329, 3, pid=5598] smbd/process.c:process_smb(1068) Transaction 6 of length 39 [2007/11/30 08:57:21.585346, 5, pid=5598] lib/util.c:show_msg(506) [2007/11/30 08:57:21.585358, 5, pid=5598] lib/util.c:show_msg(516) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=9792 smt_wct=0 smb_bcc=0 [2007/11/30 08:57:21.585432, 3, pid=5598] smbd/process.c:switch_message(926) switch message SMBtdis (pid 5598) conn 0x555555c19c20 [2007/11/30 08:57:21.585451, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.585468, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.585485, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.585513, 5, pid=5598] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:21.585539, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.585557, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.585574, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.585601, 5, pid=5598] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:21.585621, 3, pid=5598] smbd/service.c:close_cnum(1230) kyoko (192.168.64.5) closed connection to service IPC$ [2007/11/30 08:57:21.585642, 3, pid=5598] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2007/11/30 08:57:21.585675, 4, pid=5598] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to / [2007/11/30 08:57:21.585696, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:21.585714, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:21.585731, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:21.585759, 5, pid=5598] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:21.585784, 5, pid=5598] lib/util.c:show_msg(506) [2007/11/30 08:57:21.585797, 5, pid=5598] lib/util.c:show_msg(516) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=9792 smt_wct=0 smb_bcc=0 [2007/11/30 08:57:32.092692, 10, pid=5598] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2007/11/30 08:57:32.092762, 10, pid=5598] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length < 0! [2007/11/30 08:57:32.092933, 3, pid=5598] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). [2007/11/30 08:57:32.092960, 5, pid=5598] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/11/30 08:57:32.093212, 5, pid=5598] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/11/30 08:57:32.093243, 3, pid=5598] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.093265, 5, pid=5598] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.093285, 5, pid=5598] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.093319, 5, pid=5598] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:32.093354, 3, pid=5598] smbd/connection.c:yield_connection(69) Yielding connection to [2007/11/30 08:57:32.093418, 3, pid=5598] smbd/server.c:exit_server_common(768) Server exit (normal exit) [2007/11/30 08:57:32.095764, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 08:57:32.095871, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 08:57:32.095906, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 08:57:32.095931, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 08:57:32.095973, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 08:57:32.096099, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 08:57:32.096120, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 08:57:32.096141, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 08:57:32.096161, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 08:57:32.096182, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2007/11/30 08:57:32.096202, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2007/11/30 08:57:32.096222, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 08:57:32.096241, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 08:57:32.096262, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 08:57:32.096280, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 08:57:32.096303, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 08:57:32.096322, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 08:57:32.096340, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 08:57:32.096358, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 08:57:32.096375, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 08:57:32.096393, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 08:57:32.096412, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 08:57:32.096432, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 08:57:32.096451, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 08:57:32.096468, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 16384 [2007/11/30 08:57:32.096510, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87380 [2007/11/30 08:57:32.096529, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 08:57:32.096547, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 08:57:32.096565, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 08:57:32.096583, 5, pid=5599] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 08:57:32.096901, 6, pid=5599] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:57:32.096961, 3, pid=5599] smbd/oplock.c:init_oplocks(863) init_oplocks: initializing messages. [2007/11/30 08:57:32.097109, 3, pid=5599] smbd/oplock_linux.c:linux_init_kernel_oplocks(276) Linux kernel oplocks enabled [2007/11/30 08:57:32.097210, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 68 [2007/11/30 08:57:32.097240, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x81 of len 0x44 [2007/11/30 08:57:32.097263, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 0 of length 72 [2007/11/30 08:57:32.097297, 2, pid=5599] smbd/reply.c:reply_special(324) netbios connect: name1=GODAI name2=KYOKO [2007/11/30 08:57:32.097326, 2, pid=5599] smbd/reply.c:reply_special(331) netbios connect: local=godai remote=kyoko, name type = 0 [2007/11/30 08:57:32.097358, 6, pid=5599] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:57:32.097407, 5, pid=5599] smbd/reply.c:reply_special(371) init msg_type=0x81 msg_flags=0x0 [2007/11/30 08:57:32.097753, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 133 [2007/11/30 08:57:32.097784, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x85 [2007/11/30 08:57:32.097804, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 1 of length 137 [2007/11/30 08:57:32.097825, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:57:32.097837, 5, pid=5599] lib/util.c:show_msg(516) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2007/11/30 08:57:32.097911, 10, pid=5599] lib/util.c:dump_data(2285) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [060] 32 00 2. [2007/11/30 08:57:32.098021, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBnegprot (pid 5599) conn 0x0 [2007/11/30 08:57:32.098045, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.098069, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.098094, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.098130, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:32.098156, 3, pid=5599] smbd/negprot.c:reply_negprot(505) Requested protocol [PC NETWORK PROGRAM 1.0] [2007/11/30 08:57:32.098179, 3, pid=5599] smbd/negprot.c:reply_negprot(505) Requested protocol [LANMAN1.0] [2007/11/30 08:57:32.098198, 3, pid=5599] smbd/negprot.c:reply_negprot(505) Requested protocol [Windows for Workgroups 3.1a] [2007/11/30 08:57:32.098235, 3, pid=5599] smbd/negprot.c:reply_negprot(505) Requested protocol [LM1.2X002] [2007/11/30 08:57:32.098254, 3, pid=5599] smbd/negprot.c:reply_negprot(505) Requested protocol [LANMAN2.1] [2007/11/30 08:57:32.098271, 3, pid=5599] smbd/negprot.c:reply_negprot(505) Requested protocol [NT LM 0.12] [2007/11/30 08:57:32.098298, 10, pid=5599] lib/util.c:set_remote_arch(2260) set_remote_arch: Client arch is 'Win2K' [2007/11/30 08:57:32.098332, 6, pid=5599] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:57:32.098380, 5, pid=5599] smbd/connection.c:claim_connection(182) claiming 0 [2007/11/30 08:57:32.098444, 6, pid=5599] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:57:32.098518, 3, pid=5599] smbd/negprot.c:reply_nt1(364) using SPNEGO [2007/11/30 08:57:32.098537, 3, pid=5599] smbd/negprot.c:reply_negprot(606) Selected protocol NT LM 0.12 [2007/11/30 08:57:32.098555, 5, pid=5599] smbd/negprot.c:reply_negprot(612) negprot index=5 [2007/11/30 08:57:32.098571, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:57:32.098583, 5, pid=5599] lib/util.c:show_msg(516) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=57088 (0xDF00) smb_vwv[ 8]= 21 (0x15) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 6494 (0x195E) smb_vwv[13]= 1314 (0x522) smb_vwv[14]=51251 (0xC833) smb_vwv[15]=54273 (0xD401) smb_vwv[16]= 254 (0xFE) smb_bcc=58 [2007/11/30 08:57:32.098749, 10, pid=5599] lib/util.c:dump_data(2285) [000] 67 6F 64 61 69 00 00 00 00 00 00 00 00 00 00 00 godai... ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2007/11/30 08:57:32.099116, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 278 [2007/11/30 08:57:32.099164, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x116 [2007/11/30 08:57:32.099186, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 2 of length 282 [2007/11/30 08:57:32.099204, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:57:32.099216, 5, pid=5599] lib/util.c:show_msg(516) size=278 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=9856 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 278 (0x116) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=219 [2007/11/30 08:57:32.099359, 10, pid=5599] lib/util.c:dump_data(2285) [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 82 .(NTLMSS P....... [030] 08 A2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 05 02 CE 0E 00 00 00 0F 00 57 00 69 00 6E ........ ...W.i.n [050] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [060] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [070] 00 20 00 52 00 32 00 20 00 33 00 37 00 39 00 30 . .R.2. .3.7.9.0 [080] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [090] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [0A0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0B0] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r. [0C0] 00 32 00 30 00 30 00 33 00 20 00 52 00 32 00 20 .2.0.0.3 . .R.2. [0D0] 00 35 00 2E 00 32 00 00 00 00 00 .5...2.. ... [2007/11/30 08:57:32.099597, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5599) conn 0x0 [2007/11/30 08:57:32.099617, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.099640, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.099659, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.099688, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:32.099713, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc807 [2007/11/30 08:57:32.099736, 2, pid=5599] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/11/30 08:57:32.099756, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 08:57:32.099777, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 R2 5.2] [2007/11/30 08:57:32.099810, 10, pid=5599] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 100 [2007/11/30 08:57:32.099834, 10, pid=5599] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 74, pblob->length = 74 [2007/11/30 08:57:32.099864, 5, pid=5599] smbd/sesssetup.c:parse_spnego_mechanisms(667) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2007/11/30 08:57:32.099889, 3, pid=5599] smbd/sesssetup.c:reply_spnego_negotiate(697) reply_spnego_negotiate: Got secblob of size 40 [2007/11/30 08:57:32.099921, 5, pid=5599] auth/auth.c:make_auth_context_subsystem(483) Making default auth method list for DC, security=user, encrypt passwords = yes [2007/11/30 08:57:32.099946, 5, pid=5599] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam [2007/11/30 08:57:32.099965, 5, pid=5599] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam' [2007/11/30 08:57:32.099985, 5, pid=5599] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam_ignoredomain [2007/11/30 08:57:32.100003, 5, pid=5599] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam_ignoredomain' [2007/11/30 08:57:32.100023, 5, pid=5599] auth/auth.c:smb_register_auth(47) Attempting to register auth backend unix [2007/11/30 08:57:32.100041, 5, pid=5599] auth/auth.c:smb_register_auth(59) Successfully added auth method 'unix' [2007/11/30 08:57:32.100060, 5, pid=5599] auth/auth.c:smb_register_auth(47) Attempting to register auth backend winbind [2007/11/30 08:57:32.100079, 5, pid=5599] auth/auth.c:smb_register_auth(59) Successfully added auth method 'winbind' [2007/11/30 08:57:32.100096, 5, pid=5599] auth/auth.c:smb_register_auth(47) Attempting to register auth backend smbserver [2007/11/30 08:57:32.100116, 5, pid=5599] auth/auth.c:smb_register_auth(59) Successfully added auth method 'smbserver' [2007/11/30 08:57:32.100136, 5, pid=5599] auth/auth.c:smb_register_auth(47) Attempting to register auth backend trustdomain [2007/11/30 08:57:32.100154, 5, pid=5599] auth/auth.c:smb_register_auth(59) Successfully added auth method 'trustdomain' [2007/11/30 08:57:32.100172, 5, pid=5599] auth/auth.c:smb_register_auth(47) Attempting to register auth backend ntdomain [2007/11/30 08:57:32.100189, 5, pid=5599] auth/auth.c:smb_register_auth(59) Successfully added auth method 'ntdomain' [2007/11/30 08:57:32.101167, 5, pid=5599] auth/auth.c:smb_register_auth(47) Attempting to register auth backend guest [2007/11/30 08:57:32.101186, 5, pid=5599] auth/auth.c:smb_register_auth(59) Successfully added auth method 'guest' [2007/11/30 08:57:32.101203, 5, pid=5599] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match guest [2007/11/30 08:57:32.101222, 5, pid=5599] auth/auth.c:load_auth_module(416) load_auth_module: auth method guest has a valid init [2007/11/30 08:57:32.101240, 5, pid=5599] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match sam [2007/11/30 08:57:32.101260, 5, pid=5599] auth/auth.c:load_auth_module(416) load_auth_module: auth method sam has a valid init [2007/11/30 08:57:32.101278, 5, pid=5599] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2007/11/30 08:57:32.101297, 5, pid=5599] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match trustdomain [2007/11/30 08:57:32.101315, 5, pid=5599] auth/auth.c:load_auth_module(416) load_auth_module: auth method trustdomain has a valid init [2007/11/30 08:57:32.101332, 5, pid=5599] auth/auth.c:load_auth_module(416) load_auth_module: auth method winbind has a valid init [2007/11/30 08:57:32.101361, 3, pid=5599] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xa2088207 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_56 [2007/11/30 08:57:32.101434, 5, pid=5599] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module guest did not want to specify a challenge [2007/11/30 08:57:32.101454, 5, pid=5599] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module sam did not want to specify a challenge [2007/11/30 08:57:32.101471, 5, pid=5599] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module winbind did not want to specify a challenge [2007/11/30 08:57:32.101505, 5, pid=5599] auth/auth.c:get_ntlm_challenge(137) auth_context challenge created by random [2007/11/30 08:57:32.101524, 5, pid=5599] auth/auth.c:get_ntlm_challenge(138) challenge is: [2007/11/30 08:57:32.101540, 5, pid=5599] lib/util.c:dump_data(2285) [000] 45 C1 C7 39 11 C4 09 CF E..9.... [2007/11/30 08:57:32.102382, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:57:32.102410, 5, pid=5599] lib/util.c:show_msg(516) size=332 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=9856 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 221 (0xDD) smb_bcc=289 [2007/11/30 08:57:32.102521, 10, pid=5599] lib/util.c:dump_data(2285) [000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 10 00 10 00 30 TLMSSP.. .......0 [030] 00 00 00 05 82 89 A2 45 C1 C7 39 11 C4 09 CF 00 .......E ..9..... [040] 00 00 00 00 00 00 00 7E 00 7E 00 40 00 00 00 5A .......~ .~.@...Z [050] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 02 .A.R.T.S .O.F.T.. [060] 00 10 00 5A 00 41 00 52 00 54 00 53 00 4F 00 46 ...Z.A.R .T.S.O.F [070] 00 54 00 01 00 0A 00 47 00 4F 00 44 00 41 00 49 .T.....G .O.D.A.I [080] 00 04 00 22 00 6C 00 6F 00 63 00 61 00 6C 00 2E ...".l.o .c.a.l.. [090] 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 00 74 .z.a.r.t .s.o.f.t [0A0] 00 2E 00 72 00 75 00 03 00 2E 00 67 00 6F 00 64 ...r.u.. ...g.o.d [0B0] 00 61 00 69 00 2E 00 6C 00 6F 00 63 00 61 00 6C .a.i...l .o.c.a.l [0C0] 00 2E 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 ...z.a.r .t.s.o.f [0D0] 00 74 00 2E 00 72 00 75 00 00 00 00 00 55 00 6E .t...r.u .....U.n [0E0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0F0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 36 00 61 . .3...0 ...2.6.a [100] 00 2D 00 30 00 2E 00 66 00 63 00 37 00 00 00 5A .-.0...f .c.7...Z [110] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 00 .A.R.T.S .O.F.T.. [120] 00 . [2007/11/30 08:57:32.103018, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 294 [2007/11/30 08:57:32.103043, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x126 [2007/11/30 08:57:32.103062, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 3 of length 298 [2007/11/30 08:57:32.103080, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:57:32.103092, 5, pid=5599] lib/util.c:show_msg(516) size=294 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=9920 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 294 (0x126) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 91 (0x5B) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=235 [2007/11/30 08:57:32.103236, 10, pid=5599] lib/util.c:dump_data(2285) [000] A1 59 30 57 A2 55 04 53 4E 54 4C 4D 53 53 50 00 .Y0W.U.S NTLMSSP. [010] 03 00 00 00 01 00 01 00 52 00 00 00 00 00 00 00 ........ R....... [020] 53 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 S....... H....... [030] 48 00 00 00 0A 00 0A 00 48 00 00 00 00 00 00 00 H....... H....... [040] 53 00 00 00 05 8A 88 A2 05 02 CE 0E 00 00 00 0F S....... ........ [050] 4B 00 59 00 4F 00 4B 00 4F 00 00 57 00 69 00 6E K.Y.O.K. O..W.i.n [060] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [070] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [080] 00 20 00 52 00 32 00 20 00 33 00 37 00 39 00 30 . .R.2. .3.7.9.0 [090] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [0A0] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [0B0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0C0] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r. [0D0] 00 32 00 30 00 30 00 33 00 20 00 52 00 32 00 20 .2.0.0.3 . .R.2. [0E0] 00 35 00 2E 00 32 00 00 00 00 00 .5...2.. ... [2007/11/30 08:57:32.103445, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5599) conn 0x0 [2007/11/30 08:57:32.103465, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.103483, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.103505, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.103536, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:32.103557, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc807 [2007/11/30 08:57:32.103575, 2, pid=5599] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/11/30 08:57:32.103592, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 08:57:32.103611, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 R2 5.2] [2007/11/30 08:57:32.103633, 10, pid=5599] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 91, pblob->length = 91 [2007/11/30 08:57:32.103658, 3, pid=5599] libsmb/ntlmssp.c:ntlmssp_server_auth(739) Got user=[] domain=[] workstation=[KYOKO] len1=1 len2=0 [2007/11/30 08:57:32.103711, 6, pid=5599] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:57:32.103755, 5, pid=5599] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user []\[] from workstation [KYOKO] [2007/11/30 08:57:32.103775, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:32.103794, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:32.103812, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:32.103830, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.103846, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.103874, 5, pid=5599] auth/auth_util.c:is_trusted_domain(2198) is_trusted_domain: Checking for domain trust with [ZARTSOFT] [2007/11/30 08:57:32.103915, 5, pid=5599] passdb/secrets.c:secrets_fetch_trusted_domain_password(473) secrets_fetch failed! [2007/11/30 08:57:32.103941, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.103984, 10, pid=5599] lib/gencache.c:gencache_get(212) Cache entry with key = TDOM/ZARTSOFT couldn't be found [2007/11/30 08:57:32.104005, 5, pid=5599] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain ZARTSOFT found. [2007/11/30 08:57:32.104024, 5, pid=5599] auth/auth_util.c:make_user_info(75) attempting to make a user_info for () [2007/11/30 08:57:32.104042, 5, pid=5599] auth/auth_util.c:make_user_info(85) making strings for 's user_info struct [2007/11/30 08:57:32.104060, 5, pid=5599] auth/auth_util.c:make_user_info(117) making blobs for 's user_info struct [2007/11/30 08:57:32.104077, 10, pid=5599] auth/auth_util.c:make_user_info(135) made an encrypted user_info for () [2007/11/30 08:57:32.104097, 3, pid=5599] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user []\[]@[KYOKO] with the new password interface [2007/11/30 08:57:32.104117, 3, pid=5599] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [ZARTSOFT]\[]@[KYOKO] [2007/11/30 08:57:32.104135, 10, pid=5599] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by random [2007/11/30 08:57:32.104153, 10, pid=5599] auth/auth.c:check_ntlm_password(235) challenge is: [2007/11/30 08:57:32.104169, 5, pid=5599] lib/util.c:dump_data(2285) [000] 45 C1 C7 39 11 C4 09 CF E..9.... [2007/11/30 08:57:32.104333, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:32.104355, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:32.104373, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:32.104391, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.104408, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.104446, 10, pid=5599] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 08:57:32.104472, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.104510, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_username(581) pdb_set_username: setting username guest, was [2007/11/30 08:57:32.104532, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_domain(604) pdb_set_domain: setting domain ZARTSOFT, was [2007/11/30 08:57:32.104551, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_nt_username(627) pdb_set_nt_username: setting nt username , was [2007/11/30 08:57:32.104585, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_fullname(650) pdb_set_full_name: setting full name , was [2007/11/30 08:57:32.104605, 4, pid=5599] lib/substitute.c:automount_server(407) Home server: godai [2007/11/30 08:57:32.104631, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_homedir(743) pdb_set_homedir: setting home dir \\godai\guest, was [2007/11/30 08:57:32.104650, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_dir_drive(719) pdb_set_dir_drive: setting dir drive , was NULL [2007/11/30 08:57:32.104671, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_logon_script(673) pdb_set_logon_script: setting logon script , was [2007/11/30 08:57:32.104690, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_profile_path(696) pdb_set_profile_path: setting profile path , was [2007/11/30 08:57:32.104708, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_workstations(786) pdb_set_workstations: setting workstations , was [2007/11/30 08:57:32.104728, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:32.104747, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:32.104765, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:32.104782, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.104799, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.104831, 10, pid=5599] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 08:57:32.104855, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.104875, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_user_sid(510) pdb_set_user_sid: setting user sid S-1-5-21-2274471336-3138038065-606154707-501 [2007/11/30 08:57:32.104907, 10, pid=5599] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2274471336-3138038065-606154707-501 from rid 501 [2007/11/30 08:57:32.104939, 3, pid=5599] auth/auth.c:check_ntlm_password(270) check_ntlm_password: guest authentication for user [] succeeded [2007/11/30 08:57:32.104960, 5, pid=5599] auth/auth.c:check_ntlm_password(309) check_ntlm_password: guest authentication for user [] -> [] -> [guest] succeeded [2007/11/30 08:57:32.104981, 5, pid=5599] auth/auth_util.c:free_user_info(2045) attempting to free (and zero) a user_info structure [2007/11/30 08:57:32.104999, 10, pid=5599] auth/auth_util.c:free_user_info(2049) structure was created for [2007/11/30 08:57:32.105020, 10, pid=5599] auth/auth_util.c:create_local_nt_token(844) Create local NT token for S-1-5-21-2274471336-3138038065-606154707-501 [2007/11/30 08:57:32.105044, 3, pid=5599] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777218 -> S-1-5-32-544 [2007/11/30 08:57:32.105066, 3, pid=5599] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777219 -> S-1-5-32-545 [2007/11/30 08:57:32.105134, 3, pid=5599] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2274471336-3138038065-606154707-501] [2007/11/30 08:57:32.105162, 5, pid=5599] lib/privileges.c:get_privileges_for_sids(460) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:32.105197, 3, pid=5599] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2007/11/30 08:57:32.105222, 3, pid=5599] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2007/11/30 08:57:32.105276, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:32.105296, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:32.105331, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:32.105350, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.105367, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.105407, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.105426, 10, pid=5599] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-1-0 [2007/11/30 08:57:32.105448, 10, pid=5599] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-1-0 to gid, ignoring it [2007/11/30 08:57:32.105485, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:32.105507, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:32.105525, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:32.105543, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.105560, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.105597, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.105616, 10, pid=5599] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-5-2 [2007/11/30 08:57:32.105635, 10, pid=5599] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-2 to gid, ignoring it [2007/11/30 08:57:32.105671, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:57:32.105690, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:57:32.105707, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:57:32.105725, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.105741, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.105778, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.105797, 10, pid=5599] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-5-32-546 [2007/11/30 08:57:32.105816, 10, pid=5599] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-32-546 to gid, ignoring it [2007/11/30 08:57:32.105835, 10, pid=5599] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-501 contains 4 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:32.105897, 10, pid=5599] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2007/11/30 08:57:32.105916, 10, pid=5599] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144) Got LM session key of length 16 [2007/11/30 08:57:32.105934, 10, pid=5599] libsmb/ntlmssp.c:ntlmssp_server_auth(841) ntlmssp_server_auth: Using unmodified nt session key. [2007/11/30 08:57:32.105953, 3, pid=5599] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2007/11/30 08:57:32.105972, 3, pid=5599] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xa2088205 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_56 [2007/11/30 08:57:32.106046, 10, pid=5599] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 101 [2007/11/30 08:57:32.106083, 10, pid=5599] lib/util_pw.c:getpwnam_alloc(76) Got guest from pwnam_cache [2007/11/30 08:57:32.106103, 10, pid=5599] smbd/password.c:register_vuid(277) register_vuid: (514,514) guest ZARTSOFT guest=1 [2007/11/30 08:57:32.106122, 3, pid=5599] smbd/password.c:register_vuid(280) User name: guest Real name: [2007/11/30 08:57:32.106139, 3, pid=5599] smbd/password.c:register_vuid(301) UNIX uid 514 is UNIX user guest, and will be vuid 101 [2007/11/30 08:57:32.106174, 6, pid=5599] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:57:32.106217, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:57:32.106229, 5, pid=5599] lib/util.c:show_msg(516) size=120 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=9920 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=77 [2007/11/30 08:57:32.106325, 10, pid=5599] lib/util.c:dump_data(2285) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 36 00 61 00 2D 00 30 ...0...2 .6.a.-.0 [030] 00 2E 00 66 00 63 00 37 00 00 00 5A 00 41 00 52 ...f.c.7 ...Z.A.R [040] 00 54 00 53 00 4F 00 46 00 54 00 00 00 .T.S.O.F .T... [2007/11/30 08:57:32.106616, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 76 [2007/11/30 08:57:32.106647, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x4c [2007/11/30 08:57:32.106667, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 4 of length 80 [2007/11/30 08:57:32.106686, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:57:32.106697, 5, pid=5599] lib/util.c:show_msg(516) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=9984 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2007/11/30 08:57:32.106793, 10, pid=5599] lib/util.c:dump_data(2285) [000] 00 5C 00 5C 00 47 00 4F 00 44 00 41 00 49 00 5C .\.\.G.O .D.A.I.\ [010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [020] 00 . [2007/11/30 08:57:32.106843, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBtconX (pid 5599) conn 0x0 [2007/11/30 08:57:32.106862, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.106881, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.106898, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.106928, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:32.106955, 4, pid=5599] smbd/reply.c:reply_tcon_and_X(506) Client requested device type [?????] for share [IPC$] [2007/11/30 08:57:32.106989, 5, pid=5599] smbd/service.c:make_connection(1205) making a connection to 'normal' service ipc$ [2007/11/30 08:57:32.107029, 5, pid=5599] lib/username.c:Get_Pwnam_alloc(131) Finding user guest [2007/11/30 08:57:32.107048, 5, pid=5599] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is guest [2007/11/30 08:57:32.107066, 10, pid=5599] lib/util_pw.c:getpwnam_alloc(76) Got guest from pwnam_cache [2007/11/30 08:57:32.107083, 5, pid=5599] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [guest]! [2007/11/30 08:57:32.107112, 10, pid=5599] smbd/service.c:set_conn_connectpath(156) set_conn_connectpath: service IPC$, connectpath = /tmp [2007/11/30 08:57:32.107150, 3, pid=5599] smbd/service.c:make_connection_snum(806) Connect path is '/tmp' for service [IPC$] [2007/11/30 08:57:32.107230, 4, pid=5599] lib/sharesec.c:get_share_security(132) get_share_security: using default secdesc for IPC$ [2007/11/30 08:57:32.107255, 10, pid=5599] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/11/30 08:57:32.107279, 10, pid=5599] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 4 entries and first sid S-1-5-21-2274471336-3138038065-606154707-501. [2007/11/30 08:57:32.107304, 3, pid=5599] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:57:32.107316, 3, pid=5599] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2007/11/30 08:57:32.107365, 5, pid=5599] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2007/11/30 08:57:32.107386, 3, pid=5599] smbd/vfs.c:vfs_init_default(95) Initialising default vfs hooks [2007/11/30 08:57:32.107409, 5, pid=5599] smbd/vfs.c:smb_register_vfs(85) Successfully added vfs backend '/[Default VFS]/' [2007/11/30 08:57:32.107430, 5, pid=5599] smbd/vfs.c:smb_register_vfs(85) Successfully added vfs backend 'posixacl' [2007/11/30 08:57:32.107448, 3, pid=5599] smbd/vfs.c:vfs_init_custom(128) Initialising custom vfs hooks from [/[Default VFS]/] Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2007/11/30 08:57:32.107477, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2007/11/30 08:57:32.107513, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2007/11/30 08:57:32.107543, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2007/11/30 08:57:32.107572, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2007/11/30 08:57:32.107600, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2007/11/30 08:57:32.107629, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2007/11/30 08:57:32.107658, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2007/11/30 08:57:32.107686, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2007/11/30 08:57:32.107715, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2007/11/30 08:57:32.107743, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2007/11/30 08:57:32.107786, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2007/11/30 08:57:32.107817, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2007/11/30 08:57:32.107846, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2007/11/30 08:57:32.107875, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2007/11/30 08:57:32.107903, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2007/11/30 08:57:32.107932, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2007/11/30 08:57:32.107961, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2007/11/30 08:57:32.107990, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2007/11/30 08:57:32.108019, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2007/11/30 08:57:32.108047, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2007/11/30 08:57:32.108076, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2007/11/30 08:57:32.108105, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2007/11/30 08:57:32.108133, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2007/11/30 08:57:32.108163, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2007/11/30 08:57:32.108195, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2007/11/30 08:57:32.108224, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2007/11/30 08:57:32.108253, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2007/11/30 08:57:32.108281, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2007/11/30 08:57:32.108324, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2007/11/30 08:57:32.108353, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2007/11/30 08:57:32.108382, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2007/11/30 08:57:32.108410, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2007/11/30 08:57:32.108438, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2007/11/30 08:57:32.108467, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2007/11/30 08:57:32.108499, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2007/11/30 08:57:32.108528, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2007/11/30 08:57:32.108557, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2007/11/30 08:57:32.108585, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2007/11/30 08:57:32.108614, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2007/11/30 08:57:32.108642, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2007/11/30 08:57:32.108671, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2007/11/30 08:57:32.108699, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2007/11/30 08:57:32.108728, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2007/11/30 08:57:32.108756, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2007/11/30 08:57:32.108785, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2007/11/30 08:57:32.108828, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2007/11/30 08:57:32.108857, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2007/11/30 08:57:32.108889, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2007/11/30 08:57:32.108919, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2007/11/30 08:57:32.108948, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2007/11/30 08:57:32.108977, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2007/11/30 08:57:32.109005, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2007/11/30 08:57:32.109033, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2007/11/30 08:57:32.109062, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2007/11/30 08:57:32.109090, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2007/11/30 08:57:32.109119, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2007/11/30 08:57:32.109147, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2007/11/30 08:57:32.109175, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2007/11/30 08:57:32.109204, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2007/11/30 08:57:32.109232, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2007/11/30 08:57:32.109260, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2007/11/30 08:57:32.109288, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2007/11/30 08:57:32.109317, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2007/11/30 08:57:32.109360, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2007/11/30 08:57:32.109389, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2007/11/30 08:57:32.109417, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2007/11/30 08:57:32.109446, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2007/11/30 08:57:32.109474, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2007/11/30 08:57:32.109507, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2007/11/30 08:57:32.109536, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2007/11/30 08:57:32.109568, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2007/11/30 08:57:32.109597, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2007/11/30 08:57:32.109626, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2007/11/30 08:57:32.109655, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2007/11/30 08:57:32.109684, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2007/11/30 08:57:32.109713, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2007/11/30 08:57:32.109741, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2007/11/30 08:57:32.109769, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2007/11/30 08:57:32.109798, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2007/11/30 08:57:32.109826, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2007/11/30 08:57:32.109868, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2007/11/30 08:57:32.109898, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2007/11/30 08:57:32.109926, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2007/11/30 08:57:32.109954, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2007/11/30 08:57:32.109983, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2007/11/30 08:57:32.110012, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2007/11/30 08:57:32.110040, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2007/11/30 08:57:32.110069, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2007/11/30 08:57:32.110097, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2007/11/30 08:57:32.110126, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2007/11/30 08:57:32.110154, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2007/11/30 08:57:32.110183, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2007/11/30 08:57:32.110211, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2007/11/30 08:57:32.110242, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2007/11/30 08:57:32.110271, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2007/11/30 08:57:32.110302, 5, pid=5599] smbd/connection.c:claim_connection(182) claiming IPC$ 0 [2007/11/30 08:57:32.110339, 10, pid=5599] smbd/share_access.c:user_ok_token(232) user_ok_token: share IPC$ is ok for unix user guest [2007/11/30 08:57:32.110363, 10, pid=5599] smbd/share_access.c:is_share_read_only_for_token(274) is_share_read_only_for_user: share IPC$ is read-only for unix user guest [2007/11/30 08:57:32.110389, 4, pid=5599] lib/sharesec.c:get_share_security(132) get_share_security: using default secdesc for IPC$ [2007/11/30 08:57:32.110423, 10, pid=5599] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/11/30 08:57:32.110443, 10, pid=5599] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-2274471336-3138038065-606154707-501. [2007/11/30 08:57:32.110467, 3, pid=5599] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:57:32.110479, 3, pid=5599] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2007/11/30 08:57:32.110530, 5, pid=5599] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2007/11/30 08:57:32.110551, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (514, 514) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.110569, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-501 contains 4 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:32.110630, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 514 Primary group is 514 and contains 0 supplementary groups [2007/11/30 08:57:32.110676, 5, pid=5599] smbd/uid.c:change_to_user(273) change_to_user uid=(514,514) gid=(0,514) [2007/11/30 08:57:32.110704, 3, pid=5599] smbd/service.c:make_connection_snum(1033) kyoko (192.168.64.5) connect to service IPC$ initially as user guest (uid=514, gid=514) (pid 5599) [2007/11/30 08:57:32.110727, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.110745, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.110762, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.110810, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:32.110833, 3, pid=5599] smbd/reply.c:reply_tcon_and_X(574) tconX service=IPC$ [2007/11/30 08:57:32.110852, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:57:32.110864, 5, pid=5599] lib/util.c:show_msg(516) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=9984 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2007/11/30 08:57:32.110980, 10, pid=5599] lib/util.c:dump_data(2285) [000] 49 50 43 00 00 00 00 IPC.... [2007/11/30 08:57:32.111154, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 118 [2007/11/30 08:57:32.111178, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x76 [2007/11/30 08:57:32.111198, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 5 of length 122 [2007/11/30 08:57:32.111215, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:57:32.111226, 5, pid=5599] lib/util.c:show_msg(516) size=118 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=748 smb_uid=101 smb_mid=10048 smt_wct=14 smb_vwv[ 0]= 26 (0x1A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 4200 (0x1068) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 5000 (0x1388) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 26 (0x1A) smb_vwv[10]= 92 (0x5C) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=55 [2007/11/30 08:57:32.111395, 10, pid=5599] lib/util.c:dump_data(2285) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 4C 00 41 .\.P.I.P .E.\.L.A [010] 00 4E 00 4D 00 41 00 4E 00 00 00 00 00 68 00 57 .N.M.A.N .....h.W [020] 72 4C 65 68 44 4F 00 42 31 36 42 42 44 7A 00 01 rLehDO.B 16BBDz.. [030] 00 68 10 FF FF FF FF .h..... [2007/11/30 08:57:32.111461, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBtrans (pid 5599) conn 0x555555c19c20 [2007/11/30 08:57:32.111483, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (514, 514) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.111505, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-501 contains 4 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:57:32.111566, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 514 Primary group is 514 and contains 0 supplementary groups [2007/11/30 08:57:32.111610, 5, pid=5599] smbd/uid.c:change_to_user(273) change_to_user uid=(514,514) gid=(0,514) [2007/11/30 08:57:32.111636, 4, pid=5599] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to /tmp [2007/11/30 08:57:32.111676, 3, pid=5599] smbd/ipc.c:handle_trans(373) trans <\PIPE\LANMAN> data=0 params=26 setup=0 [2007/11/30 08:57:32.111705, 5, pid=5599] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/11/30 08:57:32.111723, 3, pid=5599] smbd/ipc.c:named_pipe(340) named pipe command on name [2007/11/30 08:57:32.111744, 3, pid=5599] smbd/lanman.c:api_reply(4406) Got API command 104 of form (tdscnt=0,tpscnt=26,mdrcnt=4200,mprcnt=8) [2007/11/30 08:57:32.111767, 3, pid=5599] smbd/lanman.c:api_reply(4410) Doing NetServerEnum [2007/11/30 08:57:32.111790, 4, pid=5599] smbd/lanman.c:api_RNetServerEnum(1335) server request level: B16BBDz 3fffffff domains_req:No local_only:No [2007/11/30 08:57:32.111836, 4, pid=5599] smbd/lanman.c:get_server_info(1104) Servertype search: 3fffffff [2007/11/30 08:57:32.111879, 4, pid=5599] smbd/lanman.c:get_server_info(1163) s: dom mismatch ZARTSOFT 80001000 ZARTSOFT [2007/11/30 08:57:32.111904, 4, pid=5599] smbd/lanman.c:get_server_info(1176) **SV** GODAI 899b2b godai ZARTSOFT [2007/11/30 08:57:32.111924, 4, pid=5599] smbd/lanman.c:api_RNetServerEnum(1371) fill_srv_info GODAI 899b2b godai ZARTSOFT [2007/11/30 08:57:32.111949, 4, pid=5599] smbd/lanman.c:api_RNetServerEnum(1408) fill_srv_info GODAI 899b2b godai ZARTSOFT [2007/11/30 08:57:32.111972, 3, pid=5599] smbd/lanman.c:api_RNetServerEnum(1426) NetServerEnum domain = ZARTSOFT uLevel=1 counted=1 total=1 [2007/11/30 08:57:32.111995, 5, pid=5599] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..8] data[0..32] [2007/11/30 08:57:32.112015, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:57:32.112027, 5, pid=5599] lib/util.c:show_msg(516) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=748 smb_uid=101 smb_mid=10048 smt_wct=10 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 64 (0x40) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2007/11/30 08:57:32.112157, 10, pid=5599] lib/util.c:dump_data(2285) [000] 00 00 00 00 00 01 00 01 00 47 4F 44 41 49 00 00 ........ .GODAI.. [010] 00 00 00 00 00 00 00 00 00 00 00 2B 9B 89 00 1A ........ ...+.... [020] 00 00 00 67 6F 64 61 69 00 ...godai . [2007/11/30 08:57:32.112347, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 39 [2007/11/30 08:57:32.112386, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x27 [2007/11/30 08:57:32.112406, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 6 of length 43 [2007/11/30 08:57:32.112423, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:57:32.112435, 5, pid=5599] lib/util.c:show_msg(516) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=10112 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2007/11/30 08:57:32.112527, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBulogoffX (pid 5599) conn 0x0 [2007/11/30 08:57:32.112547, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.112565, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.112583, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.112626, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:32.112655, 3, pid=5599] smbd/reply.c:reply_ulogoffX(1560) ulogoffX vuid=101 [2007/11/30 08:57:32.112673, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:57:32.112685, 5, pid=5599] lib/util.c:show_msg(516) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=10112 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2007/11/30 08:57:32.112922, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/11/30 08:57:32.112945, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x23 [2007/11/30 08:57:32.112963, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 7 of length 39 [2007/11/30 08:57:32.112982, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:57:32.112993, 5, pid=5599] lib/util.c:show_msg(516) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=10176 smt_wct=0 smb_bcc=0 [2007/11/30 08:57:32.113067, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBtdis (pid 5599) conn 0x555555c19c20 [2007/11/30 08:57:32.113086, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.113104, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.113120, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.113148, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:32.113174, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.113192, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.113209, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.113236, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:32.113256, 3, pid=5599] smbd/service.c:close_cnum(1230) kyoko (192.168.64.5) closed connection to service IPC$ [2007/11/30 08:57:32.113278, 3, pid=5599] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2007/11/30 08:57:32.113311, 4, pid=5599] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to / [2007/11/30 08:57:32.113332, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:57:32.113350, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:57:32.113383, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:57:32.113412, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:57:32.113437, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:57:32.113450, 5, pid=5599] lib/util.c:show_msg(516) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=10176 smt_wct=0 smb_bcc=0 [2007/11/30 08:58:02.099867, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 278 [2007/11/30 08:58:02.099916, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x116 [2007/11/30 08:58:02.099937, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 8 of length 282 [2007/11/30 08:58:02.099955, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.099967, 5, pid=5599] lib/util.c:show_msg(516) size=278 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=10240 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 278 (0x116) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=219 [2007/11/30 08:58:02.100109, 10, pid=5599] lib/util.c:dump_data(2285) [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 82 .(NTLMSS P....... [030] 08 A2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 05 02 CE 0E 00 00 00 0F 00 57 00 69 00 6E ........ ...W.i.n [050] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [060] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [070] 00 20 00 52 00 32 00 20 00 33 00 37 00 39 00 30 . .R.2. .3.7.9.0 [080] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [090] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [0A0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0B0] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r. [0C0] 00 32 00 30 00 30 00 33 00 20 00 52 00 32 00 20 .2.0.0.3 . .R.2. [0D0] 00 35 00 2E 00 32 00 00 00 00 00 .5...2.. ... [2007/11/30 08:58:02.100310, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5599) conn 0x0 [2007/11/30 08:58:02.100330, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.100349, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.100367, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.100398, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.100421, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc807 [2007/11/30 08:58:02.100440, 2, pid=5599] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/11/30 08:58:02.100458, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 08:58:02.100478, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 R2 5.2] [2007/11/30 08:58:02.100502, 10, pid=5599] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 102 [2007/11/30 08:58:02.100544, 10, pid=5599] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 74, pblob->length = 74 [2007/11/30 08:58:02.100575, 5, pid=5599] smbd/sesssetup.c:parse_spnego_mechanisms(667) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2007/11/30 08:58:02.100593, 3, pid=5599] smbd/sesssetup.c:reply_spnego_negotiate(697) reply_spnego_negotiate: Got secblob of size 40 [2007/11/30 08:58:02.100617, 5, pid=5599] auth/auth.c:make_auth_context_subsystem(483) Making default auth method list for DC, security=user, encrypt passwords = yes [2007/11/30 08:58:02.100641, 5, pid=5599] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match guest [2007/11/30 08:58:02.100661, 5, pid=5599] auth/auth.c:load_auth_module(416) load_auth_module: auth method guest has a valid init [2007/11/30 08:58:02.100679, 5, pid=5599] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match sam [2007/11/30 08:58:02.100698, 5, pid=5599] auth/auth.c:load_auth_module(416) load_auth_module: auth method sam has a valid init [2007/11/30 08:58:02.100716, 5, pid=5599] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2007/11/30 08:58:02.100735, 5, pid=5599] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match trustdomain [2007/11/30 08:58:02.100757, 5, pid=5599] auth/auth.c:load_auth_module(416) load_auth_module: auth method trustdomain has a valid init [2007/11/30 08:58:02.100775, 5, pid=5599] auth/auth.c:load_auth_module(416) load_auth_module: auth method winbind has a valid init [2007/11/30 08:58:02.100796, 3, pid=5599] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xa2088207 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_56 [2007/11/30 08:58:02.100856, 5, pid=5599] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module guest did not want to specify a challenge [2007/11/30 08:58:02.100874, 5, pid=5599] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module sam did not want to specify a challenge [2007/11/30 08:58:02.100891, 5, pid=5599] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module winbind did not want to specify a challenge [2007/11/30 08:58:02.100923, 5, pid=5599] auth/auth.c:get_ntlm_challenge(137) auth_context challenge created by random [2007/11/30 08:58:02.100940, 5, pid=5599] auth/auth.c:get_ntlm_challenge(138) challenge is: [2007/11/30 08:58:02.100957, 5, pid=5599] lib/util.c:dump_data(2285) [000] 07 7E 3A D0 9C BE 02 C9 .~:..... [2007/11/30 08:58:02.101000, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.101014, 5, pid=5599] lib/util.c:show_msg(516) size=332 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=10240 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 221 (0xDD) smb_bcc=289 [2007/11/30 08:58:02.101112, 10, pid=5599] lib/util.c:dump_data(2285) [000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 10 00 10 00 30 TLMSSP.. .......0 [030] 00 00 00 05 82 89 A2 07 7E 3A D0 9C BE 02 C9 00 ........ ~:...... [040] 00 00 00 00 00 00 00 7E 00 7E 00 40 00 00 00 5A .......~ .~.@...Z [050] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 02 .A.R.T.S .O.F.T.. [060] 00 10 00 5A 00 41 00 52 00 54 00 53 00 4F 00 46 ...Z.A.R .T.S.O.F [070] 00 54 00 01 00 0A 00 47 00 4F 00 44 00 41 00 49 .T.....G .O.D.A.I [080] 00 04 00 22 00 6C 00 6F 00 63 00 61 00 6C 00 2E ...".l.o .c.a.l.. [090] 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 00 74 .z.a.r.t .s.o.f.t [0A0] 00 2E 00 72 00 75 00 03 00 2E 00 67 00 6F 00 64 ...r.u.. ...g.o.d [0B0] 00 61 00 69 00 2E 00 6C 00 6F 00 63 00 61 00 6C .a.i...l .o.c.a.l [0C0] 00 2E 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 ...z.a.r .t.s.o.f [0D0] 00 74 00 2E 00 72 00 75 00 00 00 00 00 55 00 6E .t...r.u .....U.n [0E0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0F0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 36 00 61 . .3...0 ...2.6.a [100] 00 2D 00 30 00 2E 00 66 00 63 00 37 00 00 00 5A .-.0...f .c.7...Z [110] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 00 .A.R.T.S .O.F.T.. [120] 00 . [2007/11/30 08:58:02.101659, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 294 [2007/11/30 08:58:02.101684, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x126 [2007/11/30 08:58:02.101703, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 9 of length 298 [2007/11/30 08:58:02.101720, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.101732, 5, pid=5599] lib/util.c:show_msg(516) size=294 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=10304 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 294 (0x126) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 91 (0x5B) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=235 [2007/11/30 08:58:02.101877, 10, pid=5599] lib/util.c:dump_data(2285) [000] A1 59 30 57 A2 55 04 53 4E 54 4C 4D 53 53 50 00 .Y0W.U.S NTLMSSP. [010] 03 00 00 00 01 00 01 00 52 00 00 00 00 00 00 00 ........ R....... [020] 53 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 S....... H....... [030] 48 00 00 00 0A 00 0A 00 48 00 00 00 00 00 00 00 H....... H....... [040] 53 00 00 00 05 8A 88 A2 05 02 CE 0E 00 00 00 0F S....... ........ [050] 4B 00 59 00 4F 00 4B 00 4F 00 00 57 00 69 00 6E K.Y.O.K. O..W.i.n [060] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [070] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [080] 00 20 00 52 00 32 00 20 00 33 00 37 00 39 00 30 . .R.2. .3.7.9.0 [090] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [0A0] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [0B0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0C0] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r. [0D0] 00 32 00 30 00 30 00 33 00 20 00 52 00 32 00 20 .2.0.0.3 . .R.2. [0E0] 00 35 00 2E 00 32 00 00 00 00 00 .5...2.. ... [2007/11/30 08:58:02.102088, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5599) conn 0x0 [2007/11/30 08:58:02.102107, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.102125, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.102143, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.102171, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.102192, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc807 [2007/11/30 08:58:02.102210, 2, pid=5599] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/11/30 08:58:02.102227, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 08:58:02.102246, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 R2 5.2] [2007/11/30 08:58:02.102280, 10, pid=5599] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 91, pblob->length = 91 [2007/11/30 08:58:02.102305, 3, pid=5599] libsmb/ntlmssp.c:ntlmssp_server_auth(739) Got user=[] domain=[] workstation=[KYOKO] len1=1 len2=0 [2007/11/30 08:58:02.102342, 6, pid=5599] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:58:02.102386, 5, pid=5599] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user []\[] from workstation [KYOKO] [2007/11/30 08:58:02.102405, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.102424, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:58:02.102442, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.102460, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.102476, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.102504, 5, pid=5599] auth/auth_util.c:is_trusted_domain(2198) is_trusted_domain: Checking for domain trust with [ZARTSOFT] [2007/11/30 08:58:02.102534, 5, pid=5599] passdb/secrets.c:secrets_fetch_trusted_domain_password(473) secrets_fetch failed! [2007/11/30 08:58:02.102558, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.102584, 10, pid=5599] lib/gencache.c:gencache_get(212) Cache entry with key = TDOM/ZARTSOFT couldn't be found [2007/11/30 08:58:02.102603, 5, pid=5599] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain ZARTSOFT found. [2007/11/30 08:58:02.102622, 5, pid=5599] auth/auth_util.c:make_user_info(75) attempting to make a user_info for () [2007/11/30 08:58:02.102640, 5, pid=5599] auth/auth_util.c:make_user_info(85) making strings for 's user_info struct [2007/11/30 08:58:02.102658, 5, pid=5599] auth/auth_util.c:make_user_info(117) making blobs for 's user_info struct [2007/11/30 08:58:02.102675, 10, pid=5599] auth/auth_util.c:make_user_info(135) made an encrypted user_info for () [2007/11/30 08:58:02.102693, 3, pid=5599] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user []\[]@[KYOKO] with the new password interface [2007/11/30 08:58:02.102712, 3, pid=5599] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [ZARTSOFT]\[]@[KYOKO] [2007/11/30 08:58:02.102729, 10, pid=5599] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by random [2007/11/30 08:58:02.102747, 10, pid=5599] auth/auth.c:check_ntlm_password(235) challenge is: [2007/11/30 08:58:02.102769, 5, pid=5599] lib/util.c:dump_data(2285) [000] 07 7E 3A D0 9C BE 02 C9 .~:..... [2007/11/30 08:58:02.102803, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.102823, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:58:02.102841, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.102859, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.102876, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.102910, 10, pid=5599] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 08:58:02.102934, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.102961, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_username(581) pdb_set_username: setting username guest, was [2007/11/30 08:58:02.102996, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_domain(604) pdb_set_domain: setting domain ZARTSOFT, was [2007/11/30 08:58:02.103015, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_nt_username(627) pdb_set_nt_username: setting nt username , was [2007/11/30 08:58:02.103034, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_fullname(650) pdb_set_full_name: setting full name , was [2007/11/30 08:58:02.103054, 4, pid=5599] lib/substitute.c:automount_server(407) Home server: godai [2007/11/30 08:58:02.103081, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_homedir(743) pdb_set_homedir: setting home dir \\godai\guest, was [2007/11/30 08:58:02.103100, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_dir_drive(719) pdb_set_dir_drive: setting dir drive , was NULL [2007/11/30 08:58:02.103119, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_logon_script(673) pdb_set_logon_script: setting logon script , was [2007/11/30 08:58:02.103137, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_profile_path(696) pdb_set_profile_path: setting profile path , was [2007/11/30 08:58:02.103156, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_workstations(786) pdb_set_workstations: setting workstations , was [2007/11/30 08:58:02.103175, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.103194, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:58:02.103211, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.103228, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.103245, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.103278, 10, pid=5599] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 08:58:02.103301, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.103322, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_user_sid(510) pdb_set_user_sid: setting user sid S-1-5-21-2274471336-3138038065-606154707-501 [2007/11/30 08:58:02.103343, 10, pid=5599] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2274471336-3138038065-606154707-501 from rid 501 [2007/11/30 08:58:02.103373, 3, pid=5599] auth/auth.c:check_ntlm_password(270) check_ntlm_password: guest authentication for user [] succeeded [2007/11/30 08:58:02.103394, 5, pid=5599] auth/auth.c:check_ntlm_password(309) check_ntlm_password: guest authentication for user [] -> [] -> [guest] succeeded [2007/11/30 08:58:02.103412, 5, pid=5599] auth/auth_util.c:free_user_info(2045) attempting to free (and zero) a user_info structure [2007/11/30 08:58:02.103430, 10, pid=5599] auth/auth_util.c:free_user_info(2049) structure was created for [2007/11/30 08:58:02.103449, 10, pid=5599] auth/auth_util.c:create_local_nt_token(844) Create local NT token for S-1-5-21-2274471336-3138038065-606154707-501 [2007/11/30 08:58:02.103473, 3, pid=5599] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777218 -> S-1-5-32-544 [2007/11/30 08:58:02.103493, 3, pid=5599] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777219 -> S-1-5-32-545 [2007/11/30 08:58:02.103559, 3, pid=5599] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2274471336-3138038065-606154707-501] [2007/11/30 08:58:02.103587, 5, pid=5599] lib/privileges.c:get_privileges_for_sids(460) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:58:02.103622, 3, pid=5599] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2007/11/30 08:58:02.103647, 3, pid=5599] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2007/11/30 08:58:02.103703, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.103722, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:58:02.103740, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.103763, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.103780, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.103818, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.103838, 10, pid=5599] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-1-0 [2007/11/30 08:58:02.103857, 10, pid=5599] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-1-0 to gid, ignoring it [2007/11/30 08:58:02.103893, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.103912, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:58:02.103929, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.103946, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.103962, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.103999, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.104019, 10, pid=5599] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-5-2 [2007/11/30 08:58:02.104037, 10, pid=5599] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-2 to gid, ignoring it [2007/11/30 08:58:02.104074, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.104093, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:58:02.104111, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.104128, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.104145, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.104182, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.104202, 10, pid=5599] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-5-32-546 [2007/11/30 08:58:02.104221, 10, pid=5599] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-32-546 to gid, ignoring it [2007/11/30 08:58:02.104240, 10, pid=5599] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-501 contains 4 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:58:02.104303, 10, pid=5599] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2007/11/30 08:58:02.104321, 10, pid=5599] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144) Got LM session key of length 16 [2007/11/30 08:58:02.104339, 10, pid=5599] libsmb/ntlmssp.c:ntlmssp_server_auth(841) ntlmssp_server_auth: Using unmodified nt session key. [2007/11/30 08:58:02.104358, 3, pid=5599] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2007/11/30 08:58:02.104375, 3, pid=5599] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xa2088205 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_56 [2007/11/30 08:58:02.104463, 10, pid=5599] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 103 [2007/11/30 08:58:02.104484, 10, pid=5599] lib/util_pw.c:getpwnam_alloc(76) Got guest from pwnam_cache [2007/11/30 08:58:02.104502, 10, pid=5599] smbd/password.c:register_vuid(277) register_vuid: (514,514) guest ZARTSOFT guest=1 [2007/11/30 08:58:02.104521, 3, pid=5599] smbd/password.c:register_vuid(280) User name: guest Real name: [2007/11/30 08:58:02.104539, 3, pid=5599] smbd/password.c:register_vuid(301) UNIX uid 514 is UNIX user guest, and will be vuid 103 [2007/11/30 08:58:02.104568, 6, pid=5599] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:58:02.104610, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.104622, 5, pid=5599] lib/util.c:show_msg(516) size=120 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=103 smb_mid=10304 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=77 [2007/11/30 08:58:02.104718, 10, pid=5599] lib/util.c:dump_data(2285) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 36 00 61 00 2D 00 30 ...0...2 .6.a.-.0 [030] 00 2E 00 66 00 63 00 37 00 00 00 5A 00 41 00 52 ...f.c.7 ...Z.A.R [040] 00 54 00 53 00 4F 00 46 00 54 00 00 00 .T.S.O.F .T... [2007/11/30 08:58:02.105057, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 76 [2007/11/30 08:58:02.105082, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x4c [2007/11/30 08:58:02.105101, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 10 of length 80 [2007/11/30 08:58:02.105119, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.105130, 5, pid=5599] lib/util.c:show_msg(516) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=103 smb_mid=10368 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2007/11/30 08:58:02.105227, 10, pid=5599] lib/util.c:dump_data(2285) [000] 00 5C 00 5C 00 47 00 4F 00 44 00 41 00 49 00 5C .\.\.G.O .D.A.I.\ [010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [020] 00 . [2007/11/30 08:58:02.105275, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBtconX (pid 5599) conn 0x0 [2007/11/30 08:58:02.105294, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.105312, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.105329, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.105357, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.105380, 4, pid=5599] smbd/reply.c:reply_tcon_and_X(506) Client requested device type [?????] for share [IPC$] [2007/11/30 08:58:02.105404, 5, pid=5599] smbd/service.c:make_connection(1205) making a connection to 'normal' service ipc$ [2007/11/30 08:58:02.105432, 5, pid=5599] lib/username.c:Get_Pwnam_alloc(131) Finding user guest [2007/11/30 08:58:02.105451, 5, pid=5599] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is guest [2007/11/30 08:58:02.105468, 10, pid=5599] lib/util_pw.c:getpwnam_alloc(76) Got guest from pwnam_cache [2007/11/30 08:58:02.105502, 5, pid=5599] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [guest]! [2007/11/30 08:58:02.105531, 10, pid=5599] smbd/service.c:set_conn_connectpath(156) set_conn_connectpath: service IPC$, connectpath = /tmp [2007/11/30 08:58:02.105551, 3, pid=5599] smbd/service.c:make_connection_snum(806) Connect path is '/tmp' for service [IPC$] [2007/11/30 08:58:02.105577, 4, pid=5599] lib/sharesec.c:get_share_security(132) get_share_security: using default secdesc for IPC$ [2007/11/30 08:58:02.105596, 10, pid=5599] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/11/30 08:58:02.105616, 10, pid=5599] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 4 entries and first sid S-1-5-21-2274471336-3138038065-606154707-501. [2007/11/30 08:58:02.105639, 3, pid=5599] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:58:02.105651, 3, pid=5599] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2007/11/30 08:58:02.105700, 5, pid=5599] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2007/11/30 08:58:02.105718, 3, pid=5599] smbd/vfs.c:vfs_init_default(95) Initialising default vfs hooks [2007/11/30 08:58:02.105737, 3, pid=5599] smbd/vfs.c:vfs_init_custom(128) Initialising custom vfs hooks from [/[Default VFS]/] Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2007/11/30 08:58:02.105769, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2007/11/30 08:58:02.105798, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2007/11/30 08:58:02.105826, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2007/11/30 08:58:02.105855, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2007/11/30 08:58:02.105884, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2007/11/30 08:58:02.105913, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2007/11/30 08:58:02.105955, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2007/11/30 08:58:02.105985, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2007/11/30 08:58:02.106012, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2007/11/30 08:58:02.106040, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2007/11/30 08:58:02.106085, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2007/11/30 08:58:02.106115, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2007/11/30 08:58:02.106144, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2007/11/30 08:58:02.106173, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2007/11/30 08:58:02.106202, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2007/11/30 08:58:02.106231, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2007/11/30 08:58:02.106260, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2007/11/30 08:58:02.106289, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2007/11/30 08:58:02.106318, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2007/11/30 08:58:02.106347, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2007/11/30 08:58:02.106375, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2007/11/30 08:58:02.106404, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2007/11/30 08:58:02.106433, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2007/11/30 08:58:02.106462, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2007/11/30 08:58:02.106493, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2007/11/30 08:58:02.106522, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2007/11/30 08:58:02.106551, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2007/11/30 08:58:02.106579, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2007/11/30 08:58:02.106623, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2007/11/30 08:58:02.106652, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2007/11/30 08:58:02.106685, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2007/11/30 08:58:02.106714, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2007/11/30 08:58:02.106743, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2007/11/30 08:58:02.106775, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2007/11/30 08:58:02.106805, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2007/11/30 08:58:02.106834, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2007/11/30 08:58:02.106862, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2007/11/30 08:58:02.106891, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2007/11/30 08:58:02.106920, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2007/11/30 08:58:02.106949, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2007/11/30 08:58:02.106977, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2007/11/30 08:58:02.107006, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2007/11/30 08:58:02.107035, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2007/11/30 08:58:02.107064, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2007/11/30 08:58:02.107093, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2007/11/30 08:58:02.107137, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2007/11/30 08:58:02.107167, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2007/11/30 08:58:02.107196, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2007/11/30 08:58:02.107224, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2007/11/30 08:58:02.107253, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2007/11/30 08:58:02.107282, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2007/11/30 08:58:02.107311, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2007/11/30 08:58:02.107339, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2007/11/30 08:58:02.107368, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2007/11/30 08:58:02.107397, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2007/11/30 08:58:02.107426, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2007/11/30 08:58:02.107454, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2007/11/30 08:58:02.107482, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2007/11/30 08:58:02.107511, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2007/11/30 08:58:02.107543, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2007/11/30 08:58:02.107571, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2007/11/30 08:58:02.107600, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2007/11/30 08:58:02.107629, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2007/11/30 08:58:02.107670, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2007/11/30 08:58:02.107699, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2007/11/30 08:58:02.107728, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2007/11/30 08:58:02.107760, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2007/11/30 08:58:02.107789, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2007/11/30 08:58:02.107817, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2007/11/30 08:58:02.107846, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2007/11/30 08:58:02.107875, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2007/11/30 08:58:02.107903, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2007/11/30 08:58:02.107932, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2007/11/30 08:58:02.107961, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2007/11/30 08:58:02.107990, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2007/11/30 08:58:02.108019, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2007/11/30 08:58:02.108048, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2007/11/30 08:58:02.108077, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2007/11/30 08:58:02.108105, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2007/11/30 08:58:02.108134, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2007/11/30 08:58:02.108178, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2007/11/30 08:58:02.108207, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2007/11/30 08:58:02.108236, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2007/11/30 08:58:02.108264, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2007/11/30 08:58:02.108293, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2007/11/30 08:58:02.108321, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2007/11/30 08:58:02.108349, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2007/11/30 08:58:02.108378, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2007/11/30 08:58:02.108409, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2007/11/30 08:58:02.108437, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2007/11/30 08:58:02.108466, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2007/11/30 08:58:02.108495, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2007/11/30 08:58:02.108524, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2007/11/30 08:58:02.108552, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2007/11/30 08:58:02.108580, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2007/11/30 08:58:02.108611, 5, pid=5599] smbd/connection.c:claim_connection(182) claiming IPC$ 0 [2007/11/30 08:58:02.108645, 10, pid=5599] smbd/share_access.c:user_ok_token(232) user_ok_token: share IPC$ is ok for unix user guest [2007/11/30 08:58:02.108665, 10, pid=5599] smbd/share_access.c:is_share_read_only_for_token(274) is_share_read_only_for_user: share IPC$ is read-only for unix user guest [2007/11/30 08:58:02.108692, 4, pid=5599] lib/sharesec.c:get_share_security(132) get_share_security: using default secdesc for IPC$ [2007/11/30 08:58:02.108724, 10, pid=5599] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/11/30 08:58:02.108745, 10, pid=5599] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-2274471336-3138038065-606154707-501. [2007/11/30 08:58:02.108773, 3, pid=5599] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:58:02.108785, 3, pid=5599] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2007/11/30 08:58:02.108834, 5, pid=5599] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2007/11/30 08:58:02.108854, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (514, 514) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.108873, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-501 contains 4 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:58:02.108933, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 514 Primary group is 514 and contains 0 supplementary groups [2007/11/30 08:58:02.108983, 5, pid=5599] smbd/uid.c:change_to_user(273) change_to_user uid=(514,514) gid=(0,514) [2007/11/30 08:58:02.109010, 3, pid=5599] smbd/service.c:make_connection_snum(1033) kyoko (192.168.64.5) connect to service IPC$ initially as user guest (uid=514, gid=514) (pid 5599) [2007/11/30 08:58:02.109033, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.109052, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.109069, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.109117, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.109140, 3, pid=5599] smbd/reply.c:reply_tcon_and_X(574) tconX service=IPC$ [2007/11/30 08:58:02.109158, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.109170, 5, pid=5599] lib/util.c:show_msg(516) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=103 smb_mid=10368 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2007/11/30 08:58:02.109285, 10, pid=5599] lib/util.c:dump_data(2285) [000] 49 50 43 00 00 00 00 IPC.... [2007/11/30 08:58:02.109594, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 118 [2007/11/30 08:58:02.109618, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x76 [2007/11/30 08:58:02.109637, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 11 of length 122 [2007/11/30 08:58:02.109655, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.109666, 5, pid=5599] lib/util.c:show_msg(516) size=118 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=748 smb_uid=103 smb_mid=10432 smt_wct=14 smb_vwv[ 0]= 26 (0x1A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 4200 (0x1068) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 5000 (0x1388) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 26 (0x1A) smb_vwv[10]= 92 (0x5C) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=55 [2007/11/30 08:58:02.109839, 10, pid=5599] lib/util.c:dump_data(2285) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 4C 00 41 .\.P.I.P .E.\.L.A [010] 00 4E 00 4D 00 41 00 4E 00 00 00 00 00 68 00 57 .N.M.A.N .....h.W [020] 72 4C 65 68 44 4F 00 42 31 36 42 42 44 7A 00 01 rLehDO.B 16BBDz.. [030] 00 68 10 FF FF FF FF .h..... [2007/11/30 08:58:02.109905, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBtrans (pid 5599) conn 0x555555c1a580 [2007/11/30 08:58:02.109926, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (514, 514) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.109946, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-501 contains 4 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:58:02.110006, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 514 Primary group is 514 and contains 0 supplementary groups [2007/11/30 08:58:02.110048, 5, pid=5599] smbd/uid.c:change_to_user(273) change_to_user uid=(514,514) gid=(0,514) [2007/11/30 08:58:02.110070, 4, pid=5599] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to /tmp [2007/11/30 08:58:02.110093, 3, pid=5599] smbd/ipc.c:handle_trans(373) trans <\PIPE\LANMAN> data=0 params=26 setup=0 [2007/11/30 08:58:02.110121, 5, pid=5599] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/11/30 08:58:02.110140, 3, pid=5599] smbd/ipc.c:named_pipe(340) named pipe command on name [2007/11/30 08:58:02.110158, 3, pid=5599] smbd/lanman.c:api_reply(4406) Got API command 104 of form (tdscnt=0,tpscnt=26,mdrcnt=4200,mprcnt=8) [2007/11/30 08:58:02.110178, 3, pid=5599] smbd/lanman.c:api_reply(4410) Doing NetServerEnum [2007/11/30 08:58:02.110198, 4, pid=5599] smbd/lanman.c:api_RNetServerEnum(1335) server request level: B16BBDz 3fffffff domains_req:No local_only:No [2007/11/30 08:58:02.110241, 4, pid=5599] smbd/lanman.c:get_server_info(1104) Servertype search: 3fffffff [2007/11/30 08:58:02.110269, 4, pid=5599] smbd/lanman.c:get_server_info(1163) s: dom mismatch ZARTSOFT 80001000 GODAI ZARTSOFT [2007/11/30 08:58:02.110293, 4, pid=5599] smbd/lanman.c:get_server_info(1176) **SV** GODAI 8d9b2b godai ZARTSOFT [2007/11/30 08:58:02.110316, 4, pid=5599] smbd/lanman.c:get_server_info(1176) **SV** AKARI 809003 ZARTSOFT [2007/11/30 08:58:02.110338, 4, pid=5599] smbd/lanman.c:get_server_info(1176) **SV** KYOKO 829003 ZARTSOFT [2007/11/30 08:58:02.110443, 4, pid=5599] smbd/lanman.c:api_RNetServerEnum(1371) fill_srv_info AKARI 809003 ZARTSOFT [2007/11/30 08:58:02.110466, 4, pid=5599] smbd/lanman.c:api_RNetServerEnum(1371) fill_srv_info GODAI 8d9b2b godai ZARTSOFT [2007/11/30 08:58:02.110485, 4, pid=5599] smbd/lanman.c:api_RNetServerEnum(1371) fill_srv_info KYOKO 829003 ZARTSOFT [2007/11/30 08:58:02.110506, 4, pid=5599] smbd/lanman.c:api_RNetServerEnum(1408) fill_srv_info AKARI 809003 ZARTSOFT [2007/11/30 08:58:02.110525, 4, pid=5599] smbd/lanman.c:api_RNetServerEnum(1408) fill_srv_info GODAI 8d9b2b godai ZARTSOFT [2007/11/30 08:58:02.110544, 4, pid=5599] smbd/lanman.c:api_RNetServerEnum(1408) fill_srv_info KYOKO 829003 ZARTSOFT [2007/11/30 08:58:02.110567, 3, pid=5599] smbd/lanman.c:api_RNetServerEnum(1426) NetServerEnum domain = ZARTSOFT uLevel=1 counted=3 total=3 [2007/11/30 08:58:02.110587, 5, pid=5599] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..8] data[0..86] [2007/11/30 08:58:02.110622, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.110634, 5, pid=5599] lib/util.c:show_msg(516) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=748 smb_uid=103 smb_mid=10432 smt_wct=10 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]= 86 (0x56) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 86 (0x56) smb_vwv[ 7]= 64 (0x40) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=95 [2007/11/30 08:58:02.110770, 10, pid=5599] lib/util.c:dump_data(2285) [000] 00 00 00 00 00 03 00 03 00 41 4B 41 52 49 00 00 ........ .AKARI.. [010] 00 00 00 00 00 00 00 00 00 00 00 03 90 80 00 4E ........ .......N [020] 00 00 00 47 4F 44 41 49 00 00 00 00 00 00 00 00 ...GODAI ........ [030] 00 00 00 00 00 2B 9B 8D 00 4F 00 00 00 4B 59 4F .....+.. .O...KYO [040] 4B 4F 00 00 00 00 00 00 00 00 00 00 00 00 00 03 KO...... ........ [050] 90 82 00 55 00 00 00 00 67 6F 64 61 69 00 00 ...U.... godai.. [2007/11/30 08:58:02.110986, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 39 [2007/11/30 08:58:02.111010, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x27 [2007/11/30 08:58:02.111029, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 12 of length 43 [2007/11/30 08:58:02.111048, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.111060, 5, pid=5599] lib/util.c:show_msg(516) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=103 smb_mid=10496 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2007/11/30 08:58:02.111144, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBulogoffX (pid 5599) conn 0x0 [2007/11/30 08:58:02.111163, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.111181, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.111198, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.111242, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.111271, 3, pid=5599] smbd/reply.c:reply_ulogoffX(1560) ulogoffX vuid=103 [2007/11/30 08:58:02.111290, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.111302, 5, pid=5599] lib/util.c:show_msg(516) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=103 smb_mid=10496 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2007/11/30 08:58:02.111562, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/11/30 08:58:02.111585, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x23 [2007/11/30 08:58:02.111603, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 13 of length 39 [2007/11/30 08:58:02.111620, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.111632, 5, pid=5599] lib/util.c:show_msg(516) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=103 smb_mid=10560 smt_wct=0 smb_bcc=0 [2007/11/30 08:58:02.111706, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBtdis (pid 5599) conn 0x555555c1a580 [2007/11/30 08:58:02.111725, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.111743, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.111764, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.111808, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.111831, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.111849, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.111865, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.111892, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.111912, 3, pid=5599] smbd/service.c:close_cnum(1230) kyoko (192.168.64.5) closed connection to service IPC$ [2007/11/30 08:58:02.111934, 3, pid=5599] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2007/11/30 08:58:02.111966, 4, pid=5599] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to / [2007/11/30 08:58:02.111987, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.112005, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.112022, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.112050, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.112075, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.112088, 5, pid=5599] lib/util.c:show_msg(516) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=103 smb_mid=10560 smt_wct=0 smb_bcc=0 [2007/11/30 08:58:02.112631, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 278 [2007/11/30 08:58:02.112655, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x116 [2007/11/30 08:58:02.112673, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 14 of length 282 [2007/11/30 08:58:02.112690, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.112702, 5, pid=5599] lib/util.c:show_msg(516) size=278 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=10624 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 278 (0x116) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=219 [2007/11/30 08:58:02.112854, 10, pid=5599] lib/util.c:dump_data(2285) [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 82 .(NTLMSS P....... [030] 08 A2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 05 02 CE 0E 00 00 00 0F 00 57 00 69 00 6E ........ ...W.i.n [050] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [060] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [070] 00 20 00 52 00 32 00 20 00 33 00 37 00 39 00 30 . .R.2. .3.7.9.0 [080] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [090] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [0A0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0B0] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r. [0C0] 00 32 00 30 00 30 00 33 00 20 00 52 00 32 00 20 .2.0.0.3 . .R.2. [0D0] 00 35 00 2E 00 32 00 00 00 00 00 .5...2.. ... [2007/11/30 08:58:02.113052, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5599) conn 0x0 [2007/11/30 08:58:02.113086, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.113106, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.113123, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.113151, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.113172, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc807 [2007/11/30 08:58:02.113189, 2, pid=5599] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/11/30 08:58:02.113207, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 08:58:02.113227, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 R2 5.2] [2007/11/30 08:58:02.113248, 10, pid=5599] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 104 [2007/11/30 08:58:02.113268, 10, pid=5599] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 74, pblob->length = 74 [2007/11/30 08:58:02.113295, 5, pid=5599] smbd/sesssetup.c:parse_spnego_mechanisms(667) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2007/11/30 08:58:02.113313, 3, pid=5599] smbd/sesssetup.c:reply_spnego_negotiate(697) reply_spnego_negotiate: Got secblob of size 40 [2007/11/30 08:58:02.113335, 5, pid=5599] auth/auth.c:make_auth_context_subsystem(483) Making default auth method list for DC, security=user, encrypt passwords = yes [2007/11/30 08:58:02.113357, 5, pid=5599] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match guest [2007/11/30 08:58:02.113376, 5, pid=5599] auth/auth.c:load_auth_module(416) load_auth_module: auth method guest has a valid init [2007/11/30 08:58:02.113394, 5, pid=5599] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match sam [2007/11/30 08:58:02.113412, 5, pid=5599] auth/auth.c:load_auth_module(416) load_auth_module: auth method sam has a valid init [2007/11/30 08:58:02.113430, 5, pid=5599] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2007/11/30 08:58:02.113449, 5, pid=5599] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match trustdomain [2007/11/30 08:58:02.113467, 5, pid=5599] auth/auth.c:load_auth_module(416) load_auth_module: auth method trustdomain has a valid init [2007/11/30 08:58:02.113485, 5, pid=5599] auth/auth.c:load_auth_module(416) load_auth_module: auth method winbind has a valid init [2007/11/30 08:58:02.113504, 3, pid=5599] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xa2088207 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_56 [2007/11/30 08:58:02.113563, 5, pid=5599] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module guest did not want to specify a challenge [2007/11/30 08:58:02.113582, 5, pid=5599] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module sam did not want to specify a challenge [2007/11/30 08:58:02.113599, 5, pid=5599] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module winbind did not want to specify a challenge [2007/11/30 08:58:02.113623, 5, pid=5599] auth/auth.c:get_ntlm_challenge(137) auth_context challenge created by random [2007/11/30 08:58:02.113640, 5, pid=5599] auth/auth.c:get_ntlm_challenge(138) challenge is: [2007/11/30 08:58:02.113657, 5, pid=5599] lib/util.c:dump_data(2285) [000] 55 43 A5 36 A9 17 4B 2A UC.6..K* [2007/11/30 08:58:02.113712, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.113726, 5, pid=5599] lib/util.c:show_msg(516) size=332 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=104 smb_mid=10624 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 221 (0xDD) smb_bcc=289 [2007/11/30 08:58:02.113827, 10, pid=5599] lib/util.c:dump_data(2285) [000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 10 00 10 00 30 TLMSSP.. .......0 [030] 00 00 00 05 82 89 A2 55 43 A5 36 A9 17 4B 2A 00 .......U C.6..K*. [040] 00 00 00 00 00 00 00 7E 00 7E 00 40 00 00 00 5A .......~ .~.@...Z [050] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 02 .A.R.T.S .O.F.T.. [060] 00 10 00 5A 00 41 00 52 00 54 00 53 00 4F 00 46 ...Z.A.R .T.S.O.F [070] 00 54 00 01 00 0A 00 47 00 4F 00 44 00 41 00 49 .T.....G .O.D.A.I [080] 00 04 00 22 00 6C 00 6F 00 63 00 61 00 6C 00 2E ...".l.o .c.a.l.. [090] 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 00 74 .z.a.r.t .s.o.f.t [0A0] 00 2E 00 72 00 75 00 03 00 2E 00 67 00 6F 00 64 ...r.u.. ...g.o.d [0B0] 00 61 00 69 00 2E 00 6C 00 6F 00 63 00 61 00 6C .a.i...l .o.c.a.l [0C0] 00 2E 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 ...z.a.r .t.s.o.f [0D0] 00 74 00 2E 00 72 00 75 00 00 00 00 00 55 00 6E .t...r.u .....U.n [0E0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0F0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 36 00 61 . .3...0 ...2.6.a [100] 00 2D 00 30 00 2E 00 66 00 63 00 37 00 00 00 5A .-.0...f .c.7...Z [110] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 00 .A.R.T.S .O.F.T.. [120] 00 . [2007/11/30 08:58:02.114443, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 294 [2007/11/30 08:58:02.114467, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x126 [2007/11/30 08:58:02.114486, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 15 of length 298 [2007/11/30 08:58:02.114503, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.114515, 5, pid=5599] lib/util.c:show_msg(516) size=294 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=104 smb_mid=10688 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 294 (0x126) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 91 (0x5B) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=235 [2007/11/30 08:58:02.114656, 10, pid=5599] lib/util.c:dump_data(2285) [000] A1 59 30 57 A2 55 04 53 4E 54 4C 4D 53 53 50 00 .Y0W.U.S NTLMSSP. [010] 03 00 00 00 01 00 01 00 52 00 00 00 00 00 00 00 ........ R....... [020] 53 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 S....... H....... [030] 48 00 00 00 0A 00 0A 00 48 00 00 00 00 00 00 00 H....... H....... [040] 53 00 00 00 05 8A 88 A2 05 02 CE 0E 00 00 00 0F S....... ........ [050] 4B 00 59 00 4F 00 4B 00 4F 00 00 57 00 69 00 6E K.Y.O.K. O..W.i.n [060] 00 64 00 6F 00 77 00 73 00 20 00 53 00 65 00 72 .d.o.w.s . .S.e.r [070] 00 76 00 65 00 72 00 20 00 32 00 30 00 30 00 33 .v.e.r. .2.0.0.3 [080] 00 20 00 52 00 32 00 20 00 33 00 37 00 39 00 30 . .R.2. .3.7.9.0 [090] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [0A0] 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 00 . .P.a.c .k. .2.. [0B0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0C0] 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 . .S.e.r .v.e.r. [0D0] 00 32 00 30 00 30 00 33 00 20 00 52 00 32 00 20 .2.0.0.3 . .R.2. [0E0] 00 35 00 2E 00 32 00 00 00 00 00 .5...2.. ... [2007/11/30 08:58:02.114884, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5599) conn 0x0 [2007/11/30 08:58:02.114904, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.114922, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.114940, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.114968, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.114989, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc807 [2007/11/30 08:58:02.115006, 2, pid=5599] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/11/30 08:58:02.115024, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 08:58:02.115043, 3, pid=5599] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 R2 5.2] [2007/11/30 08:58:02.115064, 10, pid=5599] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 91, pblob->length = 91 [2007/11/30 08:58:02.115087, 3, pid=5599] libsmb/ntlmssp.c:ntlmssp_server_auth(739) Got user=[] domain=[] workstation=[KYOKO] len1=1 len2=0 [2007/11/30 08:58:02.115121, 6, pid=5599] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:58:02.115162, 5, pid=5599] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user []\[] from workstation [KYOKO] [2007/11/30 08:58:02.115181, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.115200, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:58:02.115218, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.115235, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.115252, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.115280, 5, pid=5599] auth/auth_util.c:is_trusted_domain(2198) is_trusted_domain: Checking for domain trust with [ZARTSOFT] [2007/11/30 08:58:02.115305, 5, pid=5599] passdb/secrets.c:secrets_fetch_trusted_domain_password(473) secrets_fetch failed! [2007/11/30 08:58:02.115329, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.115354, 10, pid=5599] lib/gencache.c:gencache_get(212) Cache entry with key = TDOM/ZARTSOFT couldn't be found [2007/11/30 08:58:02.115372, 5, pid=5599] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain ZARTSOFT found. [2007/11/30 08:58:02.115391, 5, pid=5599] auth/auth_util.c:make_user_info(75) attempting to make a user_info for () [2007/11/30 08:58:02.115408, 5, pid=5599] auth/auth_util.c:make_user_info(85) making strings for 's user_info struct [2007/11/30 08:58:02.115426, 5, pid=5599] auth/auth_util.c:make_user_info(117) making blobs for 's user_info struct [2007/11/30 08:58:02.115443, 10, pid=5599] auth/auth_util.c:make_user_info(135) made an encrypted user_info for () [2007/11/30 08:58:02.115461, 3, pid=5599] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user []\[]@[KYOKO] with the new password interface [2007/11/30 08:58:02.115480, 3, pid=5599] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [ZARTSOFT]\[]@[KYOKO] [2007/11/30 08:58:02.115498, 10, pid=5599] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by random [2007/11/30 08:58:02.115531, 10, pid=5599] auth/auth.c:check_ntlm_password(235) challenge is: [2007/11/30 08:58:02.115549, 5, pid=5599] lib/util.c:dump_data(2285) [000] 55 43 A5 36 A9 17 4B 2A UC.6..K* [2007/11/30 08:58:02.115581, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.115601, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:58:02.115619, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.115636, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.115653, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.115687, 10, pid=5599] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 08:58:02.115710, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.115736, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_username(581) pdb_set_username: setting username guest, was [2007/11/30 08:58:02.115760, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_domain(604) pdb_set_domain: setting domain ZARTSOFT, was [2007/11/30 08:58:02.115778, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_nt_username(627) pdb_set_nt_username: setting nt username , was [2007/11/30 08:58:02.115796, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_fullname(650) pdb_set_full_name: setting full name , was [2007/11/30 08:58:02.115816, 4, pid=5599] lib/substitute.c:automount_server(407) Home server: godai [2007/11/30 08:58:02.115841, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_homedir(743) pdb_set_homedir: setting home dir \\godai\guest, was [2007/11/30 08:58:02.115860, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_dir_drive(719) pdb_set_dir_drive: setting dir drive , was NULL [2007/11/30 08:58:02.115878, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_logon_script(673) pdb_set_logon_script: setting logon script , was [2007/11/30 08:58:02.115897, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_profile_path(696) pdb_set_profile_path: setting profile path , was [2007/11/30 08:58:02.115915, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_workstations(786) pdb_set_workstations: setting workstations , was [2007/11/30 08:58:02.115949, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.115968, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:58:02.115985, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.116003, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.116019, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.116052, 10, pid=5599] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 08:58:02.116076, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.116096, 10, pid=5599] passdb/pdb_get_set.c:pdb_set_user_sid(510) pdb_set_user_sid: setting user sid S-1-5-21-2274471336-3138038065-606154707-501 [2007/11/30 08:58:02.116117, 10, pid=5599] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2274471336-3138038065-606154707-501 from rid 501 [2007/11/30 08:58:02.116146, 3, pid=5599] auth/auth.c:check_ntlm_password(270) check_ntlm_password: guest authentication for user [] succeeded [2007/11/30 08:58:02.116166, 5, pid=5599] auth/auth.c:check_ntlm_password(309) check_ntlm_password: guest authentication for user [] -> [] -> [guest] succeeded [2007/11/30 08:58:02.116200, 5, pid=5599] auth/auth_util.c:free_user_info(2045) attempting to free (and zero) a user_info structure [2007/11/30 08:58:02.116219, 10, pid=5599] auth/auth_util.c:free_user_info(2049) structure was created for [2007/11/30 08:58:02.116237, 10, pid=5599] auth/auth_util.c:create_local_nt_token(844) Create local NT token for S-1-5-21-2274471336-3138038065-606154707-501 [2007/11/30 08:58:02.116261, 3, pid=5599] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777218 -> S-1-5-32-544 [2007/11/30 08:58:02.116281, 3, pid=5599] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777219 -> S-1-5-32-545 [2007/11/30 08:58:02.116346, 3, pid=5599] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2274471336-3138038065-606154707-501] [2007/11/30 08:58:02.116374, 5, pid=5599] lib/privileges.c:get_privileges_for_sids(460) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:58:02.116409, 3, pid=5599] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2007/11/30 08:58:02.116434, 3, pid=5599] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2007/11/30 08:58:02.116474, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.116493, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:58:02.116512, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.116529, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.116546, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.116582, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.116602, 10, pid=5599] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-1-0 [2007/11/30 08:58:02.116621, 10, pid=5599] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-1-0 to gid, ignoring it [2007/11/30 08:58:02.116657, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.116675, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:58:02.116692, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.116709, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.116726, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.116766, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.116786, 10, pid=5599] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-5-2 [2007/11/30 08:58:02.116804, 10, pid=5599] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-2 to gid, ignoring it [2007/11/30 08:58:02.116840, 3, pid=5599] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.116860, 3, pid=5599] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 08:58:02.116878, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 08:58:02.116895, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.116912, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.116948, 3, pid=5599] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.116983, 10, pid=5599] passdb/lookup_sid.c:legacy_sid_to_gid(1269) LEGACY: mapping failed for sid S-1-5-32-546 [2007/11/30 08:58:02.117003, 10, pid=5599] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-32-546 to gid, ignoring it [2007/11/30 08:58:02.117022, 10, pid=5599] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-501 contains 4 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:58:02.117084, 10, pid=5599] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2007/11/30 08:58:02.117103, 10, pid=5599] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144) Got LM session key of length 16 [2007/11/30 08:58:02.117121, 10, pid=5599] libsmb/ntlmssp.c:ntlmssp_server_auth(841) ntlmssp_server_auth: Using unmodified nt session key. [2007/11/30 08:58:02.117139, 3, pid=5599] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2007/11/30 08:58:02.117156, 3, pid=5599] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xa2088205 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_56 [2007/11/30 08:58:02.117228, 10, pid=5599] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 105 [2007/11/30 08:58:02.117248, 10, pid=5599] lib/util_pw.c:getpwnam_alloc(76) Got guest from pwnam_cache [2007/11/30 08:58:02.117266, 10, pid=5599] smbd/password.c:register_vuid(277) register_vuid: (514,514) guest ZARTSOFT guest=1 [2007/11/30 08:58:02.117285, 3, pid=5599] smbd/password.c:register_vuid(280) User name: guest Real name: [2007/11/30 08:58:02.117303, 3, pid=5599] smbd/password.c:register_vuid(301) UNIX uid 514 is UNIX user guest, and will be vuid 105 [2007/11/30 08:58:02.117333, 6, pid=5599] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 08:58:02.117375, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.117387, 5, pid=5599] lib/util.c:show_msg(516) size=120 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=105 smb_mid=10688 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=77 [2007/11/30 08:58:02.117482, 10, pid=5599] lib/util.c:dump_data(2285) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 36 00 61 00 2D 00 30 ...0...2 .6.a.-.0 [030] 00 2E 00 66 00 63 00 37 00 00 00 5A 00 41 00 52 ...f.c.7 ...Z.A.R [040] 00 54 00 53 00 4F 00 46 00 54 00 00 00 .T.S.O.F .T... [2007/11/30 08:58:02.117847, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 76 [2007/11/30 08:58:02.117872, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x4c [2007/11/30 08:58:02.117890, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 16 of length 80 [2007/11/30 08:58:02.117908, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.117919, 5, pid=5599] lib/util.c:show_msg(516) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=105 smb_mid=10752 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2007/11/30 08:58:02.118015, 10, pid=5599] lib/util.c:dump_data(2285) [000] 00 5C 00 5C 00 47 00 4F 00 44 00 41 00 49 00 5C .\.\.G.O .D.A.I.\ [010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [020] 00 . [2007/11/30 08:58:02.118081, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBtconX (pid 5599) conn 0x0 [2007/11/30 08:58:02.118101, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.118120, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.118137, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.118165, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.118187, 4, pid=5599] smbd/reply.c:reply_tcon_and_X(506) Client requested device type [?????] for share [IPC$] [2007/11/30 08:58:02.118210, 5, pid=5599] smbd/service.c:make_connection(1205) making a connection to 'normal' service ipc$ [2007/11/30 08:58:02.118236, 5, pid=5599] lib/username.c:Get_Pwnam_alloc(131) Finding user guest [2007/11/30 08:58:02.118254, 5, pid=5599] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is guest [2007/11/30 08:58:02.118272, 10, pid=5599] lib/util_pw.c:getpwnam_alloc(76) Got guest from pwnam_cache [2007/11/30 08:58:02.118289, 5, pid=5599] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [guest]! [2007/11/30 08:58:02.118316, 10, pid=5599] smbd/service.c:set_conn_connectpath(156) set_conn_connectpath: service IPC$, connectpath = /tmp [2007/11/30 08:58:02.118336, 3, pid=5599] smbd/service.c:make_connection_snum(806) Connect path is '/tmp' for service [IPC$] [2007/11/30 08:58:02.118361, 4, pid=5599] lib/sharesec.c:get_share_security(132) get_share_security: using default secdesc for IPC$ [2007/11/30 08:58:02.118380, 10, pid=5599] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/11/30 08:58:02.118400, 10, pid=5599] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 4 entries and first sid S-1-5-21-2274471336-3138038065-606154707-501. [2007/11/30 08:58:02.118422, 3, pid=5599] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:58:02.118434, 3, pid=5599] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2007/11/30 08:58:02.118483, 5, pid=5599] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2007/11/30 08:58:02.118501, 3, pid=5599] smbd/vfs.c:vfs_init_default(95) Initialising default vfs hooks [2007/11/30 08:58:02.118519, 3, pid=5599] smbd/vfs.c:vfs_init_custom(128) Initialising custom vfs hooks from [/[Default VFS]/] Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2007/11/30 08:58:02.118544, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2007/11/30 08:58:02.118573, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2007/11/30 08:58:02.118602, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2007/11/30 08:58:02.118631, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2007/11/30 08:58:02.118659, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2007/11/30 08:58:02.118704, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2007/11/30 08:58:02.118734, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2007/11/30 08:58:02.118767, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2007/11/30 08:58:02.118797, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2007/11/30 08:58:02.118826, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2007/11/30 08:58:02.118855, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2007/11/30 08:58:02.118884, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2007/11/30 08:58:02.118913, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2007/11/30 08:58:02.118942, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2007/11/30 08:58:02.118971, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2007/11/30 08:58:02.119000, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2007/11/30 08:58:02.119029, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2007/11/30 08:58:02.119058, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2007/11/30 08:58:02.119087, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2007/11/30 08:58:02.119115, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2007/11/30 08:58:02.119144, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2007/11/30 08:58:02.119173, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2007/11/30 08:58:02.119216, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2007/11/30 08:58:02.119246, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2007/11/30 08:58:02.119276, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2007/11/30 08:58:02.119305, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2007/11/30 08:58:02.119333, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2007/11/30 08:58:02.119362, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2007/11/30 08:58:02.119391, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2007/11/30 08:58:02.119419, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2007/11/30 08:58:02.119452, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2007/11/30 08:58:02.119480, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2007/11/30 08:58:02.119509, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2007/11/30 08:58:02.119538, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2007/11/30 08:58:02.119567, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2007/11/30 08:58:02.119595, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2007/11/30 08:58:02.119623, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2007/11/30 08:58:02.119652, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2007/11/30 08:58:02.119680, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2007/11/30 08:58:02.119709, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2007/11/30 08:58:02.119757, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2007/11/30 08:58:02.119787, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2007/11/30 08:58:02.119816, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2007/11/30 08:58:02.119845, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2007/11/30 08:58:02.119873, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2007/11/30 08:58:02.119902, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2007/11/30 08:58:02.119931, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2007/11/30 08:58:02.119960, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2007/11/30 08:58:02.119989, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2007/11/30 08:58:02.120019, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2007/11/30 08:58:02.120048, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2007/11/30 08:58:02.120076, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2007/11/30 08:58:02.120105, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2007/11/30 08:58:02.120134, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2007/11/30 08:58:02.120162, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2007/11/30 08:58:02.120191, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2007/11/30 08:58:02.120219, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2007/11/30 08:58:02.120263, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2007/11/30 08:58:02.120292, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2007/11/30 08:58:02.120325, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2007/11/30 08:58:02.120353, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2007/11/30 08:58:02.120382, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2007/11/30 08:58:02.120411, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2007/11/30 08:58:02.120440, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2007/11/30 08:58:02.120469, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2007/11/30 08:58:02.120497, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2007/11/30 08:58:02.120526, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2007/11/30 08:58:02.120554, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2007/11/30 08:58:02.120583, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2007/11/30 08:58:02.120612, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2007/11/30 08:58:02.120641, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2007/11/30 08:58:02.120670, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2007/11/30 08:58:02.120699, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2007/11/30 08:58:02.120727, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2007/11/30 08:58:02.120760, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2007/11/30 08:58:02.120804, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2007/11/30 08:58:02.120833, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2007/11/30 08:58:02.120862, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2007/11/30 08:58:02.120890, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2007/11/30 08:58:02.120919, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2007/11/30 08:58:02.120948, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2007/11/30 08:58:02.120977, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2007/11/30 08:58:02.121006, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2007/11/30 08:58:02.121035, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2007/11/30 08:58:02.121064, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2007/11/30 08:58:02.121093, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2007/11/30 08:58:02.121122, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2007/11/30 08:58:02.121150, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2007/11/30 08:58:02.121182, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2007/11/30 08:58:02.121211, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2007/11/30 08:58:02.121240, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2007/11/30 08:58:02.121269, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2007/11/30 08:58:02.121312, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2007/11/30 08:58:02.121341, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2007/11/30 08:58:02.121370, 5, pid=5599] smbd/vfs.c:vfs_init_custom(174) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2007/11/30 08:58:02.121400, 5, pid=5599] smbd/connection.c:claim_connection(182) claiming IPC$ 0 [2007/11/30 08:58:02.121432, 10, pid=5599] smbd/share_access.c:user_ok_token(232) user_ok_token: share IPC$ is ok for unix user guest [2007/11/30 08:58:02.121453, 10, pid=5599] smbd/share_access.c:is_share_read_only_for_token(274) is_share_read_only_for_user: share IPC$ is read-only for unix user guest [2007/11/30 08:58:02.121478, 4, pid=5599] lib/sharesec.c:get_share_security(132) get_share_security: using default secdesc for IPC$ [2007/11/30 08:58:02.121497, 10, pid=5599] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/11/30 08:58:02.121517, 10, pid=5599] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-2274471336-3138038065-606154707-501. [2007/11/30 08:58:02.121540, 3, pid=5599] lib/util_seaccess.c:se_access_check(250) [2007/11/30 08:58:02.121552, 3, pid=5599] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2007/11/30 08:58:02.121601, 5, pid=5599] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2007/11/30 08:58:02.121621, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (514, 514) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.121639, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-501 contains 4 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:58:02.121700, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 514 Primary group is 514 and contains 0 supplementary groups [2007/11/30 08:58:02.121752, 5, pid=5599] smbd/uid.c:change_to_user(273) change_to_user uid=(514,514) gid=(0,514) [2007/11/30 08:58:02.121779, 3, pid=5599] smbd/service.c:make_connection_snum(1033) kyoko (192.168.64.5) connect to service IPC$ initially as user guest (uid=514, gid=514) (pid 5599) [2007/11/30 08:58:02.121802, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.121821, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.121838, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.121881, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.121904, 3, pid=5599] smbd/reply.c:reply_tcon_and_X(574) tconX service=IPC$ [2007/11/30 08:58:02.121922, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.121934, 5, pid=5599] lib/util.c:show_msg(516) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=105 smb_mid=10752 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2007/11/30 08:58:02.122064, 10, pid=5599] lib/util.c:dump_data(2285) [000] 49 50 43 00 00 00 00 IPC.... [2007/11/30 08:58:02.122390, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 118 [2007/11/30 08:58:02.122414, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x76 [2007/11/30 08:58:02.122434, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 17 of length 122 [2007/11/30 08:58:02.122451, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.122463, 5, pid=5599] lib/util.c:show_msg(516) size=118 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=55303 smb_tid=1 smb_pid=748 smb_uid=105 smb_mid=10816 smt_wct=14 smb_vwv[ 0]= 26 (0x1A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 4200 (0x1068) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 5000 (0x1388) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 26 (0x1A) smb_vwv[10]= 92 (0x5C) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=55 [2007/11/30 08:58:02.122617, 10, pid=5599] lib/util.c:dump_data(2285) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 4C 00 41 .\.P.I.P .E.\.L.A [010] 00 4E 00 4D 00 41 00 4E 00 00 00 00 00 68 00 57 .N.M.A.N .....h.W [020] 72 4C 65 68 44 4F 00 42 31 36 42 42 44 7A 00 01 rLehDO.B 16BBDz.. [030] 00 68 10 00 00 00 80 .h..... [2007/11/30 08:58:02.122682, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBtrans (pid 5599) conn 0x555555c1aa10 [2007/11/30 08:58:02.122703, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (514, 514) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.122723, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-501 contains 4 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 08:58:02.122787, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 514 Primary group is 514 and contains 0 supplementary groups [2007/11/30 08:58:02.122829, 5, pid=5599] smbd/uid.c:change_to_user(273) change_to_user uid=(514,514) gid=(0,514) [2007/11/30 08:58:02.122851, 4, pid=5599] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to /tmp [2007/11/30 08:58:02.122874, 3, pid=5599] smbd/ipc.c:handle_trans(373) trans <\PIPE\LANMAN> data=0 params=26 setup=0 [2007/11/30 08:58:02.122902, 5, pid=5599] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/11/30 08:58:02.122920, 3, pid=5599] smbd/ipc.c:named_pipe(340) named pipe command on name [2007/11/30 08:58:02.122939, 3, pid=5599] smbd/lanman.c:api_reply(4406) Got API command 104 of form (tdscnt=0,tpscnt=26,mdrcnt=4200,mprcnt=8) [2007/11/30 08:58:02.122959, 3, pid=5599] smbd/lanman.c:api_reply(4410) Doing NetServerEnum [2007/11/30 08:58:02.122978, 4, pid=5599] smbd/lanman.c:api_RNetServerEnum(1335) server request level: B16BBDz 80000000 domains_req:Yes local_only:No [2007/11/30 08:58:02.123015, 4, pid=5599] smbd/lanman.c:get_server_info(1104) Servertype search: 80000000 [2007/11/30 08:58:02.123041, 4, pid=5599] smbd/lanman.c:get_server_info(1176) **SV** ZARTSOFT 80001000 GODAI ZARTSOFT [2007/11/30 08:58:02.123065, 4, pid=5599] smbd/lanman.c:get_server_info(1157) r:serv type s: dom mismatch GODAI 8d9b2b godai ZARTSOFT [2007/11/30 08:58:02.123089, 4, pid=5599] smbd/lanman.c:get_server_info(1157) r:serv type s: dom mismatch AKARI 809003 ZARTSOFT [2007/11/30 08:58:02.123113, 4, pid=5599] smbd/lanman.c:get_server_info(1157) r:serv type s: dom mismatch KYOKO 829003 ZARTSOFT [2007/11/30 08:58:02.123150, 4, pid=5599] smbd/lanman.c:api_RNetServerEnum(1371) fill_srv_info ZARTSOFT 80001000 GODAI ZARTSOFT [2007/11/30 08:58:02.123171, 4, pid=5599] smbd/lanman.c:api_RNetServerEnum(1408) fill_srv_info ZARTSOFT 80001000 GODAI ZARTSOFT [2007/11/30 08:58:02.123191, 3, pid=5599] smbd/lanman.c:api_RNetServerEnum(1426) NetServerEnum domain = ZARTSOFT uLevel=1 counted=1 total=1 [2007/11/30 08:58:02.123210, 5, pid=5599] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..8] data[0..32] [2007/11/30 08:58:02.123229, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.123241, 5, pid=5599] lib/util.c:show_msg(516) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=748 smb_uid=105 smb_mid=10816 smt_wct=10 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 8 (0x8) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 64 (0x40) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2007/11/30 08:58:02.123371, 10, pid=5599] lib/util.c:dump_data(2285) [000] 00 00 00 00 00 01 00 01 00 5A 41 52 54 53 4F 46 ........ .ZARTSOF [010] 54 00 00 00 00 00 00 00 00 00 00 00 10 00 80 1A T....... ........ [020] 00 00 00 47 4F 44 41 49 00 ...GODAI . [2007/11/30 08:58:02.123585, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 39 [2007/11/30 08:58:02.123609, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x27 [2007/11/30 08:58:02.123629, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 18 of length 43 [2007/11/30 08:58:02.123647, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.123658, 5, pid=5599] lib/util.c:show_msg(516) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=105 smb_mid=10880 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2007/11/30 08:58:02.123743, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBulogoffX (pid 5599) conn 0x0 [2007/11/30 08:58:02.123766, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.123784, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.123801, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.123844, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.123872, 3, pid=5599] smbd/reply.c:reply_ulogoffX(1560) ulogoffX vuid=105 [2007/11/30 08:58:02.123890, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.123903, 5, pid=5599] lib/util.c:show_msg(516) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=105 smb_mid=10880 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2007/11/30 08:58:02.124163, 10, pid=5599] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 35 [2007/11/30 08:58:02.124186, 6, pid=5599] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x23 [2007/11/30 08:58:02.124204, 3, pid=5599] smbd/process.c:process_smb(1068) Transaction 19 of length 39 [2007/11/30 08:58:02.124222, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.124233, 5, pid=5599] lib/util.c:show_msg(516) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=105 smb_mid=10944 smt_wct=0 smb_bcc=0 [2007/11/30 08:58:02.124309, 3, pid=5599] smbd/process.c:switch_message(926) switch message SMBtdis (pid 5599) conn 0x555555c1aa10 [2007/11/30 08:58:02.124341, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.124359, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.124376, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.124404, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.124426, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.124444, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.124461, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.124488, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.124508, 3, pid=5599] smbd/service.c:close_cnum(1230) kyoko (192.168.64.5) closed connection to service IPC$ [2007/11/30 08:58:02.124529, 3, pid=5599] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2007/11/30 08:58:02.124561, 4, pid=5599] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to / [2007/11/30 08:58:02.124583, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:58:02.124601, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:58:02.124618, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:58:02.124645, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 08:58:02.124671, 5, pid=5599] lib/util.c:show_msg(506) [2007/11/30 08:58:02.124683, 5, pid=5599] lib/util.c:show_msg(516) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=105 smb_mid=10944 smt_wct=0 smb_bcc=0 [2007/11/30 08:59:02.122276, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 08:59:02.122324, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 08:59:02.122344, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 08:59:02.122378, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:02.120786, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:02.120983, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:02.121003, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:02.121038, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:02.121061, 3, pid=5599] smbd/process.c:check_reload(1309) Printcap cache time expired. [2007/11/30 09:00:02.121091, 3, pid=5599] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2007/11/30 09:00:02.121139, 3, pid=5599] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2007/11/30 09:00:02.121163, 3, pid=5599] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2007/11/30 09:00:02.121193, 3, pid=5599] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2007/11/30 09:00:02.121221, 2, pid=5599] smbd/process.c:timeout_processing(1362) Closing idle connection [2007/11/30 09:00:02.121240, 5, pid=5599] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/11/30 09:00:02.121292, 5, pid=5599] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/11/30 09:00:02.121314, 3, pid=5599] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:02.121332, 5, pid=5599] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:02.121349, 5, pid=5599] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:02.121377, 5, pid=5599] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:02.121399, 3, pid=5599] smbd/connection.c:yield_connection(69) Yielding connection to [2007/11/30 09:00:02.121459, 3, pid=5599] smbd/server.c:exit_server_common(768) Server exit (normal exit) [2007/11/30 09:00:42.336293, 6, pid=5594] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:42.336352, 3, pid=5594] smbd/process.c:check_reload(1309) Printcap cache time expired. [2007/11/30 09:00:42.336375, 3, pid=5594] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2007/11/30 09:00:42.336464, 3, pid=5594] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2007/11/30 09:00:42.336483, 3, pid=5594] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2007/11/30 09:00:42.336507, 3, pid=5594] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2007/11/30 09:00:42.337144, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:00:42.337243, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:00:42.337269, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:42.337286, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:00:42.337300, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:42.337314, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:42.337327, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:00:42.337341, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:42.337354, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:42.337367, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:00:42.337380, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:00:42.337393, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:00:42.337406, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:00:42.337419, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:42.337432, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:42.337448, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:00:42.337462, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:00:42.337475, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:42.337488, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:00:42.337501, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:42.337514, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:42.337527, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:00:42.337560, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:42.337574, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:42.337587, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:00:42.337600, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:00:42.337613, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:00:42.337626, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:00:42.337639, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:42.337651, 5, pid=5655] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:42.337997, 6, pid=5655] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:42.338046, 3, pid=5655] smbd/oplock.c:init_oplocks(863) init_oplocks: initializing messages. [2007/11/30 09:00:42.338171, 3, pid=5655] smbd/oplock_linux.c:linux_init_kernel_oplocks(276) Linux kernel oplocks enabled [2007/11/30 09:00:42.338260, 10, pid=5655] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2007/11/30 09:00:42.338293, 10, pid=5655] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length < 0! [2007/11/30 09:00:42.338306, 3, pid=5655] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). [2007/11/30 09:00:42.338325, 5, pid=5655] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/11/30 09:00:42.338350, 5, pid=5655] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/11/30 09:00:42.338369, 3, pid=5655] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.338385, 5, pid=5655] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.338403, 5, pid=5655] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.338430, 5, pid=5655] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:42.338453, 3, pid=5655] smbd/connection.c:yield_connection(69) Yielding connection to [2007/11/30 09:00:42.338479, 3, pid=5655] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2007/11/30 09:00:42.338506, 3, pid=5655] smbd/server.c:exit_server_common(768) Server exit (normal exit) [2007/11/30 09:00:42.339330, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:00:42.339413, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:00:42.339436, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:42.339452, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:00:42.339467, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:42.339480, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:42.339494, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:00:42.339508, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:42.339521, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:42.339534, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:00:42.339566, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:00:42.339580, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:00:42.339593, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:00:42.339606, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:42.339620, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:42.339636, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:00:42.339649, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:00:42.339662, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:42.339675, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:00:42.339689, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:42.339702, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:42.339715, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:00:42.339728, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:42.339741, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:42.339754, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:00:42.339767, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:00:42.339780, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:00:42.339793, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:00:42.339806, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:42.339819, 5, pid=5654] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:42.340042, 6, pid=5654] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:42.340087, 3, pid=5654] smbd/oplock.c:init_oplocks(863) init_oplocks: initializing messages. [2007/11/30 09:00:42.340199, 3, pid=5654] smbd/oplock_linux.c:linux_init_kernel_oplocks(276) Linux kernel oplocks enabled [2007/11/30 09:00:42.340268, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 190 [2007/11/30 09:00:42.340292, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0xbe [2007/11/30 09:00:42.340309, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 0 of length 194 [2007/11/30 09:00:42.340329, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.340338, 5, pid=5654] lib/util.c:show_msg(516) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5653 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=155 [2007/11/30 09:00:42.340392, 10, pid=5654] lib/util.c:dump_data(2285) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2007/11/30 09:00:42.340524, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBnegprot (pid 5654) conn 0x0 [2007/11/30 09:00:42.340542, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.340558, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.340576, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.340602, 5, pid=5654] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:42.340620, 3, pid=5654] smbd/negprot.c:reply_negprot(505) Requested protocol [PC NETWORK PROGRAM 1.0] [2007/11/30 09:00:42.340636, 3, pid=5654] smbd/negprot.c:reply_negprot(505) Requested protocol [MICROSOFT NETWORKS 1.03] [2007/11/30 09:00:42.340649, 3, pid=5654] smbd/negprot.c:reply_negprot(505) Requested protocol [MICROSOFT NETWORKS 3.0] [2007/11/30 09:00:42.340662, 3, pid=5654] smbd/negprot.c:reply_negprot(505) Requested protocol [LANMAN1.0] [2007/11/30 09:00:42.340674, 3, pid=5654] smbd/negprot.c:reply_negprot(505) Requested protocol [LM1.2X002] [2007/11/30 09:00:42.340687, 3, pid=5654] smbd/negprot.c:reply_negprot(505) Requested protocol [DOS LANMAN2.1] [2007/11/30 09:00:42.340699, 3, pid=5654] smbd/negprot.c:reply_negprot(505) Requested protocol [LANMAN2.1] [2007/11/30 09:00:42.340711, 3, pid=5654] smbd/negprot.c:reply_negprot(505) Requested protocol [Samba] [2007/11/30 09:00:42.340730, 10, pid=5654] lib/util.c:set_remote_arch(2260) set_remote_arch: Client arch is 'Samba' [2007/11/30 09:00:42.340768, 6, pid=5654] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:42.340799, 5, pid=5654] smbd/connection.c:claim_connection(182) claiming 0 [2007/11/30 09:00:42.340849, 6, pid=5654] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:42.340909, 3, pid=5654] smbd/negprot.c:reply_nt1(364) using SPNEGO [2007/11/30 09:00:42.340923, 3, pid=5654] smbd/negprot.c:reply_negprot(606) Selected protocol NT LANMAN 1.0 [2007/11/30 09:00:42.340936, 5, pid=5654] smbd/negprot.c:reply_negprot(612) negprot index=8 [2007/11/30 09:00:42.340948, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.340957, 5, pid=5654] lib/util.c:show_msg(516) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5653 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 5632 (0x1600) smb_vwv[ 8]= 22 (0x16) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=22801 (0x5911) smb_vwv[13]= 1427 (0x593) smb_vwv[14]=51251 (0xC833) smb_vwv[15]=54273 (0xD401) smb_vwv[16]= 254 (0xFE) smb_bcc=58 [2007/11/30 09:00:42.341079, 10, pid=5654] lib/util.c:dump_data(2285) [000] 67 6F 64 61 69 00 00 00 00 00 00 00 00 00 00 00 godai... ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2007/11/30 09:00:42.341785, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 160 [2007/11/30 09:00:42.341804, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0xa0 [2007/11/30 09:00:42.341830, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 1 of length 164 [2007/11/30 09:00:42.341848, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.341857, 5, pid=5654] lib/util.c:show_msg(516) size=160 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5653 smb_uid=0 smb_mid=2 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 79 (0x4F) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=53340 (0xD05C) smb_vwv[11]=32768 (0x8000) smb_bcc=101 [2007/11/30 09:00:42.341958, 10, pid=5654] lib/util.c:dump_data(2285) [000] 60 4D 06 06 2B 06 01 05 05 02 A0 43 30 41 A0 0E `M..+... ...C0A.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2F 0...+... ..7..../ [020] 04 2D 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 82 .-NTLMSS P....... [030] 08 60 08 00 08 00 20 00 00 00 05 00 05 00 28 00 .`.... . ......(. [040] 00 00 5A 41 52 54 53 4F 46 54 47 4F 44 41 49 55 ..ZARTSO FTGODAIU [050] 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 .n.i.x.. .S.a.m.b [060] 00 61 00 00 00 .a... [2007/11/30 09:00:42.342035, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5654) conn 0x0 [2007/11/30 09:00:42.342049, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.342062, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.342075, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.342097, 5, pid=5654] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:42.342118, 3, pid=5654] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc801 [2007/11/30 09:00:42.342137, 3, pid=5654] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 09:00:42.342151, 3, pid=5654] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2007/11/30 09:00:42.342175, 10, pid=5654] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 100 [2007/11/30 09:00:42.342196, 10, pid=5654] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 79, pblob->length = 79 [2007/11/30 09:00:42.342219, 5, pid=5654] smbd/sesssetup.c:parse_spnego_mechanisms(667) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2007/11/30 09:00:42.342233, 3, pid=5654] smbd/sesssetup.c:reply_spnego_negotiate(697) reply_spnego_negotiate: Got secblob of size 45 [2007/11/30 09:00:42.342256, 5, pid=5654] auth/auth.c:make_auth_context_subsystem(483) Making default auth method list for DC, security=user, encrypt passwords = yes [2007/11/30 09:00:42.342275, 5, pid=5654] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam [2007/11/30 09:00:42.342289, 5, pid=5654] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam' [2007/11/30 09:00:42.342302, 5, pid=5654] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam_ignoredomain [2007/11/30 09:00:42.342315, 5, pid=5654] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam_ignoredomain' [2007/11/30 09:00:42.342329, 5, pid=5654] auth/auth.c:smb_register_auth(47) Attempting to register auth backend unix [2007/11/30 09:00:42.342343, 5, pid=5654] auth/auth.c:smb_register_auth(59) Successfully added auth method 'unix' [2007/11/30 09:00:42.342357, 5, pid=5654] auth/auth.c:smb_register_auth(47) Attempting to register auth backend winbind [2007/11/30 09:00:42.342370, 5, pid=5654] auth/auth.c:smb_register_auth(59) Successfully added auth method 'winbind' [2007/11/30 09:00:42.342383, 5, pid=5654] auth/auth.c:smb_register_auth(47) Attempting to register auth backend smbserver [2007/11/30 09:00:42.342407, 5, pid=5654] auth/auth.c:smb_register_auth(59) Successfully added auth method 'smbserver' [2007/11/30 09:00:42.342422, 5, pid=5654] auth/auth.c:smb_register_auth(47) Attempting to register auth backend trustdomain [2007/11/30 09:00:42.342435, 5, pid=5654] auth/auth.c:smb_register_auth(59) Successfully added auth method 'trustdomain' [2007/11/30 09:00:42.342448, 5, pid=5654] auth/auth.c:smb_register_auth(47) Attempting to register auth backend ntdomain [2007/11/30 09:00:42.342461, 5, pid=5654] auth/auth.c:smb_register_auth(59) Successfully added auth method 'ntdomain' [2007/11/30 09:00:42.342473, 5, pid=5654] auth/auth.c:smb_register_auth(47) Attempting to register auth backend guest [2007/11/30 09:00:42.342486, 5, pid=5654] auth/auth.c:smb_register_auth(59) Successfully added auth method 'guest' [2007/11/30 09:00:42.342498, 5, pid=5654] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match guest [2007/11/30 09:00:42.342512, 5, pid=5654] auth/auth.c:load_auth_module(416) load_auth_module: auth method guest has a valid init [2007/11/30 09:00:42.342525, 5, pid=5654] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match sam [2007/11/30 09:00:42.342544, 5, pid=5654] auth/auth.c:load_auth_module(416) load_auth_module: auth method sam has a valid init [2007/11/30 09:00:42.342558, 5, pid=5654] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2007/11/30 09:00:42.342577, 5, pid=5654] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match trustdomain [2007/11/30 09:00:42.342595, 5, pid=5654] auth/auth.c:load_auth_module(416) load_auth_module: auth method trustdomain has a valid init [2007/11/30 09:00:42.342609, 5, pid=5654] auth/auth.c:load_auth_module(416) load_auth_module: auth method winbind has a valid init [2007/11/30 09:00:42.342637, 3, pid=5654] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2007/11/30 09:00:42.342683, 5, pid=5654] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module guest did not want to specify a challenge [2007/11/30 09:00:42.342697, 5, pid=5654] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module sam did not want to specify a challenge [2007/11/30 09:00:42.342710, 5, pid=5654] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module winbind did not want to specify a challenge [2007/11/30 09:00:42.342733, 5, pid=5654] auth/auth.c:get_ntlm_challenge(137) auth_context challenge created by random [2007/11/30 09:00:42.342747, 5, pid=5654] auth/auth.c:get_ntlm_challenge(138) challenge is: [2007/11/30 09:00:42.342759, 5, pid=5654] lib/util.c:dump_data(2285) [000] A8 24 99 E5 CD FE 59 3B .$....Y; [2007/11/30 09:00:42.343444, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.343462, 5, pid=5654] lib/util.c:show_msg(516) size=332 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5653 smb_uid=100 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 221 (0xDD) smb_bcc=289 [2007/11/30 09:00:42.343537, 10, pid=5654] lib/util.c:dump_data(2285) [000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 10 00 10 00 30 TLMSSP.. .......0 [030] 00 00 00 15 82 89 60 A8 24 99 E5 CD FE 59 3B 00 ......`. $....Y;. [040] 00 00 00 00 00 00 00 7E 00 7E 00 40 00 00 00 5A .......~ .~.@...Z [050] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 02 .A.R.T.S .O.F.T.. [060] 00 10 00 5A 00 41 00 52 00 54 00 53 00 4F 00 46 ...Z.A.R .T.S.O.F [070] 00 54 00 01 00 0A 00 47 00 4F 00 44 00 41 00 49 .T.....G .O.D.A.I [080] 00 04 00 22 00 6C 00 6F 00 63 00 61 00 6C 00 2E ...".l.o .c.a.l.. [090] 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 00 74 .z.a.r.t .s.o.f.t [0A0] 00 2E 00 72 00 75 00 03 00 2E 00 67 00 6F 00 64 ...r.u.. ...g.o.d [0B0] 00 61 00 69 00 2E 00 6C 00 6F 00 63 00 61 00 6C .a.i...l .o.c.a.l [0C0] 00 2E 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 ...z.a.r .t.s.o.f [0D0] 00 74 00 2E 00 72 00 75 00 00 00 00 00 55 00 6E .t...r.u .....U.n [0E0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0F0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 36 00 61 . .3...0 ...2.6.a [100] 00 2D 00 30 00 2E 00 66 00 63 00 37 00 00 00 5A .-.0...f .c.7...Z [110] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 00 .A.R.T.S .O.F.T.. [120] 00 . [2007/11/30 09:00:42.344726, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 260 [2007/11/30 09:00:42.344747, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x104 [2007/11/30 09:00:42.344761, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 2 of length 264 [2007/11/30 09:00:42.344774, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.344782, 5, pid=5654] lib/util.c:show_msg(516) size=260 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5653 smb_uid=100 smb_mid=3 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 178 (0xB2) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=53340 (0xD05C) smb_vwv[11]=32768 (0x8000) smb_bcc=201 [2007/11/30 09:00:42.344899, 10, pid=5654] lib/util.c:dump_data(2285) [000] A1 81 AF 30 81 AC A2 81 A9 04 81 A6 4E 54 4C 4D ...0.... ....NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 SSP..... ....@... [020] 18 00 18 00 58 00 00 00 10 00 10 00 70 00 00 00 ....X... ....p... [030] 0C 00 0C 00 80 00 00 00 0A 00 0A 00 8C 00 00 00 ........ ........ [040] 10 00 10 00 96 00 00 00 15 82 08 60 FF 12 B5 FB ........ ...`.... [050] D4 21 A5 CC 00 00 00 00 00 00 00 00 00 00 00 00 .!...... ........ [060] 00 00 00 00 BD 1B 7C 69 F5 A2 21 52 1C 56 C0 30 ......|i ..!R.V.0 [070] 6A EC 27 33 BC F1 49 F5 3A E6 21 98 5A 00 41 00 j.'3..I. :.!.Z.A. [080] 52 00 54 00 53 00 4F 00 46 00 54 00 47 00 4F 00 R.T.S.O. F.T.G.O. [090] 44 00 41 00 49 00 24 00 47 00 4F 00 44 00 41 00 D.A.I.$. G.O.D.A. [0A0] 49 00 79 8E 21 50 8F 09 C5 1C C2 64 2C 6C 45 AA I.y.!P.. ...d,lE. [0B0] 20 7A 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 z.U.n.i .x...S.a [0C0] 00 6D 00 62 00 61 00 00 00 .m.b.a.. . [2007/11/30 09:00:42.345036, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5654) conn 0x0 [2007/11/30 09:00:42.345052, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.345066, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.345079, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.345103, 5, pid=5654] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:42.345119, 3, pid=5654] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc801 [2007/11/30 09:00:42.345132, 3, pid=5654] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 09:00:42.345146, 3, pid=5654] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2007/11/30 09:00:42.345167, 10, pid=5654] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 178, pblob->length = 178 [2007/11/30 09:00:42.345199, 3, pid=5654] libsmb/ntlmssp.c:ntlmssp_server_auth(739) Got user=[GODAI$] domain=[ZARTSOFT] workstation=[GODAI] len1=24 len2=24 [2007/11/30 09:00:42.345220, 5, pid=5654] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(69) auth_context challenge set by NTLMSSP callback (NTLM2) [2007/11/30 09:00:42.345234, 5, pid=5654] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(70) challenge is: [2007/11/30 09:00:42.345246, 5, pid=5654] lib/util.c:dump_data(2285) [000] E3 BD E1 EA 1F A5 53 85 ......S. [2007/11/30 09:00:42.345279, 6, pid=5654] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:42.345314, 5, pid=5654] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [ZARTSOFT]\[GODAI$] from workstation [GODAI] [2007/11/30 09:00:42.345329, 3, pid=5654] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.345344, 3, pid=5654] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:00:42.345357, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.345370, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.345382, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.345403, 5, pid=5654] auth/auth_util.c:is_trusted_domain(2198) is_trusted_domain: Checking for domain trust with [ZARTSOFT] [2007/11/30 09:00:42.345436, 5, pid=5654] passdb/secrets.c:secrets_fetch_trusted_domain_password(473) secrets_fetch failed! [2007/11/30 09:00:42.345456, 3, pid=5654] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.345488, 10, pid=5654] lib/gencache.c:gencache_get(212) Cache entry with key = TDOM/ZARTSOFT couldn't be found [2007/11/30 09:00:42.345504, 5, pid=5654] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain ZARTSOFT found. [2007/11/30 09:00:42.345519, 5, pid=5654] auth/auth_util.c:make_user_info(75) attempting to make a user_info for GODAI$ (GODAI$) [2007/11/30 09:00:42.345532, 5, pid=5654] auth/auth_util.c:make_user_info(85) making strings for GODAI$'s user_info struct [2007/11/30 09:00:42.345546, 5, pid=5654] auth/auth_util.c:make_user_info(117) making blobs for GODAI$'s user_info struct [2007/11/30 09:00:42.345559, 10, pid=5654] auth/auth_util.c:make_user_info(135) made an encrypted user_info for GODAI$ (GODAI$) [2007/11/30 09:00:42.345573, 3, pid=5654] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [ZARTSOFT]\[GODAI$]@[GODAI] with the new password interface [2007/11/30 09:00:42.345587, 3, pid=5654] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [ZARTSOFT]\[GODAI$]@[GODAI] [2007/11/30 09:00:42.345600, 10, pid=5654] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2007/11/30 09:00:42.345613, 10, pid=5654] auth/auth.c:check_ntlm_password(235) challenge is: [2007/11/30 09:00:42.345625, 5, pid=5654] lib/util.c:dump_data(2285) [000] E3 BD E1 EA 1F A5 53 85 ......S. [2007/11/30 09:00:42.345645, 10, pid=5654] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2007/11/30 09:00:42.345661, 8, pid=5654] lib/util.c:is_myname(2097) is_myname("ZARTSOFT") returns 0 [2007/11/30 09:00:42.345680, 3, pid=5654] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.345694, 3, pid=5654] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:00:42.345707, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.345732, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.345745, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.345806, 4, pid=5654] passdb/pdb_tdb.c:tdbsam_open(869) tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb [2007/11/30 09:00:42.345844, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_username(581) pdb_set_username: setting username godai$, was [2007/11/30 09:00:42.345861, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_domain(604) pdb_set_domain: setting domain ZARTSOFT, was [2007/11/30 09:00:42.345875, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_nt_username(627) pdb_set_nt_username: setting nt username , was [2007/11/30 09:00:42.345889, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_fullname(650) pdb_set_full_name: setting full name godai, was [2007/11/30 09:00:42.345903, 4, pid=5654] lib/substitute.c:automount_server(407) Home server: godai [2007/11/30 09:00:42.345924, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_homedir(743) pdb_set_homedir: setting home dir \\godai\godai_, was [2007/11/30 09:00:42.345939, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_dir_drive(719) pdb_set_dir_drive: setting dir drive , was NULL [2007/11/30 09:00:42.345955, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_logon_script(673) pdb_set_logon_script: setting logon script , was [2007/11/30 09:00:42.345969, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_profile_path(696) pdb_set_profile_path: setting profile path , was [2007/11/30 09:00:42.345983, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_workstations(786) pdb_set_workstations: setting workstations , was [2007/11/30 09:00:42.345998, 3, pid=5654] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.346012, 3, pid=5654] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:42.346025, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.346038, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.346051, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.346079, 10, pid=5654] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 09:00:42.346100, 3, pid=5654] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.346117, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_user_sid(510) pdb_set_user_sid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 [2007/11/30 09:00:42.346141, 10, pid=5654] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 from rid 2040 [2007/11/30 09:00:42.346165, 8, pid=5654] passdb/pdb_tdb.c:tdbsam_close(882) tdbsam_close: Reference count is now 0. [2007/11/30 09:00:42.346188, 3, pid=5654] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.346203, 3, pid=5654] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:42.346216, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.346229, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.346241, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.346266, 10, pid=5654] lib/account_pol.c:account_policy_get(294) account_policy_get: name: maximum password age, val: -1 [2007/11/30 09:00:42.346283, 3, pid=5654] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.346311, 5, pid=5654] lib/username.c:Get_Pwnam_alloc(131) Finding user godai$ [2007/11/30 09:00:42.346325, 5, pid=5654] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is godai$ [2007/11/30 09:00:42.346381, 5, pid=5654] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [godai$]! [2007/11/30 09:00:42.346441, 10, pid=5654] passdb/lookup_sid.c:check_dom_sid_to_level(663) Accepting SID S-1-5-21-2274471336-3138038065-606154707 in level 1 [2007/11/30 09:00:42.346461, 3, pid=5654] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.346476, 3, pid=5654] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:42.346489, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.346502, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.346515, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.346538, 5, pid=5654] passdb/pdb_interface.c:lookup_global_sam_rid(1522) lookup_global_sam_rid: looking up RID 515. [2007/11/30 09:00:42.346553, 3, pid=5654] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2007/11/30 09:00:42.346567, 3, pid=5654] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2007/11/30 09:00:42.346580, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2007/11/30 09:00:42.346592, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.346604, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.346642, 4, pid=5654] passdb/pdb_tdb.c:tdbsam_open(869) tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb [2007/11/30 09:00:42.346660, 5, pid=5654] passdb/pdb_tdb.c:tdbsam_getsampwrid(1114) pdb_getsampwrid (TDB): error looking up RID 515 by key RID_00000203. Error: Record does not exist [2007/11/30 09:00:42.346678, 8, pid=5654] passdb/pdb_tdb.c:tdbsam_close(882) tdbsam_close: Reference count is now 0. [2007/11/30 09:00:42.346709, 3, pid=5654] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.346725, 5, pid=5654] passdb/pdb_interface.c:pdb_default_lookup_rids(1643) lookup_rids: Domain Computers:2 [2007/11/30 09:00:42.346742, 3, pid=5654] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.346756, 10, pid=5654] passdb/lookup_sid.c:lookup_sid(941) Sid S-1-5-21-2274471336-3138038065-606154707-515 -> ZARTSOFT\Domain Computers(2) [2007/11/30 09:00:42.346776, 3, pid=5654] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.346791, 3, pid=5654] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:42.346803, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.346816, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.346828, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.346856, 10, pid=5654] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 09:00:42.346874, 3, pid=5654] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.346893, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_username(581) pdb_set_username: setting username godai$, was [2007/11/30 09:00:42.346908, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_domain(604) pdb_set_domain: setting domain ZARTSOFT, was [2007/11/30 09:00:42.346933, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_nt_username(627) pdb_set_nt_username: setting nt username , was [2007/11/30 09:00:42.346948, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_fullname(650) pdb_set_full_name: setting full name godai, was [2007/11/30 09:00:42.346962, 4, pid=5654] lib/substitute.c:automount_server(407) Home server: godai [2007/11/30 09:00:42.346979, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_homedir(743) pdb_set_homedir: setting home dir \\godai\godai_, was [2007/11/30 09:00:42.346993, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_dir_drive(719) pdb_set_dir_drive: setting dir drive , was NULL [2007/11/30 09:00:42.347007, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_logon_script(673) pdb_set_logon_script: setting logon script , was [2007/11/30 09:00:42.347021, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_profile_path(696) pdb_set_profile_path: setting profile path , was [2007/11/30 09:00:42.347035, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_workstations(786) pdb_set_workstations: setting workstations , was [2007/11/30 09:00:42.347050, 3, pid=5654] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.347064, 3, pid=5654] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:42.347077, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.347090, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.347104, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.347129, 10, pid=5654] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 09:00:42.347146, 3, pid=5654] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.347161, 10, pid=5654] passdb/pdb_get_set.c:pdb_set_user_sid(510) pdb_set_user_sid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 [2007/11/30 09:00:42.347177, 10, pid=5654] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 from rid 2040 [2007/11/30 09:00:42.347200, 3, pid=5654] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.347217, 4, pid=5654] libsmb/ntlm_check.c:ntlm_password_check(326) ntlm_password_check: Checking NT MD4 password [2007/11/30 09:00:42.347303, 4, pid=5654] auth/auth_sam.c:sam_account_ok(138) sam_account_ok: Checking SMB password for user godai$ [2007/11/30 09:00:42.347325, 5, pid=5654] auth/auth_sam.c:logon_hours_ok(120) logon_hours_ok: user godai$ allowed to logon at this time (Fri Nov 30 04:00:42 2007 ) [2007/11/30 09:00:42.347344, 3, pid=5654] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.347357, 3, pid=5654] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:00:42.347370, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.347383, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.347395, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.347419, 10, pid=5654] lib/account_pol.c:account_policy_get(294) account_policy_get: name: maximum password age, val: -1 [2007/11/30 09:00:42.347437, 3, pid=5654] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.347452, 3, pid=5654] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.347466, 3, pid=5654] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:00:42.347478, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.347503, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.347516, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.347537, 10, pid=5654] lib/util_pw.c:getpwnam_alloc(76) Got godai$ from pwnam_cache [2007/11/30 09:00:42.347552, 10, pid=5654] lib/util_pw.c:getpwnam_alloc(76) Got godai$ from pwnam_cache [2007/11/30 09:00:42.347598, 10, pid=5654] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [godai$] [2007/11/30 09:00:42.350942, 10, pid=5654] passdb/lookup_sid.c:gid_to_sid(1359) gid 1515 -> sid S-1-5-21-2274471336-3138038065-606154707-515 [2007/11/30 09:00:42.350973, 3, pid=5654] passdb/lookup_sid.c:store_gid_sid_cache(1133) store_gid_sid_cache: gid 1515 in cache -> S-1-5-21-2274471336-3138038065-606154707-515 [2007/11/30 09:00:42.350997, 5, pid=5654] auth/auth_util.c:make_server_info_sam(623) make_server_info_sam: made server info for user godai$ -> godai$ [2007/11/30 09:00:42.351023, 3, pid=5654] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.351045, 3, pid=5654] auth/auth.c:check_ntlm_password(270) check_ntlm_password: sam authentication for user [GODAI$] succeeded [2007/11/30 09:00:42.351065, 3, pid=5654] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.351085, 3, pid=5654] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:00:42.351105, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.351122, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.351139, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.351174, 3, pid=5654] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.351193, 5, pid=5654] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [godai$] succeeded [2007/11/30 09:00:42.351210, 2, pid=5654] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [GODAI$] -> [GODAI$] -> [godai$] succeeded [2007/11/30 09:00:42.351229, 5, pid=5654] auth/auth_util.c:free_user_info(2045) attempting to free (and zero) a user_info structure [2007/11/30 09:00:42.351246, 10, pid=5654] auth/auth_util.c:free_user_info(2049) structure was created for GODAI$ [2007/11/30 09:00:42.351266, 10, pid=5654] auth/auth_util.c:create_local_nt_token(844) Create local NT token for S-1-5-21-2274471336-3138038065-606154707-2040 [2007/11/30 09:00:42.351290, 3, pid=5654] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777218 -> S-1-5-32-544 [2007/11/30 09:00:42.351310, 3, pid=5654] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777219 -> S-1-5-32-545 [2007/11/30 09:00:42.351403, 3, pid=5654] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2274471336-3138038065-606154707-2040] [2007/11/30 09:00:42.351433, 3, pid=5654] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2274471336-3138038065-606154707-515] [2007/11/30 09:00:42.351460, 5, pid=5654] lib/privileges.c:get_privileges_for_sids(460) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 09:00:42.351495, 3, pid=5654] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2007/11/30 09:00:42.351518, 3, pid=5654] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-11] [2007/11/30 09:00:42.351542, 3, pid=5654] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-22-2-1515] [2007/11/30 09:00:42.351578, 3, pid=5654] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 1515 -> S-1-5-21-2274471336-3138038065-606154707-515 [2007/11/30 09:00:42.351953, 10, pid=5654] passdb/lookup_sid.c:sid_to_gid(1450) winbind failed to find a gid for sid S-1-1-0 [2007/11/30 09:00:42.351977, 10, pid=5654] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-1-0 to gid, ignoring it [2007/11/30 09:00:42.352299, 10, pid=5654] passdb/lookup_sid.c:sid_to_gid(1450) winbind failed to find a gid for sid S-1-5-2 [2007/11/30 09:00:42.352321, 10, pid=5654] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-2 to gid, ignoring it [2007/11/30 09:00:42.352664, 10, pid=5654] passdb/lookup_sid.c:sid_to_gid(1450) winbind failed to find a gid for sid S-1-5-11 [2007/11/30 09:00:42.352685, 10, pid=5654] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-11 to gid, ignoring it [2007/11/30 09:00:42.352704, 10, pid=5654] passdb/lookup_sid.c:sid_to_gid(1437) sid S-1-22-2-1515 -> gid 1515 [2007/11/30 09:00:42.352722, 10, pid=5654] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-2040 contains 6 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-2040 SID[ 1]: S-1-5-21-2274471336-3138038065-606154707-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1515 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 09:00:42.352799, 10, pid=5654] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2007/11/30 09:00:42.352818, 10, pid=5654] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144) Got LM session key of length 16 [2007/11/30 09:00:42.352841, 10, pid=5654] libsmb/ntlmssp.c:ntlmssp_server_auth(805) ntlmssp_server_auth: Created NTLM2 session key. [2007/11/30 09:00:42.352872, 3, pid=5654] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2007/11/30 09:00:42.352892, 3, pid=5654] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2007/11/30 09:00:42.352966, 10, pid=5654] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 101 [2007/11/30 09:00:42.352988, 10, pid=5654] lib/util_pw.c:getpwnam_alloc(76) Got godai$ from pwnam_cache [2007/11/30 09:00:42.353006, 10, pid=5654] smbd/password.c:register_vuid(277) register_vuid: (520,1515) godai$ GODAI$ ZARTSOFT guest=0 [2007/11/30 09:00:42.353025, 3, pid=5654] smbd/password.c:register_vuid(280) User name: godai$ Real name: godai [2007/11/30 09:00:42.353043, 3, pid=5654] smbd/password.c:register_vuid(301) UNIX uid 520 is UNIX user godai$, and will be vuid 101 [2007/11/30 09:00:42.353224, 7, pid=5654] param/loadparm.c:lp_servicenumber(5209) lp_servicenumber: couldn't find godai$ [2007/11/30 09:00:42.353246, 3, pid=5654] smbd/password.c:register_vuid(332) Adding homes service for user 'godai$' using home directory: '/dev/null' [2007/11/30 09:00:42.353307, 8, pid=5654] param/loadparm.c:add_a_service(2577) add_a_service: Creating snum = 7 for godai$ [2007/11/30 09:00:42.353327, 10, pid=5654] param/loadparm.c:hash_a_service(2624) hash_a_service: hashing index 7 for service name godai$ [2007/11/30 09:00:42.353358, 3, pid=5654] param/loadparm.c:lp_add_home(2670) adding home's share [godai$] for user 'godai$' at '/dev/null' [2007/11/30 09:00:42.353398, 6, pid=5654] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:42.353444, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.353457, 5, pid=5654] lib/util.c:show_msg(516) size=120 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5653 smb_uid=101 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=77 [2007/11/30 09:00:42.353571, 10, pid=5654] lib/util.c:dump_data(2285) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 36 00 61 00 2D 00 30 ...0...2 .6.a.-.0 [030] 00 2E 00 66 00 63 00 37 00 00 00 5A 00 41 00 52 ...f.c.7 ...Z.A.R [040] 00 54 00 53 00 4F 00 46 00 54 00 00 00 .T.S.O.F .T... [2007/11/30 09:00:42.354276, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 74 [2007/11/30 09:00:42.354303, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x4a [2007/11/30 09:00:42.354322, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 3 of length 78 [2007/11/30 09:00:42.354340, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.354351, 5, pid=5654] lib/util.c:show_msg(516) size=74 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5653 smb_uid=101 smb_mid=4 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=31 [2007/11/30 09:00:42.354443, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 5C 00 5C 00 47 00 4F 00 44 00 41 00 49 00 5C .\.\.G.O .D.A.I.\ [010] 00 49 00 50 00 43 00 24 00 00 00 49 50 43 00 .I.P.C.$ ...IPC. [2007/11/30 09:00:42.354483, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBtconX (pid 5654) conn 0x0 [2007/11/30 09:00:42.354503, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.354521, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.354537, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.354566, 5, pid=5654] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:42.354593, 4, pid=5654] smbd/reply.c:reply_tcon_and_X(506) Client requested device type [IPC] for share [IPC$] [2007/11/30 09:00:42.354625, 5, pid=5654] smbd/service.c:make_connection(1205) making a connection to 'normal' service ipc$ [2007/11/30 09:00:42.354664, 10, pid=5654] smbd/share_access.c:user_ok_token(232) user_ok_token: share IPC$ is ok for unix user godai$ [2007/11/30 09:00:42.354685, 5, pid=5654] lib/username.c:Get_Pwnam_alloc(131) Finding user godai$ [2007/11/30 09:00:42.354703, 5, pid=5654] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is godai$ [2007/11/30 09:00:42.354719, 10, pid=5654] lib/util_pw.c:getpwnam_alloc(76) Got godai$ from pwnam_cache [2007/11/30 09:00:42.354736, 5, pid=5654] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [godai$]! [2007/11/30 09:00:42.354765, 10, pid=5654] smbd/service.c:set_conn_connectpath(156) set_conn_connectpath: service IPC$, connectpath = /tmp [2007/11/30 09:00:42.354786, 3, pid=5654] smbd/service.c:make_connection_snum(806) Connect path is '/tmp' for service [IPC$] [2007/11/30 09:00:42.354860, 4, pid=5654] lib/sharesec.c:get_share_security(132) get_share_security: using default secdesc for IPC$ [2007/11/30 09:00:42.354884, 10, pid=5654] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/11/30 09:00:42.354907, 10, pid=5654] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-2274471336-3138038065-606154707-2040. [2007/11/30 09:00:42.354932, 3, pid=5654] lib/util_seaccess.c:se_access_check(250) [2007/11/30 09:00:42.354944, 3, pid=5654] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-2040 se_access_check: also S-1-5-21-2274471336-3138038065-606154707-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1515 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2007/11/30 09:00:42.355024, 5, pid=5654] lib/util_seaccess.c:se_access_check(308) se_access_check: access (2) granted. [2007/11/30 09:00:42.355045, 3, pid=5654] smbd/vfs.c:vfs_init_default(95) Initialising default vfs hooks [2007/11/30 09:00:42.355068, 5, pid=5654] smbd/vfs.c:smb_register_vfs(85) Successfully added vfs backend '/[Default VFS]/' [2007/11/30 09:00:42.355088, 5, pid=5654] smbd/vfs.c:smb_register_vfs(85) Successfully added vfs backend 'posixacl' [2007/11/30 09:00:42.355107, 3, pid=5654] smbd/vfs.c:vfs_init_custom(128) Initialising custom vfs hooks from [/[Default VFS]/] Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2007/11/30 09:00:42.355133, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2007/11/30 09:00:42.355161, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2007/11/30 09:00:42.355190, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2007/11/30 09:00:42.355218, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2007/11/30 09:00:42.355246, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2007/11/30 09:00:42.355273, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2007/11/30 09:00:42.355301, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2007/11/30 09:00:42.355328, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2007/11/30 09:00:42.355357, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2007/11/30 09:00:42.355385, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2007/11/30 09:00:42.355413, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2007/11/30 09:00:42.355441, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2007/11/30 09:00:42.355469, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2007/11/30 09:00:42.355497, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2007/11/30 09:00:42.355540, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2007/11/30 09:00:42.355570, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2007/11/30 09:00:42.355598, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2007/11/30 09:00:42.355626, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2007/11/30 09:00:42.355654, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2007/11/30 09:00:42.355681, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2007/11/30 09:00:42.355709, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2007/11/30 09:00:42.355736, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2007/11/30 09:00:42.355765, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2007/11/30 09:00:42.355794, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2007/11/30 09:00:42.355822, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2007/11/30 09:00:42.355850, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2007/11/30 09:00:42.355882, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2007/11/30 09:00:42.355909, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2007/11/30 09:00:42.355937, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2007/11/30 09:00:42.355965, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2007/11/30 09:00:42.355993, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2007/11/30 09:00:42.356035, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2007/11/30 09:00:42.356064, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2007/11/30 09:00:42.356092, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2007/11/30 09:00:42.356122, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2007/11/30 09:00:42.356150, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2007/11/30 09:00:42.356179, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2007/11/30 09:00:42.356207, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2007/11/30 09:00:42.356235, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2007/11/30 09:00:42.356262, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2007/11/30 09:00:42.356290, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2007/11/30 09:00:42.356318, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2007/11/30 09:00:42.356346, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2007/11/30 09:00:42.356374, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2007/11/30 09:00:42.356402, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2007/11/30 09:00:42.356430, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2007/11/30 09:00:42.356458, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2007/11/30 09:00:42.356485, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2007/11/30 09:00:42.356514, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2007/11/30 09:00:42.356556, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2007/11/30 09:00:42.356586, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2007/11/30 09:00:42.356613, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2007/11/30 09:00:42.356641, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2007/11/30 09:00:42.356669, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2007/11/30 09:00:42.356697, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2007/11/30 09:00:42.356725, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2007/11/30 09:00:42.356752, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2007/11/30 09:00:42.356781, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2007/11/30 09:00:42.356809, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2007/11/30 09:00:42.356837, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2007/11/30 09:00:42.356869, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2007/11/30 09:00:42.356898, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2007/11/30 09:00:42.356925, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2007/11/30 09:00:42.356953, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2007/11/30 09:00:42.356981, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2007/11/30 09:00:42.357009, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2007/11/30 09:00:42.357053, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2007/11/30 09:00:42.357082, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2007/11/30 09:00:42.357112, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2007/11/30 09:00:42.357140, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2007/11/30 09:00:42.357167, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2007/11/30 09:00:42.357196, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2007/11/30 09:00:42.357224, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2007/11/30 09:00:42.357252, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2007/11/30 09:00:42.357280, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2007/11/30 09:00:42.357307, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2007/11/30 09:00:42.357335, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2007/11/30 09:00:42.357363, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2007/11/30 09:00:42.357391, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2007/11/30 09:00:42.357419, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2007/11/30 09:00:42.357447, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2007/11/30 09:00:42.357475, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2007/11/30 09:00:42.357503, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2007/11/30 09:00:42.357530, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2007/11/30 09:00:42.357573, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2007/11/30 09:00:42.357602, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2007/11/30 09:00:42.357630, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2007/11/30 09:00:42.357657, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2007/11/30 09:00:42.357685, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2007/11/30 09:00:42.357713, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2007/11/30 09:00:42.357740, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2007/11/30 09:00:42.357768, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2007/11/30 09:00:42.357796, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2007/11/30 09:00:42.357824, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2007/11/30 09:00:42.357855, 5, pid=5654] smbd/vfs.c:vfs_init_custom(174) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2007/11/30 09:00:42.357886, 5, pid=5654] smbd/connection.c:claim_connection(182) claiming IPC$ 0 [2007/11/30 09:00:42.357923, 10, pid=5654] smbd/share_access.c:user_ok_token(232) user_ok_token: share IPC$ is ok for unix user godai$ [2007/11/30 09:00:42.357947, 10, pid=5654] smbd/share_access.c:is_share_read_only_for_token(274) is_share_read_only_for_user: share IPC$ is read-only for unix user godai$ [2007/11/30 09:00:42.357973, 4, pid=5654] lib/sharesec.c:get_share_security(132) get_share_security: using default secdesc for IPC$ [2007/11/30 09:00:42.357992, 10, pid=5654] lib/util_seaccess.c:se_map_generic(176) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2007/11/30 09:00:42.358012, 10, pid=5654] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-2274471336-3138038065-606154707-2040. [2007/11/30 09:00:42.358035, 3, pid=5654] lib/util_seaccess.c:se_access_check(250) [2007/11/30 09:00:42.358047, 3, pid=5654] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-2040 se_access_check: also S-1-5-21-2274471336-3138038065-606154707-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1515 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2007/11/30 09:00:42.358125, 5, pid=5654] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2007/11/30 09:00:42.358146, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (520, 1515) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.358165, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-2040 contains 6 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-2040 SID[ 1]: S-1-5-21-2274471336-3138038065-606154707-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1515 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 09:00:42.358238, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 520 Primary group is 1515 and contains 1 supplementary groups Group[ 0]: 1515 [2007/11/30 09:00:42.358297, 5, pid=5654] smbd/uid.c:change_to_user(273) change_to_user uid=(520,520) gid=(0,1515) [2007/11/30 09:00:42.358324, 3, pid=5654] smbd/service.c:make_connection_snum(1033) godai (192.168.64.1) connect to service IPC$ initially as user godai$ (uid=520, gid=1515) (pid 5654) [2007/11/30 09:00:42.358349, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.358367, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.358384, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.358432, 5, pid=5654] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:42.358455, 3, pid=5654] smbd/reply.c:reply_tcon_and_X(574) tconX service=IPC$ [2007/11/30 09:00:42.358473, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.358484, 5, pid=5654] lib/util.c:show_msg(516) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=4 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2007/11/30 09:00:42.358597, 10, pid=5654] lib/util.c:dump_data(2285) [000] 49 50 43 00 00 00 00 IPC.... [2007/11/30 09:00:42.358982, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2007/11/30 09:00:42.359007, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x64 [2007/11/30 09:00:42.359026, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 4 of length 104 [2007/11/30 09:00:42.359043, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.359055, 5, pid=5654] lib/util.c:show_msg(516) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=5 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2007/11/30 09:00:42.359256, 10, pid=5654] lib/util.c:dump_data(2285) [000] 18 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2007/11/30 09:00:42.359291, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBntcreateX (pid 5654) conn 0x555555c1a220 [2007/11/30 09:00:42.359328, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (520, 1515) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.359347, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-2040 contains 6 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-2040 SID[ 1]: S-1-5-21-2274471336-3138038065-606154707-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1515 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 09:00:42.359423, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 520 Primary group is 1515 and contains 1 supplementary groups Group[ 0]: 1515 [2007/11/30 09:00:42.359489, 5, pid=5654] smbd/uid.c:change_to_user(273) change_to_user uid=(520,520) gid=(0,1515) [2007/11/30 09:00:42.359515, 4, pid=5654] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to /tmp [2007/11/30 09:00:42.359556, 10, pid=5654] smbd/nttrans.c:reply_ntcreate_and_X(515) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 [2007/11/30 09:00:42.359580, 4, pid=5654] smbd/nttrans.c:nt_open_pipe(328) nt_open_pipe: Opening pipe \lsarpc. [2007/11/30 09:00:42.359599, 3, pid=5654] smbd/nttrans.c:nt_open_pipe(349) nt_open_pipe: Known pipe lsarpc opening. [2007/11/30 09:00:42.359621, 4, pid=5654] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=0) [2007/11/30 09:00:42.359650, 4, pid=5654] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2007/11/30 09:00:42.359686, 10, pid=5654] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2007/11/30 09:00:42.359707, 10, pid=5654] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2007/11/30 09:00:42.359732, 4, pid=5654] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe lsarpc (pipes_open=0) [2007/11/30 09:00:42.359751, 4, pid=5654] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 74fc (pipes_open=1) [2007/11/30 09:00:42.359769, 5, pid=5654] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=74fc [2007/11/30 09:00:42.359803, 5, pid=5654] smbd/nttrans.c:do_ntcreate_pipe_open(427) do_ntcreate_pipe_open: open pipe = \lsarpc [2007/11/30 09:00:42.359823, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.359835, 5, pid=5654] lib/util.c:show_msg(516) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=64512 (0xFC00) smb_vwv[ 3]= 372 (0x174) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/11/30 09:00:42.361546, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 154 [2007/11/30 09:00:42.361572, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x9a [2007/11/30 09:00:42.361591, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 5 of length 158 [2007/11/30 09:00:42.361625, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.361637, 5, pid=5654] lib/util.c:show_msg(516) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29948 (0x74FC) smb_bcc=87 [2007/11/30 09:00:42.361795, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2007/11/30 09:00:42.361892, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBtrans (pid 5654) conn 0x555555c1a220 [2007/11/30 09:00:42.361911, 4, pid=5654] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2007/11/30 09:00:42.361935, 3, pid=5654] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=72 params=0 setup=2 [2007/11/30 09:00:42.361963, 5, pid=5654] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/11/30 09:00:42.361981, 3, pid=5654] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/11/30 09:00:42.361999, 5, pid=5654] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/11/30 09:00:42.362018, 4, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=74fc [2007/11/30 09:00:42.362036, 5, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name lsarpc pnum=74fc (pipes_open=1) [2007/11/30 09:00:42.362054, 3, pid=5654] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 74fc) [2007/11/30 09:00:42.362072, 10, pid=5654] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555c1b910 max_trans_reply: 4280 [2007/11/30 09:00:42.362090, 6, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 74fc name: lsarpc open: Yes len: 72 [2007/11/30 09:00:42.362111, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/11/30 09:00:42.362128, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2007/11/30 09:00:42.362146, 10, pid=5654] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/11/30 09:00:42.362164, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/11/30 09:00:42.362181, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/11/30 09:00:42.362198, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2007/11/30 09:00:42.362219, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/11/30 09:00:42.362242, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/11/30 09:00:42.362261, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/11/30 09:00:42.362279, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2007/11/30 09:00:42.362296, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/11/30 09:00:42.362314, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/11/30 09:00:42.362346, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/11/30 09:00:42.362364, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/11/30 09:00:42.362382, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/11/30 09:00:42.362399, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0048 [2007/11/30 09:00:42.362417, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2007/11/30 09:00:42.362437, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000001 [2007/11/30 09:00:42.362455, 5, pid=5654] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/11/30 09:00:42.362472, 10, pid=5654] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2007/11/30 09:00:42.362490, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/11/30 09:00:42.362506, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/11/30 09:00:42.362523, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2007/11/30 09:00:42.362541, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2007/11/30 09:00:42.362570, 5, pid=5654] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2007/11/30 09:00:42.362593, 3, pid=5654] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2007/11/30 09:00:42.362611, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2007/11/30 09:00:42.362631, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/11/30 09:00:42.362650, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0000 max_tsize: 10b8 [2007/11/30 09:00:42.362667, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0002 max_rsize: 10b8 [2007/11/30 09:00:42.362684, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0004 assoc_gid: 00000000 [2007/11/30 09:00:42.362702, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0008 num_contexts: 01 [2007/11/30 09:00:42.362721, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000c context_id : 0000 [2007/11/30 09:00:42.362739, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 000e num_transfer_syntaxes: 01 [2007/11/30 09:00:42.362757, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2007/11/30 09:00:42.362776, 7, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2007/11/30 09:00:42.362794, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0010 data : 3919286a [2007/11/30 09:00:42.362812, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0014 data : b10c [2007/11/30 09:00:42.362829, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0016 data : 11d0 [2007/11/30 09:00:42.362847, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 0018 data : 9b a8 [2007/11/30 09:00:42.362869, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 001a data : 00 c0 4f d9 2e f5 [2007/11/30 09:00:42.362889, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0020 version: 00000000 [2007/11/30 09:00:42.362906, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2007/11/30 09:00:42.362924, 7, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2007/11/30 09:00:42.362942, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0024 data : 8a885d04 [2007/11/30 09:00:42.362959, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0028 data : 1ceb [2007/11/30 09:00:42.362977, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 002a data : 11c9 [2007/11/30 09:00:42.363009, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 002c data : 9f e8 [2007/11/30 09:00:42.363028, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 002e data : 08 00 2b 10 48 60 [2007/11/30 09:00:42.363047, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0034 version: 00000002 [2007/11/30 09:00:42.363066, 5, pid=5654] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2007/11/30 09:00:42.363087, 3, pid=5654] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\lsarpc [2007/11/30 09:00:42.363106, 10, pid=5654] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/11/30 09:00:42.363124, 10, pid=5654] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/11/30 09:00:42.363145, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2007/11/30 09:00:42.363163, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/11/30 09:00:42.363181, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0000 max_tsize: 10b8 [2007/11/30 09:00:42.363198, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0002 max_rsize: 10b8 [2007/11/30 09:00:42.363216, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0004 assoc_gid: 000053f0 [2007/11/30 09:00:42.363233, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2007/11/30 09:00:42.363250, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 len: 000c [2007/11/30 09:00:42.363270, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 000a str: \PIPE\lsass. [2007/11/30 09:00:42.363293, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2007/11/30 09:00:42.363311, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_results: 01 [2007/11/30 09:00:42.363329, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 001c result : 0000 [2007/11/30 09:00:42.363346, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 001e reason : 0000 [2007/11/30 09:00:42.363363, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2007/11/30 09:00:42.363380, 7, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/11/30 09:00:42.363398, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0020 data : 8a885d04 [2007/11/30 09:00:42.363415, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0024 data : 1ceb [2007/11/30 09:00:42.363433, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0026 data : 11c9 [2007/11/30 09:00:42.363450, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 0028 data : 9f e8 [2007/11/30 09:00:42.363468, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 002a data : 08 00 2b 10 48 60 [2007/11/30 09:00:42.363487, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0030 version: 00000002 [2007/11/30 09:00:42.363505, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/11/30 09:00:42.363522, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/11/30 09:00:42.363540, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/11/30 09:00:42.363557, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2007/11/30 09:00:42.363574, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/11/30 09:00:42.363591, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/11/30 09:00:42.363608, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/11/30 09:00:42.363625, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/11/30 09:00:42.363642, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/11/30 09:00:42.363673, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2007/11/30 09:00:42.363691, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2007/11/30 09:00:42.363709, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000001 [2007/11/30 09:00:42.363729, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2007/11/30 09:00:42.363748, 6, pid=5654] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 74fc name: lsarpc len: 4280 [2007/11/30 09:00:42.363766, 10, pid=5654] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2007/11/30 09:00:42.363788, 5, pid=5654] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] [2007/11/30 09:00:42.363807, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.363819, 5, pid=5654] lib/util.c:show_msg(516) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2007/11/30 09:00:42.363950, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2007/11/30 09:00:42.366051, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 108 [2007/11/30 09:00:42.366078, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x6c [2007/11/30 09:00:42.366098, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 6 of length 112 [2007/11/30 09:00:42.366116, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.366128, 5, pid=5654] lib/util.c:show_msg(516) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29948 (0x74FC) smb_bcc=41 [2007/11/30 09:00:42.366291, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ [020] 00 00 00 00 00 00 00 01 00 ........ . [2007/11/30 09:00:42.366342, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBtrans (pid 5654) conn 0x555555c1a220 [2007/11/30 09:00:42.366361, 4, pid=5654] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2007/11/30 09:00:42.366381, 3, pid=5654] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=26 params=0 setup=2 [2007/11/30 09:00:42.366406, 5, pid=5654] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/11/30 09:00:42.366424, 3, pid=5654] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/11/30 09:00:42.366441, 5, pid=5654] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/11/30 09:00:42.366458, 4, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=74fc [2007/11/30 09:00:42.366475, 5, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name lsarpc pnum=74fc (pipes_open=1) [2007/11/30 09:00:42.366508, 3, pid=5654] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 74fc) [2007/11/30 09:00:42.366527, 10, pid=5654] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555c1b910 max_trans_reply: 4280 [2007/11/30 09:00:42.366545, 6, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 74fc name: lsarpc open: Yes len: 26 [2007/11/30 09:00:42.366563, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 26 [2007/11/30 09:00:42.366581, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 [2007/11/30 09:00:42.366599, 10, pid=5654] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/11/30 09:00:42.366617, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/11/30 09:00:42.366634, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 10 [2007/11/30 09:00:42.366650, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 [2007/11/30 09:00:42.366668, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/11/30 09:00:42.366686, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/11/30 09:00:42.366703, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/11/30 09:00:42.366720, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/11/30 09:00:42.366738, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/11/30 09:00:42.366755, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/11/30 09:00:42.366771, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/11/30 09:00:42.366789, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/11/30 09:00:42.366805, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/11/30 09:00:42.366822, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 001a [2007/11/30 09:00:42.366839, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2007/11/30 09:00:42.366863, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000002 [2007/11/30 09:00:42.366881, 5, pid=5654] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/11/30 09:00:42.366897, 10, pid=5654] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/11/30 09:00:42.366915, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/11/30 09:00:42.366932, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 10 [2007/11/30 09:00:42.366948, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 [2007/11/30 09:00:42.366966, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/11/30 09:00:42.366983, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/11/30 09:00:42.367004, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0000 alloc_hint: 00000002 [2007/11/30 09:00:42.367022, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0004 context_id: 0000 [2007/11/30 09:00:42.367039, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0006 opnum : 0000 [2007/11/30 09:00:42.367058, 3, pid=5654] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 79 [2007/11/30 09:00:42.367096, 5, pid=5654] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/11/30 09:00:42.367117, 4, pid=5654] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: DS_GETPRIMDOMINFO [2007/11/30 09:00:42.367137, 6, pid=5654] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[1].fn == 0x555555686b00 [2007/11/30 09:00:42.367156, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 ds_io_q_getprimdominfo [2007/11/30 09:00:42.367174, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0000 level: 0001 [2007/11/30 09:00:42.367192, 10, pid=5654] rpc_server/srv_lsa_ds_nt.c:fill_dsrole_dominfo_basic(42) fill_dsrole_dominfo_basic: enter [2007/11/30 09:00:42.367222, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 ds_io_r_getprimdominfo [2007/11/30 09:00:42.367242, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr: 00000001 [2007/11/30 09:00:42.367259, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0004 level: 0001 [2007/11/30 09:00:42.367277, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0006 unknown0: 0000 [2007/11/30 09:00:42.367295, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 machine_role: 0005 [2007/11/30 09:00:42.367312, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c flags: 01000000 [2007/11/30 09:00:42.367332, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0010 netbios_ptr: 00000001 [2007/11/30 09:00:42.367350, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0014 dnsname_ptr: 00000000 [2007/11/30 09:00:42.367367, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0018 forestname_ptr: 00000000 [2007/11/30 09:00:42.367384, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_uuid domain_guid [2007/11/30 09:00:42.367402, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 001c data : 13f44d40 [2007/11/30 09:00:42.367420, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0020 data : 0c01 [2007/11/30 09:00:42.367437, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0022 data : 441a [2007/11/30 09:00:42.367455, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 0024 data : 97 4c [2007/11/30 09:00:42.367473, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 0026 data : 6b 77 1b 7a f3 3e [2007/11/30 09:00:42.367492, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 00002c smb_io_unistr2 netbios_domain [2007/11/30 09:00:42.367510, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 002c uni_max_len: 00000009 [2007/11/30 09:00:42.367528, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0030 offset : 00000000 [2007/11/30 09:00:42.367547, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0034 uni_str_len: 00000009 [2007/11/30 09:00:42.367566, 5, pid=5654] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0038 buffer : Z.A.R.T.S.O.F.T... [2007/11/30 09:00:42.367587, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 00004c smb_io_unistr2 - NULL dns_domain [2007/11/30 09:00:42.367605, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 00004c smb_io_unistr2 - NULL forest_domain [2007/11/30 09:00:42.367623, 5, pid=5654] rpc_parse/parse_prs.c:prs_ntstatus(769) 004c status: NT_STATUS_OK [2007/11/30 09:00:42.367645, 5, pid=5654] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2007/11/30 09:00:42.367663, 3, pid=5654] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 130 [2007/11/30 09:00:42.367681, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 10 [2007/11/30 09:00:42.367700, 6, pid=5654] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 74fc name: lsarpc len: 4280 [2007/11/30 09:00:42.367718, 10, pid=5654] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. [2007/11/30 09:00:42.367752, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/11/30 09:00:42.367771, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/11/30 09:00:42.367789, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/11/30 09:00:42.367806, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/11/30 09:00:42.367823, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/11/30 09:00:42.367840, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/11/30 09:00:42.367869, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/11/30 09:00:42.367887, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/11/30 09:00:42.367904, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/11/30 09:00:42.367922, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0068 [2007/11/30 09:00:42.367939, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2007/11/30 09:00:42.367956, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000002 [2007/11/30 09:00:42.367974, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/11/30 09:00:42.367991, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000050 [2007/11/30 09:00:42.368008, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2007/11/30 09:00:42.368025, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/11/30 09:00:42.368042, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/11/30 09:00:42.368061, 5, pid=5654] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..104] [2007/11/30 09:00:42.368079, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.368091, 5, pid=5654] lib/util.c:show_msg(516) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2007/11/30 09:00:42.368223, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 02 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .P...... ........ [020] 00 05 00 00 00 00 00 00 01 01 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 40 4D F4 13 01 0C 1A 44 97 4C 6B .....@M. ....D.Lk [040] 77 1B 7A F3 3E 09 00 00 00 00 00 00 00 09 00 00 w.z.>... ........ [050] 00 5A 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 .Z.A.R.T .S.O.F.T [060] 00 00 00 00 00 00 00 00 00 ........ . [2007/11/30 09:00:42.369706, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2007/11/30 09:00:42.369733, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x29 [2007/11/30 09:00:42.369752, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 7 of length 45 [2007/11/30 09:00:42.369769, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.369781, 5, pid=5654] lib/util.c:show_msg(516) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=8 smt_wct=3 smb_vwv[ 0]=29948 (0x74FC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2007/11/30 09:00:42.369876, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBclose (pid 5654) conn 0x555555c1a220 [2007/11/30 09:00:42.369895, 4, pid=5654] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2007/11/30 09:00:42.369933, 4, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=74fc [2007/11/30 09:00:42.369952, 5, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name lsarpc pnum=74fc (pipes_open=1) [2007/11/30 09:00:42.369971, 5, pid=5654] smbd/pipes.c:reply_pipe_close(297) reply_pipe_close: pnum:74fc [2007/11/30 09:00:42.369990, 10, pid=5654] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe lsarpc [2007/11/30 09:00:42.370012, 4, pid=5654] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name lsarpc pnum=74fc (pipes_open=0) [2007/11/30 09:00:42.370047, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.370060, 5, pid=5654] lib/util.c:show_msg(516) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=8 smt_wct=0 smb_bcc=0 [2007/11/30 09:00:42.370328, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 100 [2007/11/30 09:00:42.370353, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x64 [2007/11/30 09:00:42.370372, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 8 of length 104 [2007/11/30 09:00:42.370388, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.370400, 5, pid=5654] lib/util.c:show_msg(516) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=9 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2007/11/30 09:00:42.370604, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2007/11/30 09:00:42.370641, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBntcreateX (pid 5654) conn 0x555555c1a220 [2007/11/30 09:00:42.370660, 4, pid=5654] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2007/11/30 09:00:42.370678, 10, pid=5654] smbd/nttrans.c:reply_ntcreate_and_X(515) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 [2007/11/30 09:00:42.370701, 4, pid=5654] smbd/nttrans.c:nt_open_pipe(328) nt_open_pipe: Opening pipe \lsarpc. [2007/11/30 09:00:42.370720, 3, pid=5654] smbd/nttrans.c:nt_open_pipe(349) nt_open_pipe: Known pipe lsarpc opening. [2007/11/30 09:00:42.370738, 4, pid=5654] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) Open pipe requested lsarpc (pipes_open=0) [2007/11/30 09:00:42.370756, 4, pid=5654] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) Create pipe requested lsarpc [2007/11/30 09:00:42.370779, 10, pid=5654] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2007/11/30 09:00:42.370798, 10, pid=5654] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2007/11/30 09:00:42.370818, 4, pid=5654] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(366) Created internal pipe lsarpc (pipes_open=0) [2007/11/30 09:00:42.370837, 4, pid=5654] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) Opened pipe lsarpc with handle 74fd (pipes_open=1) [2007/11/30 09:00:42.370873, 5, pid=5654] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) open pipes: name lsarpc pnum=74fd [2007/11/30 09:00:42.370905, 5, pid=5654] smbd/nttrans.c:do_ntcreate_pipe_open(427) do_ntcreate_pipe_open: open pipe = \lsarpc [2007/11/30 09:00:42.370924, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.370936, 5, pid=5654] lib/util.c:show_msg(516) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=9 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=64768 (0xFD00) smb_vwv[ 3]= 372 (0x174) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2007/11/30 09:00:42.372593, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 154 [2007/11/30 09:00:42.372619, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x9a [2007/11/30 09:00:42.372638, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 9 of length 158 [2007/11/30 09:00:42.372655, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.372667, 5, pid=5654] lib/util.c:show_msg(516) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29949 (0x74FD) smb_bcc=87 [2007/11/30 09:00:42.372830, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2007/11/30 09:00:42.372926, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBtrans (pid 5654) conn 0x555555c1a220 [2007/11/30 09:00:42.372945, 4, pid=5654] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2007/11/30 09:00:42.372965, 3, pid=5654] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=72 params=0 setup=2 [2007/11/30 09:00:42.372991, 5, pid=5654] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/11/30 09:00:42.373008, 3, pid=5654] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/11/30 09:00:42.373026, 5, pid=5654] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/11/30 09:00:42.373043, 4, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=74fd [2007/11/30 09:00:42.373060, 5, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name lsarpc pnum=74fd (pipes_open=1) [2007/11/30 09:00:42.373078, 3, pid=5654] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 74fd) [2007/11/30 09:00:42.373113, 10, pid=5654] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555c1b910 max_trans_reply: 4280 [2007/11/30 09:00:42.373133, 6, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 74fd name: lsarpc open: Yes len: 72 [2007/11/30 09:00:42.373151, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 72 [2007/11/30 09:00:42.373169, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2007/11/30 09:00:42.373187, 10, pid=5654] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/11/30 09:00:42.373205, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/11/30 09:00:42.373222, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/11/30 09:00:42.373239, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2007/11/30 09:00:42.373257, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/11/30 09:00:42.373275, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/11/30 09:00:42.373293, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/11/30 09:00:42.373311, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0b [2007/11/30 09:00:42.373328, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/11/30 09:00:42.373346, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/11/30 09:00:42.373363, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/11/30 09:00:42.373381, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/11/30 09:00:42.373398, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/11/30 09:00:42.373416, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0048 [2007/11/30 09:00:42.373433, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2007/11/30 09:00:42.373451, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000003 [2007/11/30 09:00:42.373469, 5, pid=5654] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/11/30 09:00:42.373486, 10, pid=5654] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 11, flags = 3 [2007/11/30 09:00:42.373503, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/11/30 09:00:42.373520, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 56 [2007/11/30 09:00:42.373536, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2007/11/30 09:00:42.373554, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 11 [2007/11/30 09:00:42.373575, 5, pid=5654] rpc_server/srv_pipe.c:api_pipe_bind_req(1523) api_pipe_bind_req: decode request. 1523 [2007/11/30 09:00:42.373594, 3, pid=5654] rpc_server/srv_pipe.c:api_pipe_bind_req(1534) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass [2007/11/30 09:00:42.373612, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_rb [2007/11/30 09:00:42.373630, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/11/30 09:00:42.373647, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0000 max_tsize: 10b8 [2007/11/30 09:00:42.373665, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0002 max_rsize: 10b8 [2007/11/30 09:00:42.373682, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0004 assoc_gid: 00000000 [2007/11/30 09:00:42.373715, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0008 num_contexts: 01 [2007/11/30 09:00:42.373734, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000c context_id : 0000 [2007/11/30 09:00:42.373752, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 000e num_transfer_syntaxes: 01 [2007/11/30 09:00:42.373769, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 00000f smb_io_rpc_iface [2007/11/30 09:00:42.373787, 7, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_uuid uuid [2007/11/30 09:00:42.373805, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0010 data : 12345778 [2007/11/30 09:00:42.373823, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0014 data : 1234 [2007/11/30 09:00:42.373841, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0016 data : abcd [2007/11/30 09:00:42.373862, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 0018 data : ef 00 [2007/11/30 09:00:42.373881, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 001a data : 01 23 45 67 89 ab [2007/11/30 09:00:42.373901, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0020 version: 00000000 [2007/11/30 09:00:42.373919, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_rpc_iface [2007/11/30 09:00:42.373937, 7, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_uuid uuid [2007/11/30 09:00:42.373954, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0024 data : 8a885d04 [2007/11/30 09:00:42.373972, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0028 data : 1ceb [2007/11/30 09:00:42.373989, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 002a data : 11c9 [2007/11/30 09:00:42.374006, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 002c data : 9f e8 [2007/11/30 09:00:42.374024, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 002e data : 08 00 2b 10 48 60 [2007/11/30 09:00:42.374044, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0034 version: 00000002 [2007/11/30 09:00:42.374062, 5, pid=5654] rpc_server/srv_pipe.c:api_pipe_bind_req(1576) api_pipe_bind_req: make response. 1576 [2007/11/30 09:00:42.374080, 3, pid=5654] rpc_server/srv_pipe.c:check_bind_req(985) check_bind_req for \PIPE\lsarpc [2007/11/30 09:00:42.374099, 10, pid=5654] rpc_server/srv_pipe.c:check_bind_req(990) checking \PIPE\lsarpc [2007/11/30 09:00:42.374118, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_ba [2007/11/30 09:00:42.374136, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_bba [2007/11/30 09:00:42.374154, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0000 max_tsize: 10b8 [2007/11/30 09:00:42.374171, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0002 max_rsize: 10b8 [2007/11/30 09:00:42.374189, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0004 assoc_gid: 000053f0 [2007/11/30 09:00:42.374206, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000008 smb_io_rpc_addr_str [2007/11/30 09:00:42.374224, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 len: 000c [2007/11/30 09:00:42.374241, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 000a str: \PIPE\lsass. [2007/11/30 09:00:42.374262, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000016 smb_io_rpc_results [2007/11/30 09:00:42.374279, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0018 num_results: 01 [2007/11/30 09:00:42.374297, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 001c result : 0000 [2007/11/30 09:00:42.374315, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 001e reason : 0000 [2007/11/30 09:00:42.374332, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_rpc_iface [2007/11/30 09:00:42.374349, 7, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_uuid uuid [2007/11/30 09:00:42.374382, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0020 data : 8a885d04 [2007/11/30 09:00:42.374400, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0024 data : 1ceb [2007/11/30 09:00:42.374418, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0026 data : 11c9 [2007/11/30 09:00:42.374435, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 0028 data : 9f e8 [2007/11/30 09:00:42.374453, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 002a data : 08 00 2b 10 48 60 [2007/11/30 09:00:42.374473, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0030 version: 00000002 [2007/11/30 09:00:42.374491, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/11/30 09:00:42.374509, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/11/30 09:00:42.374526, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/11/30 09:00:42.374543, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 0c [2007/11/30 09:00:42.374560, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/11/30 09:00:42.374578, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/11/30 09:00:42.374595, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/11/30 09:00:42.374612, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/11/30 09:00:42.374629, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/11/30 09:00:42.374647, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2007/11/30 09:00:42.374664, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2007/11/30 09:00:42.374681, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000003 [2007/11/30 09:00:42.374700, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 56 [2007/11/30 09:00:42.374718, 6, pid=5654] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 74fd name: lsarpc len: 4280 [2007/11/30 09:00:42.374736, 10, pid=5654] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2007/11/30 09:00:42.374755, 5, pid=5654] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] [2007/11/30 09:00:42.374773, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.374785, 5, pid=5654] lib/util.c:show_msg(516) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2007/11/30 09:00:42.374916, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2007/11/30 09:00:42.377454, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 174 [2007/11/30 09:00:42.377481, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0xae [2007/11/30 09:00:42.377501, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 10 of length 178 [2007/11/30 09:00:42.377518, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.377529, 5, pid=5654] lib/util.c:show_msg(516) size=174 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 92 (0x5C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29949 (0x74FD) smb_bcc=107 [2007/11/30 09:00:42.377706, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 5C 00 00 00 04 00 00 00 44 .......\ .......D [020] 00 00 00 00 00 2C 00 01 00 00 00 08 00 00 00 00 .....,.. ........ [030] 00 00 00 08 00 00 00 5C 00 5C 00 47 00 4F 00 44 .......\ .\.G.O.D [040] 00 41 00 49 00 00 00 18 00 00 00 00 00 00 00 00 .A.I.... ........ [050] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 0C ........ ........ [060] 00 00 00 02 00 01 00 00 00 00 02 ........ ... [2007/11/30 09:00:42.377810, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBtrans (pid 5654) conn 0x555555c1a220 [2007/11/30 09:00:42.377830, 4, pid=5654] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2007/11/30 09:00:42.377854, 3, pid=5654] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=92 params=0 setup=2 [2007/11/30 09:00:42.377880, 5, pid=5654] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/11/30 09:00:42.377898, 3, pid=5654] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/11/30 09:00:42.377916, 5, pid=5654] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/11/30 09:00:42.377932, 4, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=74fd [2007/11/30 09:00:42.377949, 5, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name lsarpc pnum=74fd (pipes_open=1) [2007/11/30 09:00:42.377967, 3, pid=5654] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 74fd) [2007/11/30 09:00:42.377985, 10, pid=5654] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555c1b910 max_trans_reply: 4280 [2007/11/30 09:00:42.378002, 6, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 74fd name: lsarpc open: Yes len: 92 [2007/11/30 09:00:42.378022, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 92 [2007/11/30 09:00:42.378039, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 92 [2007/11/30 09:00:42.378057, 10, pid=5654] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 92, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/11/30 09:00:42.378075, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/11/30 09:00:42.378092, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 76 [2007/11/30 09:00:42.378111, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 76 [2007/11/30 09:00:42.378129, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/11/30 09:00:42.378147, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/11/30 09:00:42.378165, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/11/30 09:00:42.378183, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/11/30 09:00:42.378200, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/11/30 09:00:42.378218, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/11/30 09:00:42.378235, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/11/30 09:00:42.378267, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/11/30 09:00:42.378285, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/11/30 09:00:42.378303, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 005c [2007/11/30 09:00:42.378320, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2007/11/30 09:00:42.378337, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000004 [2007/11/30 09:00:42.378355, 5, pid=5654] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/11/30 09:00:42.378372, 10, pid=5654] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/11/30 09:00:42.378390, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/11/30 09:00:42.378407, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 76 [2007/11/30 09:00:42.378424, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 76, incoming data = 76 [2007/11/30 09:00:42.378442, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/11/30 09:00:42.378460, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/11/30 09:00:42.378478, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0000 alloc_hint: 00000044 [2007/11/30 09:00:42.378495, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0004 context_id: 0000 [2007/11/30 09:00:42.378512, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0006 opnum : 002c [2007/11/30 09:00:42.378530, 3, pid=5654] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 79 [2007/11/30 09:00:42.378552, 5, pid=5654] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/11/30 09:00:42.378570, 4, pid=5654] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2007/11/30 09:00:42.378592, 6, pid=5654] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[0].fn == 0x555555678440 [2007/11/30 09:00:42.378612, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol2 [2007/11/30 09:00:42.378632, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr : 00000001 [2007/11/30 09:00:42.378650, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_unistr2 [2007/11/30 09:00:42.378667, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0004 uni_max_len: 00000008 [2007/11/30 09:00:42.378685, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0008 offset : 00000000 [2007/11/30 09:00:42.378702, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c uni_str_len: 00000008 [2007/11/30 09:00:42.378720, 5, pid=5654] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0010 buffer : \.\.G.O.D.A.I... [2007/11/30 09:00:42.378742, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000020 lsa_io_obj_attr [2007/11/30 09:00:42.378759, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0020 len : 00000018 [2007/11/30 09:00:42.378777, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0024 ptr_root_dir: 00000000 [2007/11/30 09:00:42.378795, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0028 ptr_obj_name: 00000000 [2007/11/30 09:00:42.378812, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 002c attributes : 00000000 [2007/11/30 09:00:42.378829, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0030 ptr_sec_desc: 00000000 [2007/11/30 09:00:42.378846, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0034 ptr_sec_qos : 00000001 [2007/11/30 09:00:42.378882, 7, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000038 lsa_io_obj_qos sec_qos [2007/11/30 09:00:42.378901, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0038 len : 0000000c [2007/11/30 09:00:42.378919, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 003c sec_imp_level : 0002 [2007/11/30 09:00:42.378936, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 003e sec_ctxt_mode : 01 [2007/11/30 09:00:42.378954, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 003f effective_only: 00 [2007/11/30 09:00:42.378971, 3, pid=5654] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2007/11/30 09:00:42.378989, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0040 des_access: 02000000 [2007/11/30 09:00:42.379013, 10, pid=5654] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-5-21-2274471336-3138038065-606154707-2040. [2007/11/30 09:00:42.379038, 3, pid=5654] lib/util_seaccess.c:se_access_check(250) [2007/11/30 09:00:42.379051, 3, pid=5654] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-2040 se_access_check: also S-1-5-21-2274471336-3138038065-606154707-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1515 [2007/11/30 09:00:42.379109, 4, pid=5654] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 4F 47 EA 8A ........ ....OG.. [010] 16 16 00 00 .... [2007/11/30 09:00:42.379149, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol2 [2007/11/30 09:00:42.379168, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/11/30 09:00:42.379186, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2007/11/30 09:00:42.379203, 7, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/11/30 09:00:42.379221, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 00000001 [2007/11/30 09:00:42.379239, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 0000 [2007/11/30 09:00:42.379256, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 0000 [2007/11/30 09:00:42.379274, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 4f 47 [2007/11/30 09:00:42.379293, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : ea 8a 16 16 00 00 [2007/11/30 09:00:42.379312, 5, pid=5654] rpc_parse/parse_prs.c:prs_ntstatus(769) 0014 status: NT_STATUS_OK [2007/11/30 09:00:42.379331, 5, pid=5654] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2007/11/30 09:00:42.379349, 3, pid=5654] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 852 [2007/11/30 09:00:42.379368, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 76 [2007/11/30 09:00:42.379386, 6, pid=5654] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 74fd name: lsarpc len: 4280 [2007/11/30 09:00:42.379404, 10, pid=5654] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/11/30 09:00:42.379424, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/11/30 09:00:42.379442, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/11/30 09:00:42.379459, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/11/30 09:00:42.379477, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/11/30 09:00:42.379494, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/11/30 09:00:42.379525, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/11/30 09:00:42.379543, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/11/30 09:00:42.379561, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/11/30 09:00:42.379578, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/11/30 09:00:42.379595, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0030 [2007/11/30 09:00:42.379612, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2007/11/30 09:00:42.379629, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000004 [2007/11/30 09:00:42.379646, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/11/30 09:00:42.379664, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000018 [2007/11/30 09:00:42.379681, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2007/11/30 09:00:42.379698, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/11/30 09:00:42.379715, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/11/30 09:00:42.379733, 5, pid=5654] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/11/30 09:00:42.379752, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.379764, 5, pid=5654] lib/util.c:show_msg(516) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/11/30 09:00:42.379897, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 4F 47 EA 8A 16 16 00 00 00 00 00 .....OG. ........ [030] 00 . [2007/11/30 09:00:42.381774, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2007/11/30 09:00:42.381801, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x80 [2007/11/30 09:00:42.381820, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 11 of length 132 [2007/11/30 09:00:42.381837, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.381854, 5, pid=5654] lib/util.c:show_msg(516) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29949 (0x74FD) smb_bcc=61 [2007/11/30 09:00:42.382015, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ [020] 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 4F 47 EA 8A 16 16 00 00 0C 00 ...OG... ..... [2007/11/30 09:00:42.382081, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBtrans (pid 5654) conn 0x555555c1a220 [2007/11/30 09:00:42.382102, 4, pid=5654] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2007/11/30 09:00:42.382137, 3, pid=5654] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=46 params=0 setup=2 [2007/11/30 09:00:42.382163, 5, pid=5654] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/11/30 09:00:42.382181, 3, pid=5654] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/11/30 09:00:42.382199, 5, pid=5654] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/11/30 09:00:42.382216, 4, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=74fd [2007/11/30 09:00:42.382233, 5, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name lsarpc pnum=74fd (pipes_open=1) [2007/11/30 09:00:42.382250, 3, pid=5654] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 74fd) [2007/11/30 09:00:42.382268, 10, pid=5654] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555c1b910 max_trans_reply: 4280 [2007/11/30 09:00:42.382286, 6, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 74fd name: lsarpc open: Yes len: 46 [2007/11/30 09:00:42.382304, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 46 [2007/11/30 09:00:42.382321, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2007/11/30 09:00:42.382339, 10, pid=5654] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/11/30 09:00:42.382358, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/11/30 09:00:42.382374, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2007/11/30 09:00:42.382391, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2007/11/30 09:00:42.382409, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/11/30 09:00:42.382427, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/11/30 09:00:42.382445, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/11/30 09:00:42.382463, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/11/30 09:00:42.382480, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/11/30 09:00:42.382498, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/11/30 09:00:42.382515, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/11/30 09:00:42.382532, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/11/30 09:00:42.382549, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/11/30 09:00:42.382567, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 002e [2007/11/30 09:00:42.382584, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2007/11/30 09:00:42.382601, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000005 [2007/11/30 09:00:42.382619, 5, pid=5654] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/11/30 09:00:42.382636, 10, pid=5654] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/11/30 09:00:42.382654, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/11/30 09:00:42.382671, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2007/11/30 09:00:42.382688, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2007/11/30 09:00:42.382706, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/11/30 09:00:42.382738, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/11/30 09:00:42.382757, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0000 alloc_hint: 00000016 [2007/11/30 09:00:42.382776, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0004 context_id: 0000 [2007/11/30 09:00:42.382794, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0006 opnum : 002e [2007/11/30 09:00:42.382812, 3, pid=5654] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/11/30 09:00:42.382833, 5, pid=5654] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/11/30 09:00:42.382854, 4, pid=5654] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x2e - unknown [2007/11/30 09:00:42.382874, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/11/30 09:00:42.382892, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/11/30 09:00:42.382910, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/11/30 09:00:42.382927, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 03 [2007/11/30 09:00:42.382944, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 23 [2007/11/30 09:00:42.382961, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/11/30 09:00:42.382978, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/11/30 09:00:42.382996, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/11/30 09:00:42.383013, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/11/30 09:00:42.383030, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0020 [2007/11/30 09:00:42.383048, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2007/11/30 09:00:42.383065, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000005 [2007/11/30 09:00:42.383082, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/11/30 09:00:42.383102, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000000 [2007/11/30 09:00:42.383120, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2007/11/30 09:00:42.383138, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/11/30 09:00:42.383155, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/11/30 09:00:42.383173, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000018 smb_io_rpc_hdr_fault fault [2007/11/30 09:00:42.383194, 5, pid=5654] rpc_parse/parse_prs.c:prs_dcerpc_status(799) 0018 status : DCERPC_FAULT_OP_RNG_ERROR [2007/11/30 09:00:42.383213, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 001c reserved: 00000000 [2007/11/30 09:00:42.383231, 3, pid=5654] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/11/30 09:00:42.383249, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 30 [2007/11/30 09:00:42.383267, 6, pid=5654] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 74fd name: lsarpc len: 4280 [2007/11/30 09:00:42.383285, 10, pid=5654] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1054) read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2007/11/30 09:00:42.383304, 5, pid=5654] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] [2007/11/30 09:00:42.383323, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.383335, 5, pid=5654] lib/util.c:show_msg(516) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2007/11/30 09:00:42.383481, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2007/11/30 09:00:42.385322, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 150 [2007/11/30 09:00:42.385349, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x96 [2007/11/30 09:00:42.385368, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 12 of length 154 [2007/11/30 09:00:42.385385, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.385396, 5, pid=5654] lib/util.c:show_msg(516) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29949 (0x74FD) smb_bcc=83 [2007/11/30 09:00:42.385556, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 06 00 00 00 2C .......D ......., [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... [2007/11/30 09:00:42.385644, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBtrans (pid 5654) conn 0x555555c1a220 [2007/11/30 09:00:42.385663, 4, pid=5654] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2007/11/30 09:00:42.385683, 3, pid=5654] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=68 params=0 setup=2 [2007/11/30 09:00:42.385708, 5, pid=5654] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/11/30 09:00:42.385725, 3, pid=5654] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/11/30 09:00:42.385743, 5, pid=5654] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/11/30 09:00:42.385759, 4, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=74fd [2007/11/30 09:00:42.385777, 5, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name lsarpc pnum=74fd (pipes_open=1) [2007/11/30 09:00:42.385794, 3, pid=5654] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 74fd) [2007/11/30 09:00:42.385812, 10, pid=5654] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555c1b910 max_trans_reply: 4280 [2007/11/30 09:00:42.385830, 6, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 74fd name: lsarpc open: Yes len: 68 [2007/11/30 09:00:42.385848, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 68 [2007/11/30 09:00:42.385870, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 [2007/11/30 09:00:42.385888, 10, pid=5654] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/11/30 09:00:42.385906, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/11/30 09:00:42.385922, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 52 [2007/11/30 09:00:42.385954, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 [2007/11/30 09:00:42.385972, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/11/30 09:00:42.385990, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/11/30 09:00:42.386008, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/11/30 09:00:42.386025, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/11/30 09:00:42.386042, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/11/30 09:00:42.386059, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/11/30 09:00:42.386076, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/11/30 09:00:42.386093, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/11/30 09:00:42.386113, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/11/30 09:00:42.386130, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0044 [2007/11/30 09:00:42.386147, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2007/11/30 09:00:42.386164, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000006 [2007/11/30 09:00:42.386182, 5, pid=5654] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/11/30 09:00:42.386199, 10, pid=5654] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/11/30 09:00:42.386216, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/11/30 09:00:42.386233, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 52 [2007/11/30 09:00:42.386250, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 52, incoming data = 52 [2007/11/30 09:00:42.386268, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/11/30 09:00:42.386286, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/11/30 09:00:42.386303, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0000 alloc_hint: 0000002c [2007/11/30 09:00:42.386321, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0004 context_id: 0000 [2007/11/30 09:00:42.386338, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0006 opnum : 0006 [2007/11/30 09:00:42.386357, 3, pid=5654] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/11/30 09:00:42.386378, 5, pid=5654] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/11/30 09:00:42.386395, 4, pid=5654] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2007/11/30 09:00:42.386415, 6, pid=5654] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[1].fn == 0x5555556785e0 [2007/11/30 09:00:42.386432, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_open_pol [2007/11/30 09:00:42.386449, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0000 ptr : 00000001 [2007/11/30 09:00:42.386467, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0004 system_name: 005c [2007/11/30 09:00:42.386485, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_obj_attr [2007/11/30 09:00:42.386502, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0008 len : 00000018 [2007/11/30 09:00:42.386520, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c ptr_root_dir: 00000000 [2007/11/30 09:00:42.386537, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0010 ptr_obj_name: 00000000 [2007/11/30 09:00:42.386570, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0014 attributes : 00000000 [2007/11/30 09:00:42.386589, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0018 ptr_sec_desc: 00000000 [2007/11/30 09:00:42.386607, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 001c ptr_sec_qos : 00000001 [2007/11/30 09:00:42.386624, 7, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000020 lsa_io_obj_qos sec_qos [2007/11/30 09:00:42.386642, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0020 len : 0000000c [2007/11/30 09:00:42.386660, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0024 sec_imp_level : 0002 [2007/11/30 09:00:42.386677, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0026 sec_ctxt_mode : 01 [2007/11/30 09:00:42.386695, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0027 effective_only: 00 [2007/11/30 09:00:42.386712, 3, pid=5654] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2007/11/30 09:00:42.386729, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0028 des_access: 02000000 [2007/11/30 09:00:42.386750, 10, pid=5654] lib/util_seaccess.c:se_access_check(233) se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-5-21-2274471336-3138038065-606154707-2040. [2007/11/30 09:00:42.386774, 3, pid=5654] lib/util_seaccess.c:se_access_check(250) [2007/11/30 09:00:42.386787, 3, pid=5654] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-2274471336-3138038065-606154707-2040 se_access_check: also S-1-5-21-2274471336-3138038065-606154707-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-1515 [2007/11/30 09:00:42.386842, 4, pid=5654] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 4F 47 EA 8A ........ ....OG.. [010] 16 16 00 00 .... [2007/11/30 09:00:42.386882, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_open_pol [2007/11/30 09:00:42.386901, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/11/30 09:00:42.386919, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2007/11/30 09:00:42.386936, 7, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/11/30 09:00:42.386954, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 00000002 [2007/11/30 09:00:42.386971, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 0000 [2007/11/30 09:00:42.386989, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 0000 [2007/11/30 09:00:42.387006, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 4f 47 [2007/11/30 09:00:42.387024, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : ea 8a 16 16 00 00 [2007/11/30 09:00:42.387044, 5, pid=5654] rpc_parse/parse_prs.c:prs_ntstatus(769) 0014 status: NT_STATUS_OK [2007/11/30 09:00:42.387063, 5, pid=5654] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2007/11/30 09:00:42.387080, 3, pid=5654] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 836 [2007/11/30 09:00:42.387101, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 52 [2007/11/30 09:00:42.387120, 6, pid=5654] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 74fd name: lsarpc len: 4280 [2007/11/30 09:00:42.387138, 10, pid=5654] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2007/11/30 09:00:42.387157, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/11/30 09:00:42.387190, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/11/30 09:00:42.387209, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/11/30 09:00:42.387227, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/11/30 09:00:42.387244, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/11/30 09:00:42.387261, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/11/30 09:00:42.387278, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/11/30 09:00:42.387295, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/11/30 09:00:42.387311, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/11/30 09:00:42.387328, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0030 [2007/11/30 09:00:42.387346, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2007/11/30 09:00:42.387363, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000006 [2007/11/30 09:00:42.387380, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/11/30 09:00:42.387397, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000018 [2007/11/30 09:00:42.387416, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2007/11/30 09:00:42.387433, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/11/30 09:00:42.387450, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/11/30 09:00:42.387467, 5, pid=5654] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] [2007/11/30 09:00:42.387486, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.387497, 5, pid=5654] lib/util.c:show_msg(516) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2007/11/30 09:00:42.387625, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 4F 47 EA 8A 16 16 00 00 00 00 00 .....OG. ........ [030] 00 . [2007/11/30 09:00:42.389520, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 128 [2007/11/30 09:00:42.389547, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x80 [2007/11/30 09:00:42.389566, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 13 of length 132 [2007/11/30 09:00:42.389584, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.389596, 5, pid=5654] lib/util.c:show_msg(516) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29949 (0x74FD) smb_bcc=61 [2007/11/30 09:00:42.389755, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 07 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ [030] 00 00 00 4F 47 EA 8A 16 16 00 00 05 00 ...OG... ..... [2007/11/30 09:00:42.389840, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBtrans (pid 5654) conn 0x555555c1a220 [2007/11/30 09:00:42.389866, 4, pid=5654] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2007/11/30 09:00:42.389887, 3, pid=5654] smbd/ipc.c:handle_trans(373) trans <\PIPE\> data=46 params=0 setup=2 [2007/11/30 09:00:42.389912, 5, pid=5654] smbd/ipc.c:handle_trans(404) calling named_pipe [2007/11/30 09:00:42.389930, 3, pid=5654] smbd/ipc.c:named_pipe(340) named pipe command on <> name [2007/11/30 09:00:42.389948, 5, pid=5654] smbd/ipc.c:api_fd_reply(265) api_fd_reply [2007/11/30 09:00:42.389965, 4, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=74fd [2007/11/30 09:00:42.389983, 5, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name lsarpc pnum=74fd (pipes_open=1) [2007/11/30 09:00:42.390001, 3, pid=5654] smbd/ipc.c:api_fd_reply(300) Got API command 0x26 on pipe "lsarpc" (pnum 74fd) [2007/11/30 09:00:42.390019, 10, pid=5654] smbd/ipc.c:api_fd_reply(305) api_fd_reply: p:0x555555c1b910 max_trans_reply: 4280 [2007/11/30 09:00:42.390037, 6, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_pipe(937) write_to_pipe: 74fd name: lsarpc open: Yes len: 46 [2007/11/30 09:00:42.390055, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 46 [2007/11/30 09:00:42.390072, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2007/11/30 09:00:42.390090, 10, pid=5654] rpc_server/srv_pipe_hnd.c:fill_rpc_header(395) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2007/11/30 09:00:42.390109, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 16 [2007/11/30 09:00:42.390126, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2007/11/30 09:00:42.390142, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2007/11/30 09:00:42.390160, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr [2007/11/30 09:00:42.390178, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/11/30 09:00:42.390196, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/11/30 09:00:42.390214, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 00 [2007/11/30 09:00:42.390231, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/11/30 09:00:42.390248, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/11/30 09:00:42.390265, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/11/30 09:00:42.390282, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/11/30 09:00:42.390299, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/11/30 09:00:42.390316, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 002e [2007/11/30 09:00:42.390334, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2007/11/30 09:00:42.390351, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000007 [2007/11/30 09:00:42.390368, 5, pid=5654] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(482) unmarshall_rpc_header: using little-endian RPC [2007/11/30 09:00:42.390385, 10, pid=5654] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(511) unmarshall_rpc_header: type = 0, flags = 3 [2007/11/30 09:00:42.390403, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 0 [2007/11/30 09:00:42.390434, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(959) write_to_pipe: data_left = 30 [2007/11/30 09:00:42.390453, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_incoming_data(852) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2007/11/30 09:00:42.390472, 10, pid=5654] rpc_server/srv_pipe_hnd.c:process_complete_pdu(719) process_complete_pdu: processing packet type 0 [2007/11/30 09:00:42.390490, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr_req req [2007/11/30 09:00:42.390508, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0000 alloc_hint: 00000016 [2007/11/30 09:00:42.390526, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0004 context_id: 0000 [2007/11/30 09:00:42.390543, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0006 opnum : 0007 [2007/11/30 09:00:42.390562, 3, pid=5654] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 0 [2007/11/30 09:00:42.390584, 5, pid=5654] rpc_server/srv_pipe.c:api_pipe_request(2223) Requested \PIPE\lsarpc [2007/11/30 09:00:42.390602, 4, pid=5654] rpc_server/srv_pipe.c:api_rpcTNP(2258) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2007/11/30 09:00:42.390621, 6, pid=5654] rpc_server/srv_pipe.c:api_rpcTNP(2284) api_rpc_cmds[2].fn == 0x555555678860 [2007/11/30 09:00:42.390639, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_query [2007/11/30 09:00:42.390657, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/11/30 09:00:42.390690, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0000 handle_type: 00000000 [2007/11/30 09:00:42.390709, 7, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000004 smb_io_uuid uuid [2007/11/30 09:00:42.390727, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0004 data : 00000002 [2007/11/30 09:00:42.390745, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 data : 0000 [2007/11/30 09:00:42.390763, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a data : 0000 [2007/11/30 09:00:42.390780, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 000c data : 4f 47 [2007/11/30 09:00:42.390799, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8s(857) 000e data : ea 8a 16 16 00 00 [2007/11/30 09:00:42.390819, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0014 info_class: 0005 [2007/11/30 09:00:42.390839, 4, pid=5654] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 4F 47 EA 8A ........ ....OG.. [010] 16 16 00 00 .... [2007/11/30 09:00:42.390885, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_query [2007/11/30 09:00:42.390904, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0000 dom_ptr: 22000000 [2007/11/30 09:00:42.390922, 6, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_query_info_ctr [2007/11/30 09:00:42.390940, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0004 info_class: 0005 [2007/11/30 09:00:42.390958, 7, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000008 lsa_io_dom_query_3 [2007/11/30 09:00:42.390977, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 uni_dom_max_len: 0010 [2007/11/30 09:00:42.390995, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a uni_dom_str_len: 0012 [2007/11/30 09:00:42.391013, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c buffer_dom_name: 00000001 [2007/11/30 09:00:42.391031, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0010 buffer_dom_sid : 00000001 [2007/11/30 09:00:42.391050, 8, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unistr2 unistr2 [2007/11/30 09:00:42.391068, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0014 uni_max_len: 00000009 [2007/11/30 09:00:42.391100, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0018 offset : 00000000 [2007/11/30 09:00:42.391120, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 001c uni_str_len: 00000008 [2007/11/30 09:00:42.391138, 5, pid=5654] rpc_parse/parse_prs.c:dbg_rw_punival(942) 0020 buffer : Z.A.R.T.S.O.F.T. [2007/11/30 09:00:42.391160, 8, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000030 smb_io_dom_sid2 [2007/11/30 09:00:42.391178, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0030 num_auths: 00000004 [2007/11/30 09:00:42.391196, 9, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000034 smb_io_dom_sid sid [2007/11/30 09:00:42.391214, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0034 sid_rev_num: 01 [2007/11/30 09:00:42.391233, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0035 num_auths : 04 [2007/11/30 09:00:42.391251, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0036 id_auth[0] : 00 [2007/11/30 09:00:42.391269, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0037 id_auth[1] : 00 [2007/11/30 09:00:42.391287, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0038 id_auth[2] : 00 [2007/11/30 09:00:42.391305, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0039 id_auth[3] : 00 [2007/11/30 09:00:42.391323, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 003a id_auth[4] : 00 [2007/11/30 09:00:42.391341, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 003b id_auth[5] : 05 [2007/11/30 09:00:42.391359, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32s(997) 003c sub_auths : 00000015 8791ada8 bb0aa931 24212fd3 [2007/11/30 09:00:42.391380, 5, pid=5654] rpc_parse/parse_prs.c:prs_ntstatus(769) 004c status: NT_STATUS_OK [2007/11/30 09:00:42.391400, 5, pid=5654] rpc_server/srv_pipe.c:api_rpcTNP(2305) api_rpcTNP: called lsarpc successfully [2007/11/30 09:00:42.391418, 3, pid=5654] rpc_server/srv_pipe_hnd.c:free_pipe_context(529) free_pipe_context: destroying talloc pool of size 18 [2007/11/30 09:00:42.391436, 10, pid=5654] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(963) write_to_pipe: data_used = 30 [2007/11/30 09:00:42.391454, 6, pid=5654] rpc_server/srv_pipe_hnd.c:read_from_pipe(995) read_from_pipe: 74fd name: lsarpc len: 4280 [2007/11/30 09:00:42.391472, 10, pid=5654] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1068) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. [2007/11/30 09:00:42.391492, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/11/30 09:00:42.391511, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0000 major : 05 [2007/11/30 09:00:42.391528, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0001 minor : 00 [2007/11/30 09:00:42.391546, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0002 pkt_type : 02 [2007/11/30 09:00:42.391563, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0003 flags : 03 [2007/11/30 09:00:42.391580, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0004 pack_type0: 10 [2007/11/30 09:00:42.391597, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0005 pack_type1: 00 [2007/11/30 09:00:42.391614, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0006 pack_type2: 00 [2007/11/30 09:00:42.391631, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0007 pack_type3: 00 [2007/11/30 09:00:42.391648, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0008 frag_len : 0068 [2007/11/30 09:00:42.391666, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 000a auth_len : 0000 [2007/11/30 09:00:42.391683, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 000c call_id : 00000007 [2007/11/30 09:00:42.391700, 5, pid=5654] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp resp [2007/11/30 09:00:42.391733, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint32(710) 0010 alloc_hint: 00000050 [2007/11/30 09:00:42.391752, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint16(681) 0014 context_id: 0000 [2007/11/30 09:00:42.391769, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0016 cancel_ct : 00 [2007/11/30 09:00:42.391787, 5, pid=5654] rpc_parse/parse_prs.c:prs_uint8(616) 0017 reserved : 00 [2007/11/30 09:00:42.391805, 5, pid=5654] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..104] [2007/11/30 09:00:42.391824, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.391836, 5, pid=5654] lib/util.c:show_msg(516) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2007/11/30 09:00:42.391970, 10, pid=5654] lib/util.c:dump_data(2285) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 07 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .P...... ...."... [020] 00 10 00 12 00 01 00 00 00 01 00 00 00 09 00 00 ........ ........ [030] 00 00 00 00 00 08 00 00 00 5A 00 41 00 52 00 54 ........ .Z.A.R.T [040] 00 53 00 4F 00 46 00 54 00 04 00 00 00 01 04 00 .S.O.F.T ........ [050] 00 00 00 00 05 15 00 00 00 A8 AD 91 87 31 A9 0A ........ .....1.. [060] BB D3 2F 21 24 00 00 00 00 ../!$... . [2007/11/30 09:00:42.393573, 10, pid=5654] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 41 [2007/11/30 09:00:42.393601, 6, pid=5654] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x29 [2007/11/30 09:00:42.393621, 3, pid=5654] smbd/process.c:process_smb(1068) Transaction 14 of length 45 [2007/11/30 09:00:42.393638, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.393650, 5, pid=5654] lib/util.c:show_msg(516) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=15 smt_wct=3 smb_vwv[ 0]=29949 (0x74FD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2007/11/30 09:00:42.393741, 3, pid=5654] smbd/process.c:switch_message(926) switch message SMBclose (pid 5654) conn 0x555555c1a220 [2007/11/30 09:00:42.393761, 4, pid=5654] smbd/uid.c:change_to_user(183) change_to_user: Skipping user change - already user [2007/11/30 09:00:42.393779, 4, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1271) search for pipe pnum=74fd [2007/11/30 09:00:42.393797, 5, pid=5654] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1275) pipe name lsarpc pnum=74fd (pipes_open=1) [2007/11/30 09:00:42.393814, 5, pid=5654] smbd/pipes.c:reply_pipe_close(297) reply_pipe_close: pnum:74fd [2007/11/30 09:00:42.393834, 4, pid=5654] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 4F 47 EA 8A ........ ....OG.. [010] 16 16 00 00 .... [2007/11/30 09:00:42.393876, 3, pid=5654] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2007/11/30 09:00:42.393894, 4, pid=5654] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 4F 47 EA 8A ........ ....OG.. [010] 16 16 00 00 .... [2007/11/30 09:00:42.393930, 3, pid=5654] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2007/11/30 09:00:42.393947, 10, pid=5654] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe lsarpc [2007/11/30 09:00:42.393969, 4, pid=5654] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1169) closed pipe name lsarpc pnum=74fd (pipes_open=0) [2007/11/30 09:00:42.394022, 5, pid=5654] lib/util.c:show_msg(506) [2007/11/30 09:00:42.394035, 5, pid=5654] lib/util.c:show_msg(516) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5653 smb_uid=101 smb_mid=15 smt_wct=0 smb_bcc=0 [2007/11/30 09:00:42.395347, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:00:42.395493, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:00:42.395529, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:42.395552, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:00:42.395573, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:42.395591, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:42.395609, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:00:42.395628, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:42.395648, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:42.395666, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:00:42.395684, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:00:42.395701, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:00:42.395718, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:00:42.395736, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:42.395754, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:42.395779, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:00:42.395699, 5, pid=5658] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:42.395798, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:00:42.395824, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:42.395843, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:00:42.395873, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:42.395892, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:42.395910, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:00:42.395928, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:42.395947, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:42.395966, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:00:42.395983, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:00:42.396003, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 socket option SO_KEEPALIVE = 1 [2007/11/30 09:00:42.396073, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:00:42.396108, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:42.396020, 5, pid=5657] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:42.396130, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 socket option TCP_NODELAY = 1 [2007/11/30 09:00:42.396161, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:42.396184, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:42.396199, 5, pid=5657] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:42.396213, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:42.396239, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:00:42.396258, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:42.396277, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:42.396295, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:00:42.396314, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:00:42.396332, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:00:42.396349, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:00:42.396367, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:42.396384, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:42.396406, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:00:42.396425, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:00:42.396443, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:42.396461, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:00:42.396479, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:42.396497, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:42.396515, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:00:42.396534, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:42.396542, 6, pid=5657] param/loadparm.c:lp_file_list_changed(3080) [2007/11/30 09:00:42.396552, 5, pid=5658] lib/util_sock.c:print_socket_options(206) lp_file_list_changed() socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:42.396582, 5, pid=5658] lib/util_sock.c:print_socket_options(206) file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 socket option SO_SNDBUF = 50604 [2007/11/30 09:00:42.396610, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:00:42.396630, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:00:42.396635, 3, pid=5657] smbd/oplock.c:init_oplocks(863) [2007/11/30 09:00:42.396648, 5, pid=5658] lib/util_sock.c:print_socket_options(206) init_oplocks: initializing messages. socket option SO_RCVLOWAT = 1 [2007/11/30 09:00:42.396675, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:42.396693, 5, pid=5658] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:42.396806, 3, pid=5657] smbd/oplock_linux.c:linux_init_kernel_oplocks(276) Linux kernel oplocks enabled [2007/11/30 09:00:42.396923, 10, pid=5657] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 190 [2007/11/30 09:00:42.396957, 6, pid=5657] smbd/process.c:process_smb(1067) got message type 0x0 of len 0xbe [2007/11/30 09:00:42.396980, 3, pid=5657] smbd/process.c:process_smb(1068) [2007/11/30 09:00:42.396986, 6, pid=5658] param/loadparm.c:lp_file_list_changed(3080) Transaction 0 of length 194 lp_file_list_changed() [2007/11/30 09:00:42.397031, 5, pid=5657] lib/util.c:show_msg(506) file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:42.397046, 5, pid=5657] lib/util.c:show_msg(516) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 [2007/11/30 09:00:42.397077, 3, pid=5658] smbd/oplock.c:init_oplocks(863) smb_flg2=51201 init_oplocks: initializing messages. smb_tid=0 smb_pid=5651 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=155 [2007/11/30 09:00:42.397140, 10, pid=5657] lib/util.c:dump_data(2285) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [2007/11/30 09:00:42.397222, 3, pid=5658] smbd/oplock_linux.c:linux_init_kernel_oplocks(276) [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. Linux kernel oplocks enabled [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2007/11/30 09:00:42.397313, 3, pid=5657] smbd/process.c:switch_message(926) [2007/11/30 09:00:42.397318, 10, pid=5658] lib/util_sock.c:read_data(525) switch message SMBnegprot (pid 5657) conn 0x0 [2007/11/30 09:00:42.397346, 3, pid=5657] smbd/sec_ctx.c:set_sec_ctx(241) read_data: read of 4 returned 0. Error = Success setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.397369, 10, pid=5658] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length < 0! [2007/11/30 09:00:42.397376, 5, pid=5657] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.397388, 3, pid=5658] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). [2007/11/30 09:00:42.397402, 5, pid=5657] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.397415, 5, pid=5658] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/11/30 09:00:42.397442, 5, pid=5657] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:42.397457, 5, pid=5658] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/11/30 09:00:42.397473, 3, pid=5657] smbd/negprot.c:reply_negprot(505) Requested protocol [PC NETWORK PROGRAM 1.0] [2007/11/30 09:00:42.397487, 3, pid=5658] smbd/sec_ctx.c:set_sec_ctx(241) [2007/11/30 09:00:42.397497, 3, pid=5657] smbd/negprot.c:reply_negprot(505) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Requested protocol [MICROSOFT NETWORKS 1.03] [2007/11/30 09:00:42.397521, 5, pid=5658] auth/auth_util.c:debug_nt_user_token(448) [2007/11/30 09:00:42.397524, 3, pid=5657] smbd/negprot.c:reply_negprot(505) NT user token: (NULL) Requested protocol [MICROSOFT NETWORKS 3.0] [2007/11/30 09:00:42.397555, 5, pid=5658] auth/auth_util.c:debug_unix_user_token(474) [2007/11/30 09:00:42.397558, 3, pid=5657] smbd/negprot.c:reply_negprot(505) UNIX token of user 0 Requested protocol [LANMAN1.0] Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.397592, 3, pid=5657] smbd/negprot.c:reply_negprot(505) Requested protocol [LM1.2X002] [2007/11/30 09:00:42.397606, 5, pid=5658] smbd/uid.c:change_to_root_user(288) [2007/11/30 09:00:42.397610, 3, pid=5657] smbd/negprot.c:reply_negprot(505) change_to_root_user: now uid=(0,0) gid=(0,0) Requested protocol [DOS LANMAN2.1] [2007/11/30 09:00:42.397640, 3, pid=5657] smbd/negprot.c:reply_negprot(505) [2007/11/30 09:00:42.397643, 3, pid=5658] smbd/connection.c:yield_connection(69) Requested protocol [LANMAN2.1] Yielding connection to [2007/11/30 09:00:42.397685, 3, pid=5657] smbd/negprot.c:reply_negprot(505) Requested protocol [Samba] [2007/11/30 09:00:42.397702, 3, pid=5658] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2007/11/30 09:00:42.397716, 10, pid=5657] lib/util.c:set_remote_arch(2260) set_remote_arch: Client arch is 'Samba' [2007/11/30 09:00:42.397739, 3, pid=5658] smbd/server.c:exit_server_common(768) Server exit (normal exit) [2007/11/30 09:00:42.397765, 6, pid=5657] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:42.397810, 5, pid=5657] smbd/connection.c:claim_connection(182) claiming 0 [2007/11/30 09:00:42.397893, 6, pid=5657] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:42.397969, 3, pid=5657] smbd/negprot.c:reply_nt1(364) using SPNEGO [2007/11/30 09:00:42.397988, 3, pid=5657] smbd/negprot.c:reply_negprot(606) Selected protocol NT LANMAN 1.0 [2007/11/30 09:00:42.398005, 5, pid=5657] smbd/negprot.c:reply_negprot(612) negprot index=8 [2007/11/30 09:00:42.398022, 5, pid=5657] lib/util.c:show_msg(506) [2007/11/30 09:00:42.398034, 5, pid=5657] lib/util.c:show_msg(516) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 6400 (0x1900) smb_vwv[ 8]= 22 (0x16) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=22801 (0x5911) smb_vwv[13]= 1427 (0x593) smb_vwv[14]=51251 (0xC833) smb_vwv[15]=54273 (0xD401) smb_vwv[16]= 254 (0xFE) smb_bcc=58 [2007/11/30 09:00:42.398202, 10, pid=5657] lib/util.c:dump_data(2285) [000] 67 6F 64 61 69 00 00 00 00 00 00 00 00 00 00 00 godai... ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2007/11/30 09:00:42.399178, 10, pid=5657] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 160 [2007/11/30 09:00:42.399206, 6, pid=5657] smbd/process.c:process_smb(1067) got message type 0x0 of len 0xa0 [2007/11/30 09:00:42.399225, 3, pid=5657] smbd/process.c:process_smb(1068) Transaction 1 of length 164 [2007/11/30 09:00:42.399242, 5, pid=5657] lib/util.c:show_msg(506) [2007/11/30 09:00:42.399253, 5, pid=5657] lib/util.c:show_msg(516) size=160 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=0 smb_mid=2 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 79 (0x4F) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=53340 (0xD05C) smb_vwv[11]=32768 (0x8000) smb_bcc=101 [2007/11/30 09:00:42.399388, 10, pid=5657] lib/util.c:dump_data(2285) [000] 60 4D 06 06 2B 06 01 05 05 02 A0 43 30 41 A0 0E `M..+... ...C0A.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2F 0...+... ..7..../ [020] 04 2D 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 82 .-NTLMSS P....... [030] 08 60 08 00 08 00 20 00 00 00 05 00 05 00 28 00 .`.... . ......(. [040] 00 00 5A 41 52 54 53 4F 46 54 47 4F 44 41 49 55 ..ZARTSO FTGODAIU [050] 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 .n.i.x.. .S.a.m.b [060] 00 61 00 00 00 .a... [2007/11/30 09:00:42.399511, 3, pid=5657] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5657) conn 0x0 [2007/11/30 09:00:42.399531, 3, pid=5657] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.399550, 5, pid=5657] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.399567, 5, pid=5657] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.399598, 5, pid=5657] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:42.399624, 3, pid=5657] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc801 [2007/11/30 09:00:42.399649, 3, pid=5657] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 09:00:42.399674, 3, pid=5657] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2007/11/30 09:00:42.399708, 10, pid=5657] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 100 [2007/11/30 09:00:42.399731, 10, pid=5657] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 79, pblob->length = 79 [2007/11/30 09:00:42.399761, 5, pid=5657] smbd/sesssetup.c:parse_spnego_mechanisms(667) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2007/11/30 09:00:42.399779, 3, pid=5657] smbd/sesssetup.c:reply_spnego_negotiate(697) reply_spnego_negotiate: Got secblob of size 45 [2007/11/30 09:00:42.399809, 5, pid=5657] auth/auth.c:make_auth_context_subsystem(483) Making default auth method list for DC, security=user, encrypt passwords = yes [2007/11/30 09:00:42.399834, 5, pid=5657] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam [2007/11/30 09:00:42.399859, 5, pid=5657] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam' [2007/11/30 09:00:42.399877, 5, pid=5657] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam_ignoredomain [2007/11/30 09:00:42.399895, 5, pid=5657] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam_ignoredomain' [2007/11/30 09:00:42.399914, 5, pid=5657] auth/auth.c:smb_register_auth(47) Attempting to register auth backend unix [2007/11/30 09:00:42.399932, 5, pid=5657] auth/auth.c:smb_register_auth(59) Successfully added auth method 'unix' [2007/11/30 09:00:42.399951, 5, pid=5657] auth/auth.c:smb_register_auth(47) Attempting to register auth backend winbind [2007/11/30 09:00:42.399968, 5, pid=5657] auth/auth.c:smb_register_auth(59) Successfully added auth method 'winbind' [2007/11/30 09:00:42.399985, 5, pid=5657] auth/auth.c:smb_register_auth(47) Attempting to register auth backend smbserver [2007/11/30 09:00:42.400003, 5, pid=5657] auth/auth.c:smb_register_auth(59) Successfully added auth method 'smbserver' [2007/11/30 09:00:42.400022, 5, pid=5657] auth/auth.c:smb_register_auth(47) Attempting to register auth backend trustdomain [2007/11/30 09:00:42.400039, 5, pid=5657] auth/auth.c:smb_register_auth(59) Successfully added auth method 'trustdomain' [2007/11/30 09:00:42.400056, 5, pid=5657] auth/auth.c:smb_register_auth(47) Attempting to register auth backend ntdomain [2007/11/30 09:00:42.400073, 5, pid=5657] auth/auth.c:smb_register_auth(59) Successfully added auth method 'ntdomain' [2007/11/30 09:00:42.400090, 5, pid=5657] auth/auth.c:smb_register_auth(47) Attempting to register auth backend guest [2007/11/30 09:00:42.400108, 5, pid=5657] auth/auth.c:smb_register_auth(59) Successfully added auth method 'guest' [2007/11/30 09:00:42.400125, 5, pid=5657] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match guest [2007/11/30 09:00:42.400143, 5, pid=5657] auth/auth.c:load_auth_module(416) load_auth_module: auth method guest has a valid init [2007/11/30 09:00:42.400161, 5, pid=5657] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match sam [2007/11/30 09:00:42.400200, 5, pid=5657] auth/auth.c:load_auth_module(416) load_auth_module: auth method sam has a valid init [2007/11/30 09:00:42.400220, 5, pid=5657] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2007/11/30 09:00:42.400245, 5, pid=5657] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match trustdomain [2007/11/30 09:00:42.400271, 5, pid=5657] auth/auth.c:load_auth_module(416) load_auth_module: auth method trustdomain has a valid init [2007/11/30 09:00:42.400290, 5, pid=5657] auth/auth.c:load_auth_module(416) load_auth_module: auth method winbind has a valid init [2007/11/30 09:00:42.400325, 3, pid=5657] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2007/11/30 09:00:42.400387, 5, pid=5657] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module guest did not want to specify a challenge [2007/11/30 09:00:42.400405, 5, pid=5657] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module sam did not want to specify a challenge [2007/11/30 09:00:42.400422, 5, pid=5657] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module winbind did not want to specify a challenge [2007/11/30 09:00:42.400447, 5, pid=5657] auth/auth.c:get_ntlm_challenge(137) auth_context challenge created by random [2007/11/30 09:00:42.400465, 5, pid=5657] auth/auth.c:get_ntlm_challenge(138) challenge is: [2007/11/30 09:00:42.400482, 5, pid=5657] lib/util.c:dump_data(2285) [000] 83 41 41 77 13 9D 35 91 .AAw..5. [2007/11/30 09:00:42.401274, 5, pid=5657] lib/util.c:show_msg(506) [2007/11/30 09:00:42.401296, 5, pid=5657] lib/util.c:show_msg(516) size=332 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=100 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 221 (0xDD) smb_bcc=289 [2007/11/30 09:00:42.401396, 10, pid=5657] lib/util.c:dump_data(2285) [000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 10 00 10 00 30 TLMSSP.. .......0 [030] 00 00 00 15 82 89 60 83 41 41 77 13 9D 35 91 00 ......`. AAw..5.. [040] 00 00 00 00 00 00 00 7E 00 7E 00 40 00 00 00 5A .......~ .~.@...Z [050] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 02 .A.R.T.S .O.F.T.. [060] 00 10 00 5A 00 41 00 52 00 54 00 53 00 4F 00 46 ...Z.A.R .T.S.O.F [070] 00 54 00 01 00 0A 00 47 00 4F 00 44 00 41 00 49 .T.....G .O.D.A.I [080] 00 04 00 22 00 6C 00 6F 00 63 00 61 00 6C 00 2E ...".l.o .c.a.l.. [090] 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 00 74 .z.a.r.t .s.o.f.t [0A0] 00 2E 00 72 00 75 00 03 00 2E 00 67 00 6F 00 64 ...r.u.. ...g.o.d [0B0] 00 61 00 69 00 2E 00 6C 00 6F 00 63 00 61 00 6C .a.i...l .o.c.a.l [0C0] 00 2E 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 ...z.a.r .t.s.o.f [0D0] 00 74 00 2E 00 72 00 75 00 00 00 00 00 55 00 6E .t...r.u .....U.n [0E0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0F0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 36 00 61 . .3...0 ...2.6.a [100] 00 2D 00 30 00 2E 00 66 00 63 00 37 00 00 00 5A .-.0...f .c.7...Z [110] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 00 .A.R.T.S .O.F.T.. [120] 00 . [2007/11/30 09:00:42.402978, 10, pid=5657] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 260 [2007/11/30 09:00:42.403006, 6, pid=5657] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x104 [2007/11/30 09:00:42.403063, 3, pid=5657] smbd/process.c:process_smb(1068) Transaction 2 of length 264 [2007/11/30 09:00:42.403082, 5, pid=5657] lib/util.c:show_msg(506) [2007/11/30 09:00:42.403094, 5, pid=5657] lib/util.c:show_msg(516) size=260 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=100 smb_mid=3 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 178 (0xB2) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=53340 (0xD05C) smb_vwv[11]=32768 (0x8000) smb_bcc=201 [2007/11/30 09:00:42.403233, 10, pid=5657] lib/util.c:dump_data(2285) [000] A1 81 AF 30 81 AC A2 81 A9 04 81 A6 4E 54 4C 4D ...0.... ....NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 SSP..... ....@... [020] 18 00 18 00 58 00 00 00 10 00 10 00 70 00 00 00 ....X... ....p... [030] 0C 00 0C 00 80 00 00 00 0A 00 0A 00 8C 00 00 00 ........ ........ [040] 10 00 10 00 96 00 00 00 15 82 08 60 CA EA 6B 69 ........ ...`..ki [050] 81 F3 2E F9 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 00 00 00 C3 5D 18 87 0C CB 66 D6 F3 AA 26 19 .....].. ..f...&. [070] FA 6D 65 F8 B9 D4 3C 72 3C 97 5B 63 5A 00 41 00 .me...length = 178 [2007/11/30 09:00:42.403610, 3, pid=5657] libsmb/ntlmssp.c:ntlmssp_server_auth(739) Got user=[GODAI$] domain=[ZARTSOFT] workstation=[GODAI] len1=24 len2=24 [2007/11/30 09:00:42.403638, 5, pid=5657] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(69) auth_context challenge set by NTLMSSP callback (NTLM2) [2007/11/30 09:00:42.403656, 5, pid=5657] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(70) challenge is: [2007/11/30 09:00:42.403673, 5, pid=5657] lib/util.c:dump_data(2285) [000] CE 29 9D 66 82 B9 0E 5D .).f...] [2007/11/30 09:00:42.403716, 6, pid=5657] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:42.403761, 5, pid=5657] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [ZARTSOFT]\[GODAI$] from workstation [GODAI] [2007/11/30 09:00:42.403782, 3, pid=5657] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.403801, 3, pid=5657] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:00:42.403836, 3, pid=5657] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.403861, 5, pid=5657] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.403878, 5, pid=5657] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.403906, 5, pid=5657] auth/auth_util.c:is_trusted_domain(2198) is_trusted_domain: Checking for domain trust with [ZARTSOFT] [2007/11/30 09:00:42.403948, 5, pid=5657] passdb/secrets.c:secrets_fetch_trusted_domain_password(473) secrets_fetch failed! [2007/11/30 09:00:42.403975, 3, pid=5657] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.404017, 10, pid=5657] lib/gencache.c:gencache_get(212) Cache entry with key = TDOM/ZARTSOFT couldn't be found [2007/11/30 09:00:42.404039, 5, pid=5657] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain ZARTSOFT found. [2007/11/30 09:00:42.404058, 5, pid=5657] auth/auth_util.c:make_user_info(75) attempting to make a user_info for GODAI$ (GODAI$) [2007/11/30 09:00:42.404077, 5, pid=5657] auth/auth_util.c:make_user_info(85) making strings for GODAI$'s user_info struct [2007/11/30 09:00:42.404095, 5, pid=5657] auth/auth_util.c:make_user_info(117) making blobs for GODAI$'s user_info struct [2007/11/30 09:00:42.404113, 10, pid=5657] auth/auth_util.c:make_user_info(135) made an encrypted user_info for GODAI$ (GODAI$) [2007/11/30 09:00:42.404131, 3, pid=5657] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [ZARTSOFT]\[GODAI$]@[GODAI] with the new password interface [2007/11/30 09:00:42.404150, 3, pid=5657] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [ZARTSOFT]\[GODAI$]@[GODAI] [2007/11/30 09:00:42.404168, 10, pid=5657] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2007/11/30 09:00:42.404185, 10, pid=5657] auth/auth.c:check_ntlm_password(235) challenge is: [2007/11/30 09:00:42.404202, 5, pid=5657] lib/util.c:dump_data(2285) [000] CE 29 9D 66 82 B9 0E 5D .).f...] [2007/11/30 09:00:42.404228, 10, pid=5657] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2007/11/30 09:00:42.404249, 8, pid=5657] lib/util.c:is_myname(2097) is_myname("ZARTSOFT") returns 0 [2007/11/30 09:00:42.404273, 3, pid=5657] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.404293, 3, pid=5657] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:00:42.404310, 3, pid=5657] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.404327, 5, pid=5657] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.404344, 5, pid=5657] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.404418, 4, pid=5657] passdb/pdb_tdb.c:tdbsam_open(869) tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb [2007/11/30 09:00:42.404464, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_username(581) pdb_set_username: setting username godai$, was [2007/11/30 09:00:42.404486, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_domain(604) pdb_set_domain: setting domain ZARTSOFT, was [2007/11/30 09:00:42.404504, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_nt_username(627) pdb_set_nt_username: setting nt username , was [2007/11/30 09:00:42.404523, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_fullname(650) pdb_set_full_name: setting full name godai, was [2007/11/30 09:00:42.404542, 4, pid=5657] lib/substitute.c:automount_server(407) Home server: godai [2007/11/30 09:00:42.404570, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_homedir(743) pdb_set_homedir: setting home dir \\godai\godai_, was [2007/11/30 09:00:42.404604, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_dir_drive(719) pdb_set_dir_drive: setting dir drive , was NULL [2007/11/30 09:00:42.404626, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_logon_script(673) pdb_set_logon_script: setting logon script , was [2007/11/30 09:00:42.404645, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_profile_path(696) pdb_set_profile_path: setting profile path , was [2007/11/30 09:00:42.404664, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_workstations(786) pdb_set_workstations: setting workstations , was [2007/11/30 09:00:42.404685, 3, pid=5657] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.404703, 3, pid=5657] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:42.404721, 3, pid=5657] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.404738, 5, pid=5657] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.404755, 5, pid=5657] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.404793, 10, pid=5657] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 09:00:42.404818, 3, pid=5657] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.404840, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_user_sid(510) pdb_set_user_sid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 [2007/11/30 09:00:42.404876, 10, pid=5657] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 from rid 2040 [2007/11/30 09:00:42.404908, 8, pid=5657] passdb/pdb_tdb.c:tdbsam_close(882) tdbsam_close: Reference count is now 0. [2007/11/30 09:00:42.404939, 3, pid=5657] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.404958, 3, pid=5657] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:42.404976, 3, pid=5657] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.404993, 5, pid=5657] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.405010, 5, pid=5657] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.405042, 10, pid=5657] lib/account_pol.c:account_policy_get(294) account_policy_get: name: maximum password age, val: -1 [2007/11/30 09:00:42.405065, 3, pid=5657] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.405087, 5, pid=5657] lib/username.c:Get_Pwnam_alloc(131) Finding user godai$ [2007/11/30 09:00:42.405105, 5, pid=5657] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is godai$ [2007/11/30 09:00:42.405177, 5, pid=5657] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [godai$]! [2007/11/30 09:00:42.405258, 10, pid=5657] passdb/lookup_sid.c:check_dom_sid_to_level(663) Accepting SID S-1-5-21-2274471336-3138038065-606154707 in level 1 [2007/11/30 09:00:42.405284, 3, pid=5657] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.405303, 3, pid=5657] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:42.405321, 3, pid=5657] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.405338, 5, pid=5657] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.405355, 5, pid=5657] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.405385, 5, pid=5657] passdb/pdb_interface.c:lookup_global_sam_rid(1522) lookup_global_sam_rid: looking up RID 515. [2007/11/30 09:00:42.405422, 3, pid=5657] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2007/11/30 09:00:42.405442, 3, pid=5657] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2007/11/30 09:00:42.405459, 3, pid=5657] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2007/11/30 09:00:42.405476, 5, pid=5657] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.405493, 5, pid=5657] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.405543, 4, pid=5657] passdb/pdb_tdb.c:tdbsam_open(869) tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb [2007/11/30 09:00:42.405567, 5, pid=5657] passdb/pdb_tdb.c:tdbsam_getsampwrid(1114) pdb_getsampwrid (TDB): error looking up RID 515 by key RID_00000203. Error: Record does not exist [2007/11/30 09:00:42.405592, 8, pid=5657] passdb/pdb_tdb.c:tdbsam_close(882) tdbsam_close: Reference count is now 0. [2007/11/30 09:00:42.405633, 3, pid=5657] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.405654, 5, pid=5657] passdb/pdb_interface.c:pdb_default_lookup_rids(1643) lookup_rids: Domain Computers:2 [2007/11/30 09:00:42.405677, 3, pid=5657] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.405697, 10, pid=5657] passdb/lookup_sid.c:lookup_sid(941) Sid S-1-5-21-2274471336-3138038065-606154707-515 -> ZARTSOFT\Domain Computers(2) [2007/11/30 09:00:42.405723, 3, pid=5657] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.405742, 3, pid=5657] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:42.405759, 3, pid=5657] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.405777, 5, pid=5657] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.405793, 5, pid=5657] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.405825, 10, pid=5657] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 09:00:42.405848, 3, pid=5657] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.405878, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_username(581) pdb_set_username: setting username godai$, was [2007/11/30 09:00:42.405897, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_domain(604) pdb_set_domain: setting domain ZARTSOFT, was [2007/11/30 09:00:42.405916, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_nt_username(627) pdb_set_nt_username: setting nt username , was [2007/11/30 09:00:42.405933, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_fullname(650) pdb_set_full_name: setting full name godai, was [2007/11/30 09:00:42.405953, 4, pid=5657] lib/substitute.c:automount_server(407) Home server: godai [2007/11/30 09:00:42.405976, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_homedir(743) pdb_set_homedir: setting home dir \\godai\godai_, was [2007/11/30 09:00:42.405994, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_dir_drive(719) pdb_set_dir_drive: setting dir drive , was NULL [2007/11/30 09:00:42.406014, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_logon_script(673) pdb_set_logon_script: setting logon script , was [2007/11/30 09:00:42.406033, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_profile_path(696) pdb_set_profile_path: setting profile path , was [2007/11/30 09:00:42.406051, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_workstations(786) pdb_set_workstations: setting workstations , was [2007/11/30 09:00:42.406071, 3, pid=5657] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.406090, 3, pid=5657] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:42.406124, 3, pid=5657] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:42.406142, 5, pid=5657] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.406159, 5, pid=5657] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.406191, 10, pid=5657] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 09:00:42.406214, 3, pid=5657] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.406234, 10, pid=5657] passdb/pdb_get_set.c:pdb_set_user_sid(510) pdb_set_user_sid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 [2007/11/30 09:00:42.406255, 10, pid=5657] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 from rid 2040 [2007/11/30 09:00:42.406287, 3, pid=5657] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.406310, 4, pid=5657] libsmb/ntlm_check.c:ntlm_password_check(326) ntlm_password_check: Checking NT MD4 password [2007/11/30 09:00:42.406423, 4, pid=5657] auth/auth_sam.c:sam_account_ok(138) sam_account_ok: Checking SMB password for user godai$ [2007/11/30 09:00:42.406452, 5, pid=5657] auth/auth_sam.c:logon_hours_ok(120) logon_hours_ok: user godai$ allowed to logon at this time (Fri Nov 30 04:00:42 2007 ) [2007/11/30 09:00:42.406477, 3, pid=5657] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.406495, 3, pid=5657] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:00:42.406512, 3, pid=5657] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.406529, 5, pid=5657] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.406546, 5, pid=5657] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.406578, 10, pid=5657] lib/account_pol.c:account_policy_get(294) account_policy_get: name: maximum password age, val: -1 [2007/11/30 09:00:42.406602, 3, pid=5657] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:42.406623, 3, pid=5657] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.406641, 3, pid=5657] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:00:42.406658, 3, pid=5657] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:42.406675, 5, pid=5657] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:42.406691, 5, pid=5657] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:42.406719, 10, pid=5657] lib/util_pw.c:getpwnam_alloc(76) Got godai$ from pwnam_cache [2007/11/30 09:00:42.406739, 10, pid=5657] lib/util_pw.c:getpwnam_alloc(76) Got godai$ from pwnam_cache [2007/11/30 09:00:42.406797, 10, pid=5657] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [godai$] [2007/11/30 09:00:52.405096, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:00:52.405243, 5, pid=5660] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.405632, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:00:52.405762, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:00:52.405799, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:52.405824, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:00:52.405870, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:52.405891, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:52.405912, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 socket option SO_REUSEADDR = 1 [2007/11/30 09:00:52.405932, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:52.405959, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:52.405978, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:00:52.405996, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:00:52.406015, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:00:52.406033, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:00:52.406051, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:52.406069, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:52.406092, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:00:52.406111, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:00:52.406129, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:52.406147, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:00:52.406164, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:52.406182, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:52.406201, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:00:52.406220, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:52.406238, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:52.406256, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:00:52.406281, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:00:52.406299, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:00:52.406317, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:00:52.406335, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:52.406353, 5, pid=5661] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:52.406728, 6, pid=5661] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() [2007/11/30 09:00:52.406684, 5, pid=5663] lib/util_sock.c:print_socket_options(206) file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 socket option SO_KEEPALIVE = 1 [2007/11/30 09:00:52.406803, 3, pid=5661] smbd/oplock.c:init_oplocks(863) init_oplocks: initializing messages. [2007/11/30 09:00:52.406814, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:00:52.406849, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:52.406871, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:00:52.406892, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:52.406932, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:52.406952, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:00:52.406971, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:52.406994, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:52.407013, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:00:52.407032, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:00:52.407050, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:00:52.407068, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:00:52.407086, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:52.407104, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:52.407125, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:00:52.407143, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:00:52.407161, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:52.407180, 5, pid=5663] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.405939, 5, pid=5660] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.406969, 3, pid=5661] smbd/oplock_linux.c:linux_init_kernel_oplocks(276) [2007/11/30 09:00:52.407122, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:52.407233, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 socket option SO_KEEPALIVE = 1 socket option TCP_NODELAY = 1 [2007/11/30 09:00:52.407289, 5, pid=5663] lib/util_sock.c:print_socket_options(206) Linux kernel oplocks enabled [2007/11/30 09:00:52.407257, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:52.407331, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:52.407351, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:00:52.407371, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:52.407390, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:52.407398, 10, pid=5661] lib/util_sock.c:read_data(525) [2007/11/30 09:00:52.407408, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:00:52.407428, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:00:52.407283, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 socket option SO_REUSEADDR = 1 [2007/11/30 09:00:52.407466, 5, pid=5663] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.407472, 5, pid=5662] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.407449, 5, pid=5660] lib/util_sock.c:print_socket_options(206) read_data: read of 4 returned 0. Error = Success socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:52.407502, 10, pid=5661] lib/util_sock.c:receive_smb_raw(672) [2007/11/30 09:00:52.407510, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 socket option SO_SNDLOWAT = 1 [2007/11/30 09:00:52.407534, 5, pid=5662] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.407541, 5, pid=5660] lib/util_sock.c:print_socket_options(206) receive_smb_raw: length < 0! socket option TCP_KEEPINTVL = 75 [2007/11/30 09:00:52.407563, 3, pid=5661] smbd/process.c:timeout_processing(1328) socket option TCP_NODELAY = 1 socket option SO_RCVLOWAT = 1 [2007/11/30 09:00:52.407609, 5, pid=5662] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.407616, 5, pid=5660] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.407571, 5, pid=5663] lib/util_sock.c:print_socket_options(206) timeout_processing: End of file from client (client has disconnected). socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:52.407652, 5, pid=5661] lib/gencache.c:gencache_shutdown(94) socket option SO_SNDTIMEO = 0 Closing cache file socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:52.407689, 5, pid=5663] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.407693, 5, pid=5661] libsmb/namecache.c:namecache_shutdown(79) [2007/11/30 09:00:52.407655, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:52.407732, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 namecache_shutdown: netbios namecache closed successfully. [2007/11/30 09:00:52.407754, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:52.407766, 3, pid=5661] smbd/sec_ctx.c:set_sec_ctx(241) [2007/11/30 09:00:52.407775, 5, pid=5662] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.407708, 5, pid=5660] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.407739, 5, pid=5663] lib/util_sock.c:print_socket_options(206) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:52.407818, 5, pid=5661] auth/auth_util.c:debug_nt_user_token(448) socket option SO_RCVTIMEO = 0 NT user token: (NULL) socket option SO_SNDBUF = 50604 [2007/11/30 09:00:52.407850, 5, pid=5661] auth/auth_util.c:debug_unix_user_token(474) [2007/11/30 09:00:52.407856, 5, pid=5663] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.407823, 5, pid=5662] lib/util_sock.c:print_socket_options(206) UNIX token of user 0 socket option SO_RCVBUF = 87392 socket option SO_SNDBUF = 50604 [2007/11/30 09:00:52.407893, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:00:52.407900, 5, pid=5662] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.407916, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 socket option SO_RCVLOWAT = 1 [2007/11/30 09:00:52.407941, 5, pid=5662] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.407947, 5, pid=5663] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.407888, 5, pid=5660] lib/util_sock.c:print_socket_options(206) Primary group is 0 and contains 0 supplementary groups socket option SO_KEEPALIVE = 1 socket option SO_SNDLOWAT = 1 socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:52.407991, 5, pid=5662] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:00:52.407998, 5, pid=5663] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:52.408024, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:52.408044, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:52.408065, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:00:52.408083, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:00:52.408101, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:52.408119, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:00:52.408136, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:52.408154, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:52.408188, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:00:52.408208, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:52.408227, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:52.408245, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:00:52.408262, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:00:52.408285, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:00:52.408304, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:00:52.408310, 6, pid=5663] param/loadparm.c:lp_file_list_changed(3080) [2007/11/30 09:00:52.408322, 5, pid=5662] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:52.408020, 5, pid=5661] smbd/uid.c:change_to_root_user(288) [2007/11/30 09:00:52.408344, 5, pid=5662] lib/util_sock.c:print_socket_options(206) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:52.408012, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:00:52.408371, 3, pid=5661] smbd/connection.c:yield_connection(69) Yielding connection to lp_file_list_changed() [2007/11/30 09:00:52.408409, 3, pid=5661] smbd/connection.c:yield_connection(76) socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:52.408382, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:00:52.408449, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:00:52.408469, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:00:52.408487, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:00:52.408505, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:00:52.408524, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:00:52.408542, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:00:52.408560, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:00:52.408578, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:00:52.408596, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:00:52.408614, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:00:52.408632, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:00:52.408649, 5, pid=5660] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:00:52.408692, 6, pid=5662] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:52.408751, 3, pid=5662] smbd/oplock.c:init_oplocks(863) init_oplocks: initializing messages. file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:52.408823, 3, pid=5663] smbd/oplock.c:init_oplocks(863) init_oplocks: initializing messages. [2007/11/30 09:00:52.408902, 3, pid=5662] smbd/oplock_linux.c:linux_init_kernel_oplocks(276) Linux kernel oplocks enabled [2007/11/30 09:00:52.408957, 3, pid=5663] smbd/oplock_linux.c:linux_init_kernel_oplocks(276) Linux kernel oplocks enabled [2007/11/30 09:00:52.408999, 10, pid=5662] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2007/11/30 09:00:52.409042, 10, pid=5662] lib/util_sock.c:receive_smb_raw(672) yield_connection: tdb_delete for name failed with error Record does not exist. [2007/11/30 09:00:52.409106, 3, pid=5661] smbd/server.c:exit_server_common(768) Server exit (normal exit) [2007/11/30 09:00:52.409241, 6, pid=5660] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:52.409306, 3, pid=5660] smbd/oplock.c:init_oplocks(863) init_oplocks: initializing messages. [2007/11/30 09:00:52.409447, 3, pid=5660] smbd/oplock_linux.c:linux_init_kernel_oplocks(276) Linux kernel oplocks enabled [2007/11/30 09:00:52.409048, 10, pid=5663] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2007/11/30 09:00:52.409590, 10, pid=5663] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length < 0! [2007/11/30 09:00:52.409610, 3, pid=5663] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). [2007/11/30 09:00:52.409636, 5, pid=5663] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/11/30 09:00:52.409672, 5, pid=5663] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/11/30 09:00:52.409698, 3, pid=5663] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:52.409721, 5, pid=5663] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:52.409745, 5, pid=5663] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:52.409782, 5, pid=5663] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:52.409814, 3, pid=5663] smbd/connection.c:yield_connection(69) Yielding connection to [2007/11/30 09:00:52.409848, 3, pid=5663] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2007/11/30 09:00:52.409883, 3, pid=5663] smbd/server.c:exit_server_common(768) Server exit (normal exit) receive_smb_raw: length < 0! [2007/11/30 09:00:52.410166, 3, pid=5662] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). [2007/11/30 09:00:52.410201, 5, pid=5662] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/11/30 09:00:52.410235, 5, pid=5662] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/11/30 09:00:52.410262, 3, pid=5662] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:52.410292, 5, pid=5662] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:52.410315, 5, pid=5662] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:52.410350, 5, pid=5662] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:52.410383, 3, pid=5662] smbd/connection.c:yield_connection(69) Yielding connection to [2007/11/30 09:00:52.410415, 3, pid=5662] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2007/11/30 09:00:52.410450, 3, pid=5662] smbd/server.c:exit_server_common(768) Server exit (normal exit) [2007/11/30 09:00:55.018044, 10, pid=5660] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 190 [2007/11/30 09:00:55.018092, 6, pid=5660] smbd/process.c:process_smb(1067) got message type 0x0 of len 0xbe [2007/11/30 09:00:55.018116, 3, pid=5660] smbd/process.c:process_smb(1068) Transaction 0 of length 194 [2007/11/30 09:00:55.018143, 5, pid=5660] lib/util.c:show_msg(506) [2007/11/30 09:00:55.018156, 5, pid=5660] lib/util.c:show_msg(516) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=155 [2007/11/30 09:00:55.018248, 10, pid=5660] lib/util.c:dump_data(2285) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2007/11/30 09:00:55.018406, 3, pid=5660] smbd/process.c:switch_message(926) switch message SMBnegprot (pid 5660) conn 0x0 [2007/11/30 09:00:55.018431, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:55.018454, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:55.018478, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:55.018521, 5, pid=5660] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:55.018547, 3, pid=5660] smbd/negprot.c:reply_negprot(505) Requested protocol [PC NETWORK PROGRAM 1.0] [2007/11/30 09:00:55.018569, 3, pid=5660] smbd/negprot.c:reply_negprot(505) Requested protocol [MICROSOFT NETWORKS 1.03] [2007/11/30 09:00:55.018587, 3, pid=5660] smbd/negprot.c:reply_negprot(505) Requested protocol [MICROSOFT NETWORKS 3.0] [2007/11/30 09:00:55.018604, 3, pid=5660] smbd/negprot.c:reply_negprot(505) Requested protocol [LANMAN1.0] [2007/11/30 09:00:55.018621, 3, pid=5660] smbd/negprot.c:reply_negprot(505) Requested protocol [LM1.2X002] [2007/11/30 09:00:55.018638, 3, pid=5660] smbd/negprot.c:reply_negprot(505) Requested protocol [DOS LANMAN2.1] [2007/11/30 09:00:55.018655, 3, pid=5660] smbd/negprot.c:reply_negprot(505) Requested protocol [LANMAN2.1] [2007/11/30 09:00:55.018671, 3, pid=5660] smbd/negprot.c:reply_negprot(505) Requested protocol [Samba] [2007/11/30 09:00:55.018698, 10, pid=5660] lib/util.c:set_remote_arch(2260) set_remote_arch: Client arch is 'Samba' [2007/11/30 09:00:55.018747, 6, pid=5660] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:55.018791, 5, pid=5660] smbd/connection.c:claim_connection(182) claiming 0 [2007/11/30 09:00:55.018866, 6, pid=5660] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:55.018939, 3, pid=5660] smbd/negprot.c:reply_nt1(364) using SPNEGO [2007/11/30 09:00:55.018958, 3, pid=5660] smbd/negprot.c:reply_negprot(606) Selected protocol NT LANMAN 1.0 [2007/11/30 09:00:55.018975, 5, pid=5660] smbd/negprot.c:reply_negprot(612) negprot index=8 [2007/11/30 09:00:55.018991, 5, pid=5660] lib/util.c:show_msg(506) [2007/11/30 09:00:55.019003, 5, pid=5660] lib/util.c:show_msg(516) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 7168 (0x1C00) smb_vwv[ 8]= 22 (0x16) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]= 6325 (0x18B5) smb_vwv[13]= 1435 (0x59B) smb_vwv[14]=51251 (0xC833) smb_vwv[15]=54273 (0xD401) smb_vwv[16]= 254 (0xFE) smb_bcc=58 [2007/11/30 09:00:55.019184, 10, pid=5660] lib/util.c:dump_data(2285) [000] 67 6F 64 61 69 00 00 00 00 00 00 00 00 00 00 00 godai... ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2007/11/30 09:00:55.020033, 10, pid=5660] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 160 [2007/11/30 09:00:55.020058, 6, pid=5660] smbd/process.c:process_smb(1067) got message type 0x0 of len 0xa0 [2007/11/30 09:00:55.020077, 3, pid=5660] smbd/process.c:process_smb(1068) Transaction 1 of length 164 [2007/11/30 09:00:55.020094, 5, pid=5660] lib/util.c:show_msg(506) [2007/11/30 09:00:55.020106, 5, pid=5660] lib/util.c:show_msg(516) size=160 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=0 smb_mid=2 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 79 (0x4F) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=53340 (0xD05C) smb_vwv[11]=32768 (0x8000) smb_bcc=101 [2007/11/30 09:00:55.020245, 10, pid=5660] lib/util.c:dump_data(2285) [000] 60 4D 06 06 2B 06 01 05 05 02 A0 43 30 41 A0 0E `M..+... ...C0A.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2F 0...+... ..7..../ [020] 04 2D 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 82 .-NTLMSS P....... [030] 08 60 08 00 08 00 20 00 00 00 05 00 05 00 28 00 .`.... . ......(. [040] 00 00 5A 41 52 54 53 4F 46 54 47 4F 44 41 49 55 ..ZARTSO FTGODAIU [050] 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 .n.i.x.. .S.a.m.b [060] 00 61 00 00 00 .a... [2007/11/30 09:00:55.020348, 3, pid=5660] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5660) conn 0x0 [2007/11/30 09:00:55.020367, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:55.020385, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:55.020402, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:55.020431, 5, pid=5660] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:55.020456, 3, pid=5660] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc801 [2007/11/30 09:00:55.020481, 3, pid=5660] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 09:00:55.020509, 3, pid=5660] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2007/11/30 09:00:55.020543, 10, pid=5660] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 100 [2007/11/30 09:00:55.020566, 10, pid=5660] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 79, pblob->length = 79 [2007/11/30 09:00:55.020595, 5, pid=5660] smbd/sesssetup.c:parse_spnego_mechanisms(667) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2007/11/30 09:00:55.020613, 3, pid=5660] smbd/sesssetup.c:reply_spnego_negotiate(697) reply_spnego_negotiate: Got secblob of size 45 [2007/11/30 09:00:55.020644, 5, pid=5660] auth/auth.c:make_auth_context_subsystem(483) Making default auth method list for DC, security=user, encrypt passwords = yes [2007/11/30 09:00:55.020669, 5, pid=5660] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam [2007/11/30 09:00:55.020687, 5, pid=5660] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam' [2007/11/30 09:00:55.020705, 5, pid=5660] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam_ignoredomain [2007/11/30 09:00:55.020738, 5, pid=5660] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam_ignoredomain' [2007/11/30 09:00:55.020759, 5, pid=5660] auth/auth.c:smb_register_auth(47) Attempting to register auth backend unix [2007/11/30 09:00:55.020777, 5, pid=5660] auth/auth.c:smb_register_auth(59) Successfully added auth method 'unix' [2007/11/30 09:00:55.020796, 5, pid=5660] auth/auth.c:smb_register_auth(47) Attempting to register auth backend winbind [2007/11/30 09:00:55.020814, 5, pid=5660] auth/auth.c:smb_register_auth(59) Successfully added auth method 'winbind' [2007/11/30 09:00:55.020831, 5, pid=5660] auth/auth.c:smb_register_auth(47) Attempting to register auth backend smbserver [2007/11/30 09:00:55.020848, 5, pid=5660] auth/auth.c:smb_register_auth(59) Successfully added auth method 'smbserver' [2007/11/30 09:00:55.020867, 5, pid=5660] auth/auth.c:smb_register_auth(47) Attempting to register auth backend trustdomain [2007/11/30 09:00:55.020885, 5, pid=5660] auth/auth.c:smb_register_auth(59) Successfully added auth method 'trustdomain' [2007/11/30 09:00:55.020901, 5, pid=5660] auth/auth.c:smb_register_auth(47) Attempting to register auth backend ntdomain [2007/11/30 09:00:55.020919, 5, pid=5660] auth/auth.c:smb_register_auth(59) Successfully added auth method 'ntdomain' [2007/11/30 09:00:55.020936, 5, pid=5660] auth/auth.c:smb_register_auth(47) Attempting to register auth backend guest [2007/11/30 09:00:55.020953, 5, pid=5660] auth/auth.c:smb_register_auth(59) Successfully added auth method 'guest' [2007/11/30 09:00:55.020970, 5, pid=5660] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match guest [2007/11/30 09:00:55.020988, 5, pid=5660] auth/auth.c:load_auth_module(416) load_auth_module: auth method guest has a valid init [2007/11/30 09:00:55.021006, 5, pid=5660] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match sam [2007/11/30 09:00:55.021030, 5, pid=5660] auth/auth.c:load_auth_module(416) load_auth_module: auth method sam has a valid init [2007/11/30 09:00:55.021050, 5, pid=5660] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2007/11/30 09:00:55.021074, 5, pid=5660] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match trustdomain [2007/11/30 09:00:55.021099, 5, pid=5660] auth/auth.c:load_auth_module(416) load_auth_module: auth method trustdomain has a valid init [2007/11/30 09:00:55.021118, 5, pid=5660] auth/auth.c:load_auth_module(416) load_auth_module: auth method winbind has a valid init [2007/11/30 09:00:55.021155, 3, pid=5660] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2007/11/30 09:00:55.021219, 5, pid=5660] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module guest did not want to specify a challenge [2007/11/30 09:00:55.021237, 5, pid=5660] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module sam did not want to specify a challenge [2007/11/30 09:00:55.021255, 5, pid=5660] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module winbind did not want to specify a challenge [2007/11/30 09:00:55.021286, 5, pid=5660] auth/auth.c:get_ntlm_challenge(137) auth_context challenge created by random [2007/11/30 09:00:55.021304, 5, pid=5660] auth/auth.c:get_ntlm_challenge(138) challenge is: [2007/11/30 09:00:55.021321, 5, pid=5660] lib/util.c:dump_data(2285) [000] BC DB 15 9C D1 CB B6 0F ........ [2007/11/30 09:00:55.022138, 5, pid=5660] lib/util.c:show_msg(506) [2007/11/30 09:00:55.022160, 5, pid=5660] lib/util.c:show_msg(516) size=332 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=100 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 221 (0xDD) smb_bcc=289 [2007/11/30 09:00:55.022281, 10, pid=5660] lib/util.c:dump_data(2285) [000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 10 00 10 00 30 TLMSSP.. .......0 [030] 00 00 00 15 82 89 60 BC DB 15 9C D1 CB B6 0F 00 ......`. ........ [040] 00 00 00 00 00 00 00 7E 00 7E 00 40 00 00 00 5A .......~ .~.@...Z [050] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 02 .A.R.T.S .O.F.T.. [060] 00 10 00 5A 00 41 00 52 00 54 00 53 00 4F 00 46 ...Z.A.R .T.S.O.F [070] 00 54 00 01 00 0A 00 47 00 4F 00 44 00 41 00 49 .T.....G .O.D.A.I [080] 00 04 00 22 00 6C 00 6F 00 63 00 61 00 6C 00 2E ...".l.o .c.a.l.. [090] 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 00 74 .z.a.r.t .s.o.f.t [0A0] 00 2E 00 72 00 75 00 03 00 2E 00 67 00 6F 00 64 ...r.u.. ...g.o.d [0B0] 00 61 00 69 00 2E 00 6C 00 6F 00 63 00 61 00 6C .a.i...l .o.c.a.l [0C0] 00 2E 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 ...z.a.r .t.s.o.f [0D0] 00 74 00 2E 00 72 00 75 00 00 00 00 00 55 00 6E .t...r.u .....U.n [0E0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0F0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 36 00 61 . .3...0 ...2.6.a [100] 00 2D 00 30 00 2E 00 66 00 63 00 37 00 00 00 5A .-.0...f .c.7...Z [110] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 00 .A.R.T.S .O.F.T.. [120] 00 . [2007/11/30 09:00:55.023850, 10, pid=5660] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 260 [2007/11/30 09:00:55.023877, 6, pid=5660] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x104 [2007/11/30 09:00:55.023896, 3, pid=5660] smbd/process.c:process_smb(1068) Transaction 2 of length 264 [2007/11/30 09:00:55.023914, 5, pid=5660] lib/util.c:show_msg(506) [2007/11/30 09:00:55.023926, 5, pid=5660] lib/util.c:show_msg(516) size=260 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=100 smb_mid=3 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 178 (0xB2) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=53340 (0xD05C) smb_vwv[11]=32768 (0x8000) smb_bcc=201 [2007/11/30 09:00:55.024069, 10, pid=5660] lib/util.c:dump_data(2285) [000] A1 81 AF 30 81 AC A2 81 A9 04 81 A6 4E 54 4C 4D ...0.... ....NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 SSP..... ....@... [020] 18 00 18 00 58 00 00 00 10 00 10 00 70 00 00 00 ....X... ....p... [030] 0C 00 0C 00 80 00 00 00 0A 00 0A 00 8C 00 00 00 ........ ........ [040] 10 00 10 00 96 00 00 00 15 82 08 60 1A EB 4B 30 ........ ...`..K0 [050] DA 37 E5 72 00 00 00 00 00 00 00 00 00 00 00 00 .7.r.... ........ [060] 00 00 00 00 49 A0 80 CB 85 CC E3 03 87 9E 30 42 ....I... ......0B [070] C2 6D A6 57 B1 E5 F5 77 66 5C B7 F4 5A 00 41 00 .m.W...w f\..Z.A. [080] 52 00 54 00 53 00 4F 00 46 00 54 00 47 00 4F 00 R.T.S.O. F.T.G.O. [090] 44 00 41 00 49 00 24 00 47 00 4F 00 44 00 41 00 D.A.I.$. G.O.D.A. [0A0] 49 00 99 B8 B0 E4 F8 AC 15 FB F4 02 B5 D6 7B 66 I....... ......{f [0B0] 5C B2 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 \..U.n.i .x...S.a [0C0] 00 6D 00 62 00 61 00 00 00 .m.b.a.. . [2007/11/30 09:00:55.024254, 3, pid=5660] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5660) conn 0x0 [2007/11/30 09:00:55.024273, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:55.024292, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:55.024310, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:55.024358, 5, pid=5660] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:00:55.024380, 3, pid=5660] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc801 [2007/11/30 09:00:55.024398, 3, pid=5660] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 09:00:55.024416, 3, pid=5660] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2007/11/30 09:00:55.024445, 10, pid=5660] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 178, pblob->length = 178 [2007/11/30 09:00:55.024472, 3, pid=5660] libsmb/ntlmssp.c:ntlmssp_server_auth(739) Got user=[GODAI$] domain=[ZARTSOFT] workstation=[GODAI] len1=24 len2=24 [2007/11/30 09:00:55.024499, 5, pid=5660] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(69) auth_context challenge set by NTLMSSP callback (NTLM2) [2007/11/30 09:00:55.024522, 5, pid=5660] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(70) challenge is: [2007/11/30 09:00:55.024539, 5, pid=5660] lib/util.c:dump_data(2285) [000] 67 75 B3 85 87 56 5F EF gu...V_. [2007/11/30 09:00:55.024581, 6, pid=5660] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:00:55.024627, 5, pid=5660] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [ZARTSOFT]\[GODAI$] from workstation [GODAI] [2007/11/30 09:00:55.024648, 3, pid=5660] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:00:55.024667, 3, pid=5660] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:00:55.024686, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:55.024704, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:55.024721, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:55.024749, 5, pid=5660] auth/auth_util.c:is_trusted_domain(2198) is_trusted_domain: Checking for domain trust with [ZARTSOFT] [2007/11/30 09:00:55.024790, 5, pid=5660] passdb/secrets.c:secrets_fetch_trusted_domain_password(473) secrets_fetch failed! [2007/11/30 09:00:55.024817, 3, pid=5660] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:55.024860, 10, pid=5660] lib/gencache.c:gencache_get(212) Cache entry with key = TDOM/ZARTSOFT couldn't be found [2007/11/30 09:00:55.024881, 5, pid=5660] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain ZARTSOFT found. [2007/11/30 09:00:55.024901, 5, pid=5660] auth/auth_util.c:make_user_info(75) attempting to make a user_info for GODAI$ (GODAI$) [2007/11/30 09:00:55.024920, 5, pid=5660] auth/auth_util.c:make_user_info(85) making strings for GODAI$'s user_info struct [2007/11/30 09:00:55.024938, 5, pid=5660] auth/auth_util.c:make_user_info(117) making blobs for GODAI$'s user_info struct [2007/11/30 09:00:55.024956, 10, pid=5660] auth/auth_util.c:make_user_info(135) made an encrypted user_info for GODAI$ (GODAI$) [2007/11/30 09:00:55.024975, 3, pid=5660] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [ZARTSOFT]\[GODAI$]@[GODAI] with the new password interface [2007/11/30 09:00:55.024994, 3, pid=5660] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [ZARTSOFT]\[GODAI$]@[GODAI] [2007/11/30 09:00:55.025012, 10, pid=5660] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2007/11/30 09:00:55.025030, 10, pid=5660] auth/auth.c:check_ntlm_password(235) challenge is: [2007/11/30 09:00:55.025063, 5, pid=5660] lib/util.c:dump_data(2285) [000] 67 75 B3 85 87 56 5F EF gu...V_. [2007/11/30 09:00:55.025090, 10, pid=5660] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2007/11/30 09:00:55.025112, 8, pid=5660] lib/util.c:is_myname(2097) is_myname("ZARTSOFT") returns 0 [2007/11/30 09:00:55.025137, 3, pid=5660] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:00:55.025157, 3, pid=5660] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:00:55.025175, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:55.025192, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:55.025209, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:55.025289, 4, pid=5660] passdb/pdb_tdb.c:tdbsam_open(869) tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb [2007/11/30 09:00:55.025335, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_username(581) pdb_set_username: setting username godai$, was [2007/11/30 09:00:55.025358, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_domain(604) pdb_set_domain: setting domain ZARTSOFT, was [2007/11/30 09:00:55.025377, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_nt_username(627) pdb_set_nt_username: setting nt username , was [2007/11/30 09:00:55.025395, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_fullname(650) pdb_set_full_name: setting full name godai, was [2007/11/30 09:00:55.025415, 4, pid=5660] lib/substitute.c:automount_server(407) Home server: godai [2007/11/30 09:00:55.025443, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_homedir(743) pdb_set_homedir: setting home dir \\godai\godai_, was [2007/11/30 09:00:55.025462, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_dir_drive(719) pdb_set_dir_drive: setting dir drive , was NULL [2007/11/30 09:00:55.025483, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_logon_script(673) pdb_set_logon_script: setting logon script , was [2007/11/30 09:00:55.025508, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_profile_path(696) pdb_set_profile_path: setting profile path , was [2007/11/30 09:00:55.025528, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_workstations(786) pdb_set_workstations: setting workstations , was [2007/11/30 09:00:55.025549, 3, pid=5660] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:55.025568, 3, pid=5660] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:55.025586, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:55.025603, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:55.025620, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:55.025658, 10, pid=5660] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 09:00:55.025684, 3, pid=5660] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:55.025707, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_user_sid(510) pdb_set_user_sid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 [2007/11/30 09:00:55.025738, 10, pid=5660] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 from rid 2040 [2007/11/30 09:00:55.025770, 8, pid=5660] passdb/pdb_tdb.c:tdbsam_close(882) tdbsam_close: Reference count is now 0. [2007/11/30 09:00:55.025801, 3, pid=5660] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:55.025821, 3, pid=5660] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:55.025854, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:55.025873, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:55.025890, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:55.025923, 10, pid=5660] lib/account_pol.c:account_policy_get(294) account_policy_get: name: maximum password age, val: -1 [2007/11/30 09:00:55.025947, 3, pid=5660] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:55.025969, 5, pid=5660] lib/username.c:Get_Pwnam_alloc(131) Finding user godai$ [2007/11/30 09:00:55.025987, 5, pid=5660] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is godai$ [2007/11/30 09:00:55.026063, 5, pid=5660] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [godai$]! [2007/11/30 09:00:55.026145, 10, pid=5660] passdb/lookup_sid.c:check_dom_sid_to_level(663) Accepting SID S-1-5-21-2274471336-3138038065-606154707 in level 1 [2007/11/30 09:00:55.026172, 3, pid=5660] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:55.026191, 3, pid=5660] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:55.026209, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:55.026227, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:55.026243, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:55.026274, 5, pid=5660] passdb/pdb_interface.c:lookup_global_sam_rid(1522) lookup_global_sam_rid: looking up RID 515. [2007/11/30 09:00:55.026295, 3, pid=5660] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2007/11/30 09:00:55.026314, 3, pid=5660] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2007/11/30 09:00:55.026331, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2007/11/30 09:00:55.026349, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:55.026365, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:55.026416, 4, pid=5660] passdb/pdb_tdb.c:tdbsam_open(869) tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb [2007/11/30 09:00:55.026440, 5, pid=5660] passdb/pdb_tdb.c:tdbsam_getsampwrid(1114) pdb_getsampwrid (TDB): error looking up RID 515 by key RID_00000203. Error: Record does not exist [2007/11/30 09:00:55.026466, 8, pid=5660] passdb/pdb_tdb.c:tdbsam_close(882) tdbsam_close: Reference count is now 0. [2007/11/30 09:00:55.026511, 3, pid=5660] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:55.026533, 5, pid=5660] passdb/pdb_interface.c:pdb_default_lookup_rids(1643) lookup_rids: Domain Computers:2 [2007/11/30 09:00:55.026555, 3, pid=5660] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:55.026575, 10, pid=5660] passdb/lookup_sid.c:lookup_sid(941) Sid S-1-5-21-2274471336-3138038065-606154707-515 -> ZARTSOFT\Domain Computers(2) [2007/11/30 09:00:55.026601, 3, pid=5660] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:55.026621, 3, pid=5660] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:55.026639, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:55.026656, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:55.026673, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:55.026722, 10, pid=5660] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 09:00:55.026746, 3, pid=5660] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:55.026772, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_username(581) pdb_set_username: setting username godai$, was [2007/11/30 09:00:55.026791, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_domain(604) pdb_set_domain: setting domain ZARTSOFT, was [2007/11/30 09:00:55.026810, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_nt_username(627) pdb_set_nt_username: setting nt username , was [2007/11/30 09:00:55.026828, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_fullname(650) pdb_set_full_name: setting full name godai, was [2007/11/30 09:00:55.026849, 4, pid=5660] lib/substitute.c:automount_server(407) Home server: godai [2007/11/30 09:00:55.026871, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_homedir(743) pdb_set_homedir: setting home dir \\godai\godai_, was [2007/11/30 09:00:55.026890, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_dir_drive(719) pdb_set_dir_drive: setting dir drive , was NULL [2007/11/30 09:00:55.026909, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_logon_script(673) pdb_set_logon_script: setting logon script , was [2007/11/30 09:00:55.026928, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_profile_path(696) pdb_set_profile_path: setting profile path , was [2007/11/30 09:00:55.026947, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_workstations(786) pdb_set_workstations: setting workstations , was [2007/11/30 09:00:55.026968, 3, pid=5660] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:00:55.026987, 3, pid=5660] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:00:55.027005, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:00:55.027022, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:55.027039, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:55.027071, 10, pid=5660] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 09:00:55.027095, 3, pid=5660] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:55.027115, 10, pid=5660] passdb/pdb_get_set.c:pdb_set_user_sid(510) pdb_set_user_sid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 [2007/11/30 09:00:55.027137, 10, pid=5660] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 from rid 2040 [2007/11/30 09:00:55.027168, 3, pid=5660] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:55.027191, 4, pid=5660] libsmb/ntlm_check.c:ntlm_password_check(326) ntlm_password_check: Checking NT MD4 password [2007/11/30 09:00:55.027305, 4, pid=5660] auth/auth_sam.c:sam_account_ok(138) sam_account_ok: Checking SMB password for user godai$ [2007/11/30 09:00:55.027332, 5, pid=5660] auth/auth_sam.c:logon_hours_ok(120) logon_hours_ok: user godai$ allowed to logon at this time (Fri Nov 30 04:00:55 2007 ) [2007/11/30 09:00:55.027357, 3, pid=5660] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:00:55.027376, 3, pid=5660] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:00:55.027394, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:55.027411, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:55.027428, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:55.027476, 10, pid=5660] lib/account_pol.c:account_policy_get(294) account_policy_get: name: maximum password age, val: -1 [2007/11/30 09:00:55.027512, 3, pid=5660] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:00:55.027543, 3, pid=5660] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:00:55.027562, 3, pid=5660] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:00:55.027580, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:00:55.027598, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:00:55.027615, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:00:55.027645, 10, pid=5660] lib/util_pw.c:getpwnam_alloc(76) Got godai$ from pwnam_cache [2007/11/30 09:00:55.027665, 10, pid=5660] lib/util_pw.c:getpwnam_alloc(76) Got godai$ from pwnam_cache [2007/11/30 09:00:55.027726, 10, pid=5660] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [godai$] [2007/11/30 09:01:05.026316, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:01:05.026465, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:01:05.026499, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:01:05.026521, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:01:05.026543, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:01:05.026562, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:01:05.026581, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:01:05.026601, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:01:05.026623, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:01:05.026642, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:01:05.026660, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:01:05.026678, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:01:05.026696, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:01:05.026713, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:01:05.026731, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:01:05.026753, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:01:05.026771, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:01:05.026789, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:01:05.026807, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:01:05.026826, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:01:05.026844, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:01:05.026862, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:01:05.026881, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:01:05.026899, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:01:05.028058, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:01:05.028079, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:01:05.028098, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:01:05.028116, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:01:05.028134, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:01:05.028151, 5, pid=5671] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:01:05.027365, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:01:05.028431, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:01:05.028469, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:01:05.028492, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:01:05.028515, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:01:05.028535, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:01:05.028555, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:01:05.028575, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:01:05.028595, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:01:05.027849, 5, pid=5674] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:01:05.025869, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 socket option SO_KEEPALIVE = 1 [2007/11/30 09:01:05.028701, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:01:05.028736, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:01:05.028758, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:01:05.028779, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:01:05.028798, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:01:05.028817, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:01:05.028837, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:01:05.028855, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:01:05.028873, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:01:05.028891, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:01:05.028909, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:01:05.028933, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:01:05.028951, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:01:05.028970, 5, pid=5670] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:01:05.028616, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:01:05.028680, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:01:05.029005, 5, pid=5673] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:01:05.028965, 6, pid=5671] param/loadparm.c:lp_file_list_changed(3080) socket option SO_RCVTIMEO = 0 [2007/11/30 09:01:05.029028, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:01:05.029095, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 socket option SO_RCVBUF = 87392 [2007/11/30 09:01:05.029118, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 lp_file_list_changed() [2007/11/30 09:01:05.029139, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:01:05.029106, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:01:05.029190, 5, pid=5674] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:01:05.029127, 5, pid=5673] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:01:05.029159, 5, pid=5670] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:01:05.029190, 3, pid=5671] smbd/oplock.c:init_oplocks(863) socket option TCP_KEEPCNT = 9 socket option SO_SNDLOWAT = 1 [2007/11/30 09:01:05.029243, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 init_oplocks: initializing messages. [2007/11/30 09:01:05.029275, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:01:05.029296, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:01:05.029315, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:01:05.029333, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:01:05.029353, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:01:05.029371, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:01:05.029389, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:01:05.029407, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:01:05.029425, 5, pid=5670] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:01:05.029236, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:01:05.029460, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:01:05.029470, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:01:05.029423, 3, pid=5671] smbd/oplock_linux.c:linux_init_kernel_oplocks(276) [2007/11/30 09:01:05.029495, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:01:05.029480, 5, pid=5674] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:01:05.029519, 5, pid=5670] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 Linux kernel oplocks enabled socket option SO_RCVTIMEO = 0 [2007/11/30 09:01:05.029564, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:01:05.029584, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:01:05.029602, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:01:05.029633, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:01:05.029653, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:01:05.029673, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:01:05.029691, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:01:05.029709, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:01:05.029747, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:01:05.029758, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:01:05.029543, 5, pid=5670] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:01:05.029784, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:01:05.029807, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:01:05.029825, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:01:05.029843, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:01:05.029862, 5, pid=5674] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:01:05.029865, 10, pid=5671] lib/util_sock.c:read_data(525) [2007/11/30 09:01:05.029769, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:01:05.029898, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 socket option SO_SNDTIMEO = 0 [2007/11/30 09:01:05.029932, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 [2007/11/30 09:01:05.029955, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_KEEPALIVE = 1 [2007/11/30 09:01:05.029974, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_REUSEADDR = 1 [2007/11/30 09:01:05.029992, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_BROADCAST = 0 [2007/11/30 09:01:05.030011, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option TCP_NODELAY = 1 [2007/11/30 09:01:05.030029, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPCNT = 9 [2007/11/30 09:01:05.030047, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPIDLE = 7200 [2007/11/30 09:01:05.030066, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option TCP_KEEPINTVL = 75 [2007/11/30 09:01:05.030084, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option IPTOS_LOWDELAY = 0 [2007/11/30 09:01:05.030103, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option IPTOS_THROUGHPUT = 0 [2007/11/30 09:01:05.030121, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_SNDBUF = 50604 [2007/11/30 09:01:05.030139, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_RCVBUF = 87392 [2007/11/30 09:01:05.030204, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_SNDLOWAT = 1 [2007/11/30 09:01:05.030223, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:01:05.030242, 5, pid=5674] lib/util_sock.c:print_socket_options(206) read_data: read of 4 returned 0. Error = Success socket option SO_RCVBUF = 87392 [2007/11/30 09:01:05.030265, 10, pid=5671] lib/util_sock.c:receive_smb_raw(672) [2007/11/30 09:01:05.030273, 5, pid=5673] lib/util_sock.c:print_socket_options(206) [2007/11/30 09:01:05.030239, 6, pid=5670] param/loadparm.c:lp_file_list_changed(3080) socket option SO_SNDTIMEO = 0 receive_smb_raw: length < 0! socket option SO_SNDLOWAT = 1 [2007/11/30 09:01:05.030337, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option SO_RCVLOWAT = 1 [2007/11/30 09:01:05.030357, 5, pid=5673] lib/util_sock.c:print_socket_options(206) socket option SO_SNDTIMEO = 0 [2007/11/30 09:01:05.030323, 3, pid=5671] smbd/process.c:timeout_processing(1328) [2007/11/30 09:01:05.030375, 5, pid=5673] lib/util_sock.c:print_socket_options(206) lp_file_list_changed() [2007/11/30 09:01:05.030306, 5, pid=5674] lib/util_sock.c:print_socket_options(206) socket option SO_RCVTIMEO = 0 timeout_processing: End of file from client (client has disconnected). [2007/11/30 09:01:05.030423, 5, pid=5671] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/11/30 09:01:05.030477, 5, pid=5671] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/11/30 09:01:05.030503, 3, pid=5671] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:05.030527, 5, pid=5671] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:05.030552, 5, pid=5671] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:05.030590, 5, pid=5671] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:01:05.030623, 3, pid=5671] smbd/connection.c:yield_connection(69) Yielding connection to [2007/11/30 09:01:05.030658, 3, pid=5671] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2007/11/30 09:01:05.030679, 6, pid=5674] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() [2007/11/30 09:01:05.030694, 3, pid=5671] smbd/server.c:exit_server_common(768) Server exit (normal exit) file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:01:05.030741, 3, pid=5674] smbd/oplock.c:init_oplocks(863) init_oplocks: initializing messages. [2007/11/30 09:01:05.030897, 3, pid=5674] smbd/oplock_linux.c:linux_init_kernel_oplocks(276) Linux kernel oplocks enabled [2007/11/30 09:01:05.031003, 10, pid=5674] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2007/11/30 09:01:05.031048, 10, pid=5674] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length < 0! [2007/11/30 09:01:05.031066, 3, pid=5674] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). [2007/11/30 09:01:05.031093, 5, pid=5674] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/11/30 09:01:05.031126, 5, pid=5674] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/11/30 09:01:05.031152, 3, pid=5674] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:05.031174, 5, pid=5674] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:05.031199, 5, pid=5674] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:05.031234, 5, pid=5674] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:01:05.031266, 3, pid=5674] smbd/connection.c:yield_connection(69) Yielding connection to [2007/11/30 09:01:05.031299, 3, pid=5674] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2007/11/30 09:01:05.031333, 3, pid=5674] smbd/server.c:exit_server_common(768) Server exit (normal exit) socket option SO_RCVTIMEO = 0 [2007/11/30 09:01:05.032037, 6, pid=5673] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:01:05.032103, 3, pid=5673] smbd/oplock.c:init_oplocks(863) init_oplocks: initializing messages. file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:01:05.032262, 3, pid=5673] smbd/oplock_linux.c:linux_init_kernel_oplocks(276) Linux kernel oplocks enabled [2007/11/30 09:01:05.032275, 3, pid=5670] smbd/oplock.c:init_oplocks(863) init_oplocks: initializing messages. [2007/11/30 09:01:05.032360, 10, pid=5673] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2007/11/30 09:01:05.032406, 10, pid=5673] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length < 0! [2007/11/30 09:01:05.032412, 3, pid=5670] smbd/oplock_linux.c:linux_init_kernel_oplocks(276) Linux kernel oplocks enabled [2007/11/30 09:01:05.032428, 3, pid=5673] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). [2007/11/30 09:01:05.032481, 5, pid=5673] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/11/30 09:01:05.032514, 5, pid=5673] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/11/30 09:01:05.032540, 3, pid=5673] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:05.032561, 5, pid=5673] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:05.032585, 5, pid=5673] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:05.032622, 5, pid=5673] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:01:05.032653, 3, pid=5673] smbd/connection.c:yield_connection(69) Yielding connection to [2007/11/30 09:01:05.032685, 3, pid=5673] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2007/11/30 09:01:05.032719, 3, pid=5673] smbd/server.c:exit_server_common(768) Server exit (normal exit) [2007/11/30 09:01:07.639312, 10, pid=5670] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 190 [2007/11/30 09:01:07.639362, 6, pid=5670] smbd/process.c:process_smb(1067) got message type 0x0 of len 0xbe [2007/11/30 09:01:07.639385, 3, pid=5670] smbd/process.c:process_smb(1068) Transaction 0 of length 194 [2007/11/30 09:01:07.639412, 5, pid=5670] lib/util.c:show_msg(506) [2007/11/30 09:01:07.639426, 5, pid=5670] lib/util.c:show_msg(516) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=155 [2007/11/30 09:01:07.639498, 10, pid=5670] lib/util.c:dump_data(2285) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2007/11/30 09:01:07.639656, 3, pid=5670] smbd/process.c:switch_message(926) switch message SMBnegprot (pid 5670) conn 0x0 [2007/11/30 09:01:07.639681, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:07.639703, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:07.639727, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:07.639767, 5, pid=5670] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:01:07.639793, 3, pid=5670] smbd/negprot.c:reply_negprot(505) Requested protocol [PC NETWORK PROGRAM 1.0] [2007/11/30 09:01:07.639815, 3, pid=5670] smbd/negprot.c:reply_negprot(505) Requested protocol [MICROSOFT NETWORKS 1.03] [2007/11/30 09:01:07.639832, 3, pid=5670] smbd/negprot.c:reply_negprot(505) Requested protocol [MICROSOFT NETWORKS 3.0] [2007/11/30 09:01:07.639849, 3, pid=5670] smbd/negprot.c:reply_negprot(505) Requested protocol [LANMAN1.0] [2007/11/30 09:01:07.639866, 3, pid=5670] smbd/negprot.c:reply_negprot(505) Requested protocol [LM1.2X002] [2007/11/30 09:01:07.639883, 3, pid=5670] smbd/negprot.c:reply_negprot(505) Requested protocol [DOS LANMAN2.1] [2007/11/30 09:01:07.639918, 3, pid=5670] smbd/negprot.c:reply_negprot(505) Requested protocol [LANMAN2.1] [2007/11/30 09:01:07.639936, 3, pid=5670] smbd/negprot.c:reply_negprot(505) Requested protocol [Samba] [2007/11/30 09:01:07.639965, 10, pid=5670] lib/util.c:set_remote_arch(2260) set_remote_arch: Client arch is 'Samba' [2007/11/30 09:01:07.640014, 6, pid=5670] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:01:07.640058, 5, pid=5670] smbd/connection.c:claim_connection(182) claiming 0 [2007/11/30 09:01:07.640131, 6, pid=5670] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:01:07.640205, 3, pid=5670] smbd/negprot.c:reply_nt1(364) using SPNEGO [2007/11/30 09:01:07.640223, 3, pid=5670] smbd/negprot.c:reply_negprot(606) Selected protocol NT LANMAN 1.0 [2007/11/30 09:01:07.640240, 5, pid=5670] smbd/negprot.c:reply_negprot(612) negprot index=8 [2007/11/30 09:01:07.640257, 5, pid=5670] lib/util.c:show_msg(506) [2007/11/30 09:01:07.640268, 5, pid=5670] lib/util.c:show_msg(516) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 9728 (0x2600) smb_vwv[ 8]= 22 (0x16) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=16323 (0x3FC3) smb_vwv[13]= 1442 (0x5A2) smb_vwv[14]=51251 (0xC833) smb_vwv[15]=54273 (0xD401) smb_vwv[16]= 254 (0xFE) smb_bcc=58 [2007/11/30 09:01:07.640436, 10, pid=5670] lib/util.c:dump_data(2285) [000] 67 6F 64 61 69 00 00 00 00 00 00 00 00 00 00 00 godai... ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2007/11/30 09:01:07.641269, 10, pid=5670] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 160 [2007/11/30 09:01:07.641295, 6, pid=5670] smbd/process.c:process_smb(1067) got message type 0x0 of len 0xa0 [2007/11/30 09:01:07.641313, 3, pid=5670] smbd/process.c:process_smb(1068) Transaction 1 of length 164 [2007/11/30 09:01:07.641334, 5, pid=5670] lib/util.c:show_msg(506) [2007/11/30 09:01:07.641345, 5, pid=5670] lib/util.c:show_msg(516) size=160 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=0 smb_mid=2 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 79 (0x4F) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=53340 (0xD05C) smb_vwv[11]=32768 (0x8000) smb_bcc=101 [2007/11/30 09:01:07.641481, 10, pid=5670] lib/util.c:dump_data(2285) [000] 60 4D 06 06 2B 06 01 05 05 02 A0 43 30 41 A0 0E `M..+... ...C0A.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2F 0...+... ..7..../ [020] 04 2D 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 82 .-NTLMSS P....... [030] 08 60 08 00 08 00 20 00 00 00 05 00 05 00 28 00 .`.... . ......(. [040] 00 00 5A 41 52 54 53 4F 46 54 47 4F 44 41 49 55 ..ZARTSO FTGODAIU [050] 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 .n.i.x.. .S.a.m.b [060] 00 61 00 00 00 .a... [2007/11/30 09:01:07.641584, 3, pid=5670] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5670) conn 0x0 [2007/11/30 09:01:07.641603, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:07.641637, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:07.641656, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:07.641685, 5, pid=5670] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:01:07.641710, 3, pid=5670] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc801 [2007/11/30 09:01:07.641735, 3, pid=5670] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 09:01:07.641759, 3, pid=5670] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2007/11/30 09:01:07.641797, 10, pid=5670] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 100 [2007/11/30 09:01:07.641821, 10, pid=5670] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 79, pblob->length = 79 [2007/11/30 09:01:07.641850, 5, pid=5670] smbd/sesssetup.c:parse_spnego_mechanisms(667) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2007/11/30 09:01:07.641868, 3, pid=5670] smbd/sesssetup.c:reply_spnego_negotiate(697) reply_spnego_negotiate: Got secblob of size 45 [2007/11/30 09:01:07.641898, 5, pid=5670] auth/auth.c:make_auth_context_subsystem(483) Making default auth method list for DC, security=user, encrypt passwords = yes [2007/11/30 09:01:07.641923, 5, pid=5670] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam [2007/11/30 09:01:07.641942, 5, pid=5670] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam' [2007/11/30 09:01:07.641959, 5, pid=5670] auth/auth.c:smb_register_auth(47) Attempting to register auth backend sam_ignoredomain [2007/11/30 09:01:07.641977, 5, pid=5670] auth/auth.c:smb_register_auth(59) Successfully added auth method 'sam_ignoredomain' [2007/11/30 09:01:07.641996, 5, pid=5670] auth/auth.c:smb_register_auth(47) Attempting to register auth backend unix [2007/11/30 09:01:07.642014, 5, pid=5670] auth/auth.c:smb_register_auth(59) Successfully added auth method 'unix' [2007/11/30 09:01:07.642033, 5, pid=5670] auth/auth.c:smb_register_auth(47) Attempting to register auth backend winbind [2007/11/30 09:01:07.642051, 5, pid=5670] auth/auth.c:smb_register_auth(59) Successfully added auth method 'winbind' [2007/11/30 09:01:07.642069, 5, pid=5670] auth/auth.c:smb_register_auth(47) Attempting to register auth backend smbserver [2007/11/30 09:01:07.642086, 5, pid=5670] auth/auth.c:smb_register_auth(59) Successfully added auth method 'smbserver' [2007/11/30 09:01:07.642104, 5, pid=5670] auth/auth.c:smb_register_auth(47) Attempting to register auth backend trustdomain [2007/11/30 09:01:07.642122, 5, pid=5670] auth/auth.c:smb_register_auth(59) Successfully added auth method 'trustdomain' [2007/11/30 09:01:07.642139, 5, pid=5670] auth/auth.c:smb_register_auth(47) Attempting to register auth backend ntdomain [2007/11/30 09:01:07.642156, 5, pid=5670] auth/auth.c:smb_register_auth(59) Successfully added auth method 'ntdomain' [2007/11/30 09:01:07.642173, 5, pid=5670] auth/auth.c:smb_register_auth(47) Attempting to register auth backend guest [2007/11/30 09:01:07.642190, 5, pid=5670] auth/auth.c:smb_register_auth(59) Successfully added auth method 'guest' [2007/11/30 09:01:07.642207, 5, pid=5670] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match guest [2007/11/30 09:01:07.642226, 5, pid=5670] auth/auth.c:load_auth_module(416) load_auth_module: auth method guest has a valid init [2007/11/30 09:01:07.642244, 5, pid=5670] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match sam [2007/11/30 09:01:07.642268, 5, pid=5670] auth/auth.c:load_auth_module(416) load_auth_module: auth method sam has a valid init [2007/11/30 09:01:07.642288, 5, pid=5670] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2007/11/30 09:01:07.642329, 5, pid=5670] auth/auth.c:load_auth_module(391) load_auth_module: Attempting to find an auth method to match trustdomain [2007/11/30 09:01:07.642355, 5, pid=5670] auth/auth.c:load_auth_module(416) load_auth_module: auth method trustdomain has a valid init [2007/11/30 09:01:07.642374, 5, pid=5670] auth/auth.c:load_auth_module(416) load_auth_module: auth method winbind has a valid init [2007/11/30 09:01:07.642411, 3, pid=5670] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2007/11/30 09:01:07.642473, 5, pid=5670] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module guest did not want to specify a challenge [2007/11/30 09:01:07.642491, 5, pid=5670] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module sam did not want to specify a challenge [2007/11/30 09:01:07.642509, 5, pid=5670] auth/auth.c:get_ntlm_challenge(97) auth_get_challenge: module winbind did not want to specify a challenge [2007/11/30 09:01:07.642540, 5, pid=5670] auth/auth.c:get_ntlm_challenge(137) auth_context challenge created by random [2007/11/30 09:01:07.642558, 5, pid=5670] auth/auth.c:get_ntlm_challenge(138) challenge is: [2007/11/30 09:01:07.642575, 5, pid=5670] lib/util.c:dump_data(2285) [000] 48 9B 51 90 34 ED 5E 2B H.Q.4.^+ [2007/11/30 09:01:07.643405, 5, pid=5670] lib/util.c:show_msg(506) [2007/11/30 09:01:07.643429, 5, pid=5670] lib/util.c:show_msg(516) size=332 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=100 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 221 (0xDD) smb_bcc=289 [2007/11/30 09:01:07.643530, 10, pid=5670] lib/util.c:dump_data(2285) [000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 10 00 10 00 30 TLMSSP.. .......0 [030] 00 00 00 15 82 89 60 48 9B 51 90 34 ED 5E 2B 00 ......`H .Q.4.^+. [040] 00 00 00 00 00 00 00 7E 00 7E 00 40 00 00 00 5A .......~ .~.@...Z [050] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 02 .A.R.T.S .O.F.T.. [060] 00 10 00 5A 00 41 00 52 00 54 00 53 00 4F 00 46 ...Z.A.R .T.S.O.F [070] 00 54 00 01 00 0A 00 47 00 4F 00 44 00 41 00 49 .T.....G .O.D.A.I [080] 00 04 00 22 00 6C 00 6F 00 63 00 61 00 6C 00 2E ...".l.o .c.a.l.. [090] 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 00 74 .z.a.r.t .s.o.f.t [0A0] 00 2E 00 72 00 75 00 03 00 2E 00 67 00 6F 00 64 ...r.u.. ...g.o.d [0B0] 00 61 00 69 00 2E 00 6C 00 6F 00 63 00 61 00 6C .a.i...l .o.c.a.l [0C0] 00 2E 00 7A 00 61 00 72 00 74 00 73 00 6F 00 66 ...z.a.r .t.s.o.f [0D0] 00 74 00 2E 00 72 00 75 00 00 00 00 00 55 00 6E .t...r.u .....U.n [0E0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0F0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 36 00 61 . .3...0 ...2.6.a [100] 00 2D 00 30 00 2E 00 66 00 63 00 37 00 00 00 5A .-.0...f .c.7...Z [110] 00 41 00 52 00 54 00 53 00 4F 00 46 00 54 00 00 .A.R.T.S .O.F.T.. [120] 00 . [2007/11/30 09:01:07.645100, 10, pid=5670] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 260 [2007/11/30 09:01:07.645128, 6, pid=5670] smbd/process.c:process_smb(1067) got message type 0x0 of len 0x104 [2007/11/30 09:01:07.645147, 3, pid=5670] smbd/process.c:process_smb(1068) Transaction 2 of length 264 [2007/11/30 09:01:07.645164, 5, pid=5670] lib/util.c:show_msg(506) [2007/11/30 09:01:07.645176, 5, pid=5670] lib/util.c:show_msg(516) size=260 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=100 smb_mid=3 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 178 (0xB2) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=53340 (0xD05C) smb_vwv[11]=32768 (0x8000) smb_bcc=201 [2007/11/30 09:01:07.645337, 10, pid=5670] lib/util.c:dump_data(2285) [000] A1 81 AF 30 81 AC A2 81 A9 04 81 A6 4E 54 4C 4D ...0.... ....NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 SSP..... ....@... [020] 18 00 18 00 58 00 00 00 10 00 10 00 70 00 00 00 ....X... ....p... [030] 0C 00 0C 00 80 00 00 00 0A 00 0A 00 8C 00 00 00 ........ ........ [040] 10 00 10 00 96 00 00 00 15 82 08 60 96 76 B6 17 ........ ...`.v.. [050] 3A E3 44 F2 00 00 00 00 00 00 00 00 00 00 00 00 :.D..... ........ [060] 00 00 00 00 1E B1 95 E0 CE 50 D4 33 5F B6 4E AC ........ .P.3_.N. [070] 17 D9 2A 57 A6 C3 F9 39 1E 6F 04 4B 5A 00 41 00 ..*W...9 .o.KZ.A. [080] 52 00 54 00 53 00 4F 00 46 00 54 00 47 00 4F 00 R.T.S.O. F.T.G.O. [090] 44 00 41 00 49 00 24 00 47 00 4F 00 44 00 41 00 D.A.I.$. G.O.D.A. [0A0] 49 00 03 BF CF 96 7A DC E5 F8 0C 8A 57 AB 7A DE I.....z. ....W.z. [0B0] C0 EF 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 ...U.n.i .x...S.a [0C0] 00 6D 00 62 00 61 00 00 00 .m.b.a.. . [2007/11/30 09:01:07.645522, 3, pid=5670] smbd/process.c:switch_message(926) switch message SMBsesssetupX (pid 5670) conn 0x0 [2007/11/30 09:01:07.645541, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:07.645559, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:07.645577, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:07.645607, 5, pid=5670] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:01:07.645629, 3, pid=5670] smbd/sesssetup.c:reply_sesssetup_and_X(1244) wct=12 flg2=0xc801 [2007/11/30 09:01:07.645646, 3, pid=5670] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1029) Doing spnego session setup [2007/11/30 09:01:07.645664, 3, pid=5670] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2007/11/30 09:01:07.645692, 10, pid=5670] smbd/sesssetup.c:check_spnego_blob_complete(975) check_spnego_blob_complete: needed_len = 178, pblob->length = 178 [2007/11/30 09:01:07.645720, 3, pid=5670] libsmb/ntlmssp.c:ntlmssp_server_auth(739) Got user=[GODAI$] domain=[ZARTSOFT] workstation=[GODAI] len1=24 len2=24 [2007/11/30 09:01:07.645747, 5, pid=5670] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(69) auth_context challenge set by NTLMSSP callback (NTLM2) [2007/11/30 09:01:07.645770, 5, pid=5670] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(70) challenge is: [2007/11/30 09:01:07.645787, 5, pid=5670] lib/util.c:dump_data(2285) [000] EA F8 E5 EC A2 90 3A C6 ......:. [2007/11/30 09:01:07.645829, 6, pid=5670] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:01:07.645875, 5, pid=5670] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [ZARTSOFT]\[GODAI$] from workstation [GODAI] [2007/11/30 09:01:07.645895, 3, pid=5670] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:01:07.645914, 3, pid=5670] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:01:07.645932, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:01:07.645950, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:07.645966, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:07.646011, 5, pid=5670] auth/auth_util.c:is_trusted_domain(2198) is_trusted_domain: Checking for domain trust with [ZARTSOFT] [2007/11/30 09:01:07.646052, 5, pid=5670] passdb/secrets.c:secrets_fetch_trusted_domain_password(473) secrets_fetch failed! [2007/11/30 09:01:07.646079, 3, pid=5670] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:07.646121, 10, pid=5670] lib/gencache.c:gencache_get(212) Cache entry with key = TDOM/ZARTSOFT couldn't be found [2007/11/30 09:01:07.646143, 5, pid=5670] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain ZARTSOFT found. [2007/11/30 09:01:07.646163, 5, pid=5670] auth/auth_util.c:make_user_info(75) attempting to make a user_info for GODAI$ (GODAI$) [2007/11/30 09:01:07.646182, 5, pid=5670] auth/auth_util.c:make_user_info(85) making strings for GODAI$'s user_info struct [2007/11/30 09:01:07.646200, 5, pid=5670] auth/auth_util.c:make_user_info(117) making blobs for GODAI$'s user_info struct [2007/11/30 09:01:07.646218, 10, pid=5670] auth/auth_util.c:make_user_info(135) made an encrypted user_info for GODAI$ (GODAI$) [2007/11/30 09:01:07.646236, 3, pid=5670] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [ZARTSOFT]\[GODAI$]@[GODAI] with the new password interface [2007/11/30 09:01:07.646256, 3, pid=5670] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [ZARTSOFT]\[GODAI$]@[GODAI] [2007/11/30 09:01:07.646274, 10, pid=5670] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2007/11/30 09:01:07.646291, 10, pid=5670] auth/auth.c:check_ntlm_password(235) challenge is: [2007/11/30 09:01:07.646308, 5, pid=5670] lib/util.c:dump_data(2285) [000] EA F8 E5 EC A2 90 3A C6 ......:. [2007/11/30 09:01:07.646337, 10, pid=5670] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2007/11/30 09:01:07.646359, 8, pid=5670] lib/util.c:is_myname(2097) is_myname("ZARTSOFT") returns 0 [2007/11/30 09:01:07.646384, 3, pid=5670] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:01:07.646403, 3, pid=5670] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:01:07.646421, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:01:07.646438, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:07.646456, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:07.646534, 4, pid=5670] passdb/pdb_tdb.c:tdbsam_open(869) tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb [2007/11/30 09:01:07.646581, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_username(581) pdb_set_username: setting username godai$, was [2007/11/30 09:01:07.646603, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_domain(604) pdb_set_domain: setting domain ZARTSOFT, was [2007/11/30 09:01:07.646621, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_nt_username(627) pdb_set_nt_username: setting nt username , was [2007/11/30 09:01:07.646640, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_fullname(650) pdb_set_full_name: setting full name godai, was [2007/11/30 09:01:07.646660, 4, pid=5670] lib/substitute.c:automount_server(407) Home server: godai [2007/11/30 09:01:07.646686, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_homedir(743) pdb_set_homedir: setting home dir \\godai\godai_, was [2007/11/30 09:01:07.646705, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_dir_drive(719) pdb_set_dir_drive: setting dir drive , was NULL [2007/11/30 09:01:07.646726, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_logon_script(673) pdb_set_logon_script: setting logon script , was [2007/11/30 09:01:07.646761, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_profile_path(696) pdb_set_profile_path: setting profile path , was [2007/11/30 09:01:07.646802, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_workstations(786) pdb_set_workstations: setting workstations , was [2007/11/30 09:01:07.646825, 3, pid=5670] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:01:07.646845, 3, pid=5670] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:01:07.646863, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:01:07.646880, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:07.646897, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:07.646938, 10, pid=5670] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 09:01:07.646966, 3, pid=5670] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:01:07.646988, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_user_sid(510) pdb_set_user_sid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 [2007/11/30 09:01:07.647021, 10, pid=5670] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 from rid 2040 [2007/11/30 09:01:07.647054, 8, pid=5670] passdb/pdb_tdb.c:tdbsam_close(882) tdbsam_close: Reference count is now 0. [2007/11/30 09:01:07.647088, 3, pid=5670] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:01:07.647108, 3, pid=5670] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:01:07.647126, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:01:07.647143, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:07.647160, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:07.647193, 10, pid=5670] lib/account_pol.c:account_policy_get(294) account_policy_get: name: maximum password age, val: -1 [2007/11/30 09:01:07.647217, 3, pid=5670] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:01:07.647238, 5, pid=5670] lib/username.c:Get_Pwnam_alloc(131) Finding user godai$ [2007/11/30 09:01:07.647257, 5, pid=5670] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is godai$ [2007/11/30 09:01:07.647328, 5, pid=5670] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [godai$]! [2007/11/30 09:01:07.647409, 10, pid=5670] passdb/lookup_sid.c:check_dom_sid_to_level(663) Accepting SID S-1-5-21-2274471336-3138038065-606154707 in level 1 [2007/11/30 09:01:07.647436, 3, pid=5670] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:01:07.647455, 3, pid=5670] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:01:07.647473, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:01:07.647491, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:07.647508, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:07.647539, 5, pid=5670] passdb/pdb_interface.c:lookup_global_sam_rid(1522) lookup_global_sam_rid: looking up RID 515. [2007/11/30 09:01:07.647560, 3, pid=5670] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2007/11/30 09:01:07.647578, 3, pid=5670] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2007/11/30 09:01:07.647613, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2007/11/30 09:01:07.647632, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:07.647649, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:07.647700, 4, pid=5670] passdb/pdb_tdb.c:tdbsam_open(869) tdbsam_open: successfully opened /var/lib/samba/private/passdb.tdb [2007/11/30 09:01:07.647724, 5, pid=5670] passdb/pdb_tdb.c:tdbsam_getsampwrid(1114) pdb_getsampwrid (TDB): error looking up RID 515 by key RID_00000203. Error: Record does not exist [2007/11/30 09:01:07.647749, 8, pid=5670] passdb/pdb_tdb.c:tdbsam_close(882) tdbsam_close: Reference count is now 0. [2007/11/30 09:01:07.647795, 3, pid=5670] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:01:07.647817, 5, pid=5670] passdb/pdb_interface.c:pdb_default_lookup_rids(1643) lookup_rids: Domain Computers:2 [2007/11/30 09:01:07.647839, 3, pid=5670] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:01:07.647859, 10, pid=5670] passdb/lookup_sid.c:lookup_sid(941) Sid S-1-5-21-2274471336-3138038065-606154707-515 -> ZARTSOFT\Domain Computers(2) [2007/11/30 09:01:07.647886, 3, pid=5670] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:01:07.647905, 3, pid=5670] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:01:07.647922, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:01:07.647940, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:07.647956, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:07.647989, 10, pid=5670] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 09:01:07.648012, 3, pid=5670] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:01:07.648038, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_username(581) pdb_set_username: setting username godai$, was [2007/11/30 09:01:07.648058, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_domain(604) pdb_set_domain: setting domain ZARTSOFT, was [2007/11/30 09:01:07.648076, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_nt_username(627) pdb_set_nt_username: setting nt username , was [2007/11/30 09:01:07.648094, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_fullname(650) pdb_set_full_name: setting full name godai, was [2007/11/30 09:01:07.648114, 4, pid=5670] lib/substitute.c:automount_server(407) Home server: godai [2007/11/30 09:01:07.648137, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_homedir(743) pdb_set_homedir: setting home dir \\godai\godai_, was [2007/11/30 09:01:07.648156, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_dir_drive(719) pdb_set_dir_drive: setting dir drive , was NULL [2007/11/30 09:01:07.648175, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_logon_script(673) pdb_set_logon_script: setting logon script , was [2007/11/30 09:01:07.648194, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_profile_path(696) pdb_set_profile_path: setting profile path , was [2007/11/30 09:01:07.648212, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_workstations(786) pdb_set_workstations: setting workstations , was [2007/11/30 09:01:07.648233, 3, pid=5670] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/11/30 09:01:07.648252, 3, pid=5670] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2007/11/30 09:01:07.648269, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/11/30 09:01:07.648287, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:07.648319, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:07.648354, 10, pid=5670] lib/account_pol.c:account_policy_get(294) account_policy_get: name: password history, val: 0 [2007/11/30 09:01:07.648377, 3, pid=5670] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:01:07.648397, 10, pid=5670] passdb/pdb_get_set.c:pdb_set_user_sid(510) pdb_set_user_sid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 [2007/11/30 09:01:07.648418, 10, pid=5670] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2274471336-3138038065-606154707-2040 from rid 2040 [2007/11/30 09:01:07.648450, 3, pid=5670] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:07.648473, 4, pid=5670] libsmb/ntlm_check.c:ntlm_password_check(326) ntlm_password_check: Checking NT MD4 password [2007/11/30 09:01:07.648588, 4, pid=5670] auth/auth_sam.c:sam_account_ok(138) sam_account_ok: Checking SMB password for user godai$ [2007/11/30 09:01:07.648617, 5, pid=5670] auth/auth_sam.c:logon_hours_ok(120) logon_hours_ok: user godai$ allowed to logon at this time (Fri Nov 30 04:01:07 2007 ) [2007/11/30 09:01:07.648642, 3, pid=5670] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:01:07.648660, 3, pid=5670] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:01:07.648678, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:01:07.648695, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:07.648712, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:07.648744, 10, pid=5670] lib/account_pol.c:account_policy_get(294) account_policy_get: name: maximum password age, val: -1 [2007/11/30 09:01:07.648771, 3, pid=5670] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:07.648793, 3, pid=5670] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:01:07.648812, 3, pid=5670] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:01:07.648829, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:01:07.648846, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:07.648864, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:07.648891, 10, pid=5670] lib/util_pw.c:getpwnam_alloc(76) Got godai$ from pwnam_cache [2007/11/30 09:01:07.648911, 10, pid=5670] lib/util_pw.c:getpwnam_alloc(76) Got godai$ from pwnam_cache [2007/11/30 09:01:07.648970, 10, pid=5670] lib/system_smbd.c:sys_getgrouplist(125) sys_getgrouplist: user [godai$] [2007/11/30 09:01:17.647169, 5, pid=5657] passdb/lookup_sid.c:gid_to_sid(1354) gid_to_sid: winbind failed to find a sid for gid 1515 [2007/11/30 09:01:17.647244, 5, pid=5657] auth/auth_util.c:make_server_info_sam(623) make_server_info_sam: made server info for user godai$ -> godai$ [2007/11/30 09:01:17.647279, 3, pid=5657] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:17.647303, 3, pid=5657] auth/auth.c:check_ntlm_password(270) check_ntlm_password: sam authentication for user [GODAI$] succeeded [2007/11/30 09:01:17.647326, 3, pid=5657] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:01:17.647411, 10, pid=5660] passdb/lookup_sid.c:gid_to_sid(1359) gid 1515 -> sid S-1-5-21-2274471336-3138038065-606154707-515 [2007/11/30 09:01:17.647442, 3, pid=5660] passdb/lookup_sid.c:store_gid_sid_cache(1133) store_gid_sid_cache: gid 1515 in cache -> S-1-5-21-2274471336-3138038065-606154707-515 [2007/11/30 09:01:17.647486, 5, pid=5660] auth/auth_util.c:make_server_info_sam(623) make_server_info_sam: made server info for user godai$ -> godai$ [2007/11/30 09:01:17.647514, 3, pid=5660] smbd/sec_ctx.c:pop_sec_ctx(356) [2007/11/30 09:01:17.647575, 3, pid=5657] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:01:17.647597, 3, pid=5657] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:01:17.647616, 5, pid=5657] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:17.647635, 5, pid=5657] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:17.647673, 3, pid=5657] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:17.647703, 3, pid=5660] auth/auth.c:check_ntlm_password(270) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:17.647709, 10, pid=5670] passdb/lookup_sid.c:gid_to_sid(1359) check_ntlm_password: sam authentication for user [GODAI$] succeeded gid 1515 -> sid S-1-5-21-2274471336-3138038065-606154707-515 [2007/11/30 09:01:17.647744, 3, pid=5660] smbd/sec_ctx.c:push_sec_ctx(208) [2007/11/30 09:01:17.647749, 3, pid=5670] passdb/lookup_sid.c:store_gid_sid_cache(1133) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 store_gid_sid_cache: gid 1515 in cache -> S-1-5-21-2274471336-3138038065-606154707-515 [2007/11/30 09:01:17.647780, 3, pid=5660] smbd/uid.c:push_conn_ctx(358) [2007/11/30 09:01:17.647786, 5, pid=5670] auth/auth_util.c:make_server_info_sam(623) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 make_server_info_sam: made server info for user godai$ -> godai$ [2007/11/30 09:01:17.647814, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:01:17.647826, 3, pid=5670] smbd/sec_ctx.c:pop_sec_ctx(356) [2007/11/30 09:01:17.647835, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) [2007/11/30 09:01:17.647861, 3, pid=5670] auth/auth.c:check_ntlm_password(270) [2007/11/30 09:01:17.647866, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) check_ntlm_password: sam authentication for user [GODAI$] succeeded [2007/11/30 09:01:17.647798, 5, pid=5657] auth/auth.c:check_ntlm_password(296) UNIX token of user 0 [2007/11/30 09:01:17.647898, 3, pid=5670] smbd/sec_ctx.c:push_sec_ctx(208) Primary group is 0 and contains 0 supplementary groups push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/11/30 09:01:17.647932, 3, pid=5670] smbd/uid.c:push_conn_ctx(358) [2007/11/30 09:01:17.647937, 3, pid=5660] smbd/sec_ctx.c:pop_sec_ctx(356) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/11/30 09:01:17.647963, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/11/30 09:01:17.647982, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:17.647999, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:17.648037, 3, pid=5670] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:17.648056, 5, pid=5670] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [godai$] succeeded [2007/11/30 09:01:17.648073, 2, pid=5670] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [GODAI$] -> [GODAI$] -> [godai$] succeeded [2007/11/30 09:01:17.648093, 5, pid=5670] auth/auth_util.c:free_user_info(2045) attempting to free (and zero) a user_info structure [2007/11/30 09:01:17.648110, 10, pid=5670] auth/auth_util.c:free_user_info(2049) structure was created for GODAI$ [2007/11/30 09:01:17.648131, 10, pid=5670] auth/auth_util.c:create_local_nt_token(844) Create local NT token for S-1-5-21-2274471336-3138038065-606154707-2040 [2007/11/30 09:01:17.648172, 3, pid=5670] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777218 -> S-1-5-32-544 [2007/11/30 09:01:17.648198, 3, pid=5670] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777219 -> S-1-5-32-545 [2007/11/30 09:01:17.648295, 3, pid=5670] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2274471336-3138038065-606154707-2040] [2007/11/30 09:01:17.648325, 3, pid=5670] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2274471336-3138038065-606154707-515] [2007/11/30 09:01:17.648352, 5, pid=5670] lib/privileges.c:get_privileges_for_sids(460) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 09:01:17.648387, 3, pid=5670] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2007/11/30 09:01:17.648411, 3, pid=5670] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-11] [2007/11/30 09:01:17.648435, 3, pid=5670] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-22-2-1515] [2007/11/30 09:01:17.648454, 3, pid=5670] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 1515 -> S-1-5-21-2274471336-3138038065-606154707-515 check_ntlm_password: PAM Account for user [godai$] succeeded [2007/11/30 09:01:17.648500, 2, pid=5657] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [GODAI$] -> [GODAI$] -> [godai$] succeeded [2007/11/30 09:01:17.648522, 5, pid=5657] auth/auth_util.c:free_user_info(2045) attempting to free (and zero) a user_info structure [2007/11/30 09:01:17.648547, 10, pid=5657] auth/auth_util.c:free_user_info(2049) structure was created for GODAI$ [2007/11/30 09:01:17.648571, 10, pid=5657] auth/auth_util.c:create_local_nt_token(844) Create local NT token for S-1-5-21-2274471336-3138038065-606154707-2040 [2007/11/30 09:01:17.648597, 3, pid=5657] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777218 -> S-1-5-32-544 [2007/11/30 09:01:17.648620, 3, pid=5657] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777219 -> S-1-5-32-545 [2007/11/30 09:01:17.648728, 3, pid=5657] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2274471336-3138038065-606154707-2040] [2007/11/30 09:01:17.648764, 3, pid=5657] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-0-0] [2007/11/30 09:01:17.648792, 5, pid=5657] lib/privileges.c:get_privileges_for_sids(460) [2007/11/30 09:01:17.648816, 10, pid=5670] passdb/lookup_sid.c:sid_to_gid(1450) winbind failed to find a gid for sid S-1-1-0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:17.648843, 10, pid=5670] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-1-0 to gid, ignoring it get_privileges_for_sids: sid = S-1-1-0 [2007/11/30 09:01:17.648850, 5, pid=5660] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [godai$] succeeded [2007/11/30 09:01:17.648894, 2, pid=5660] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [GODAI$] -> [GODAI$] -> [godai$] succeeded [2007/11/30 09:01:17.648916, 5, pid=5660] auth/auth_util.c:free_user_info(2045) attempting to free (and zero) a user_info structure [2007/11/30 09:01:17.648936, 10, pid=5660] auth/auth_util.c:free_user_info(2049) structure was created for GODAI$ [2007/11/30 09:01:17.648958, 10, pid=5660] auth/auth_util.c:create_local_nt_token(844) Create local NT token for S-1-5-21-2274471336-3138038065-606154707-2040 [2007/11/30 09:01:17.648984, 3, pid=5660] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777218 -> S-1-5-32-544 [2007/11/30 09:01:17.649005, 3, pid=5660] passdb/lookup_sid.c:fetch_gid_from_cache(1089) fetch gid from cache 16777219 -> S-1-5-32-545 [2007/11/30 09:01:17.649120, 3, pid=5660] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2274471336-3138038065-606154707-2040] [2007/11/30 09:01:17.649151, 3, pid=5660] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-21-2274471336-3138038065-606154707-515] [2007/11/30 09:01:17.649178, 5, pid=5660] lib/privileges.c:get_privileges_for_sids(460) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 09:01:17.649220, 3, pid=5660] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-2] [2007/11/30 09:01:17.649246, 3, pid=5660] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-11] [2007/11/30 09:01:17.649271, 3, pid=5660] lib/privileges.c:get_privileges(261) Privilege set: [2007/11/30 09:01:17.649269, 10, pid=5670] passdb/lookup_sid.c:sid_to_gid(1450) get_privileges: No privileges assigned to SID [S-1-22-2-1515] SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 09:01:17.649311, 3, pid=5660] passdb/lookup_sid.c:fetch_gid_from_cache(1089) [2007/11/30 09:01:17.649323, 3, pid=5657] lib/privileges.c:get_privileges(261) fetch gid from cache 1515 -> S-1-5-21-2274471336-3138038065-606154707-515 winbind failed to find a gid for sid S-1-5-2 [2007/11/30 09:01:17.649357, 10, pid=5670] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-2 to gid, ignoring it get_privileges: No privileges assigned to SID [S-1-5-2] [2007/11/30 09:01:17.649415, 3, pid=5657] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-5-11] [2007/11/30 09:01:17.649444, 3, pid=5657] lib/privileges.c:get_privileges(261) get_privileges: No privileges assigned to SID [S-1-22-2-1515] [2007/11/30 09:01:17.649945, 10, pid=5660] passdb/lookup_sid.c:sid_to_gid(1450) winbind failed to find a gid for sid S-1-1-0 [2007/11/30 09:01:17.649969, 10, pid=5660] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-1-0 to gid, ignoring it [2007/11/30 09:01:17.650093, 10, pid=5670] passdb/lookup_sid.c:sid_to_gid(1450) winbind failed to find a gid for sid S-1-5-11 [2007/11/30 09:01:17.650121, 10, pid=5670] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-11 to gid, ignoring it [2007/11/30 09:01:17.650143, 10, pid=5670] passdb/lookup_sid.c:sid_to_gid(1437) sid S-1-22-2-1515 -> gid 1515 [2007/11/30 09:01:17.650164, 10, pid=5670] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-2040 contains 6 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-2040 SID[ 1]: S-1-5-21-2274471336-3138038065-606154707-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1515 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 09:01:17.650253, 10, pid=5670] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2007/11/30 09:01:17.650292, 10, pid=5670] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144) Got LM session key of length 16 [2007/11/30 09:01:17.650319, 10, pid=5670] libsmb/ntlmssp.c:ntlmssp_server_auth(805) ntlmssp_server_auth: Created NTLM2 session key. [2007/11/30 09:01:17.650352, 3, pid=5670] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2007/11/30 09:01:17.650373, 3, pid=5670] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET [2007/11/30 09:01:17.650412, 10, pid=5660] passdb/lookup_sid.c:sid_to_gid(1450) winbind failed to find a gid for sid S-1-5-2 NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM [2007/11/30 09:01:17.650438, 10, pid=5660] auth/auth_util.c:create_local_token(1039) NTLMSSP_NEGOTIATE_ALWAYS_SIGN Could not convert SID S-1-5-2 to gid, ignoring it NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2007/11/30 09:01:17.650528, 10, pid=5670] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 101 [2007/11/30 09:01:17.650578, 10, pid=5670] lib/util_pw.c:getpwnam_alloc(76) Got godai$ from pwnam_cache [2007/11/30 09:01:17.650599, 10, pid=5670] smbd/password.c:register_vuid(277) register_vuid: (520,1515) godai$ GODAI$ ZARTSOFT guest=0 [2007/11/30 09:01:17.650620, 3, pid=5670] smbd/password.c:register_vuid(280) User name: godai$ Real name: godai [2007/11/30 09:01:17.650639, 3, pid=5670] smbd/password.c:register_vuid(301) UNIX uid 520 is UNIX user godai$, and will be vuid 101 [2007/11/30 09:01:17.650736, 7, pid=5670] param/loadparm.c:lp_servicenumber(5209) lp_servicenumber: couldn't find godai$ [2007/11/30 09:01:17.650764, 3, pid=5670] smbd/password.c:register_vuid(332) Adding homes service for user 'godai$' using home directory: '/dev/null' [2007/11/30 09:01:17.650835, 10, pid=5660] passdb/lookup_sid.c:sid_to_gid(1450) winbind failed to find a gid for sid S-1-5-11 [2007/11/30 09:01:17.650858, 10, pid=5660] auth/auth_util.c:create_local_token(1039) [2007/11/30 09:01:17.650862, 8, pid=5670] param/loadparm.c:add_a_service(2577) Could not convert SID S-1-5-11 to gid, ignoring it add_a_service: Creating snum = 7 for godai$ [2007/11/30 09:01:17.650892, 10, pid=5660] passdb/lookup_sid.c:sid_to_gid(1437) [2007/11/30 09:01:17.650898, 10, pid=5670] param/loadparm.c:hash_a_service(2624) sid S-1-22-2-1515 -> gid 1515 hash_a_service: hashing index 7 for service name godai$ [2007/11/30 09:01:17.650926, 10, pid=5660] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-2040 contains 6 SIDs [2007/11/30 09:01:17.650947, 3, pid=5670] param/loadparm.c:lp_add_home(2670) SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-2040 adding home's share [godai$] for user 'godai$' at '/dev/null' SID[ 1]: S-1-5-21-2274471336-3138038065-606154707-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1515 [2007/11/30 09:01:17.651005, 6, pid=5670] param/loadparm.c:lp_file_list_changed(3080) SE_PRIV 0x0 0x0 0x0 0x0 lp_file_list_changed() [2007/11/30 09:01:17.651037, 10, pid=5660] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:01:17.650470, 10, pid=5657] passdb/lookup_sid.c:sid_to_gid(1450) Got NT session key of length 16 winbind failed to find a gid for sid S-1-0-0 [2007/11/30 09:01:17.651082, 10, pid=5660] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144) [2007/11/30 09:01:17.651118, 5, pid=5670] lib/util.c:show_msg(506) [2007/11/30 09:01:17.651131, 5, pid=5670] lib/util.c:show_msg(516) size=120 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5651 [2007/11/30 09:01:17.651085, 10, pid=5657] auth/auth_util.c:create_local_token(1039) Got LM session key of length 16 Could not convert SID S-1-0-0 to gid, ignoring it [2007/11/30 09:01:17.651213, 10, pid=5660] libsmb/ntlmssp.c:ntlmssp_server_auth(805) ntlmssp_server_auth: Created NTLM2 session key. [2007/11/30 09:01:17.651240, 3, pid=5660] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2007/11/30 09:01:17.651260, 3, pid=5660] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2007/11/30 09:01:17.651338, 10, pid=5660] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 101 [2007/11/30 09:01:17.651362, 10, pid=5660] lib/util_pw.c:getpwnam_alloc(76) Got godai$ from pwnam_cache [2007/11/30 09:01:17.651382, 10, pid=5660] smbd/password.c:register_vuid(277) register_vuid: (520,1515) godai$ GODAI$ ZARTSOFT guest=0 [2007/11/30 09:01:17.651401, 3, pid=5660] smbd/password.c:register_vuid(280) User name: godai$ Real name: godai [2007/11/30 09:01:17.651420, 3, pid=5660] smbd/password.c:register_vuid(301) UNIX uid 520 is UNIX user godai$, and will be vuid 101 [2007/11/30 09:01:17.651506, 7, pid=5660] param/loadparm.c:lp_servicenumber(5209) lp_servicenumber: couldn't find godai$ [2007/11/30 09:01:17.651528, 3, pid=5660] smbd/password.c:register_vuid(332) Adding homes service for user 'godai$' using home directory: '/dev/null' [2007/11/30 09:01:17.651585, 8, pid=5660] param/loadparm.c:add_a_service(2577) add_a_service: Creating snum = 7 for godai$ [2007/11/30 09:01:17.651596, 10, pid=5657] passdb/lookup_sid.c:sid_to_gid(1450) [2007/11/30 09:01:17.651606, 10, pid=5660] param/loadparm.c:hash_a_service(2624) smb_uid=101 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=77 [2007/11/30 09:01:17.651667, 10, pid=5670] lib/util.c:dump_data(2285) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 36 00 61 00 2D 00 30 ...0...2 .6.a.-.0 [030] 00 2E 00 66 00 63 00 37 00 00 00 5A 00 41 00 52 ...f.c.7 ...Z.A.R [040] 00 54 00 53 00 4F 00 46 00 54 00 00 00 .T.S.O.F .T... [2007/11/30 09:01:17.651815, 10, pid=5670] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2007/11/30 09:01:17.651866, 10, pid=5670] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length < 0! [2007/11/30 09:01:17.651885, 3, pid=5670] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). [2007/11/30 09:01:17.651906, 5, pid=5670] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/11/30 09:01:17.651934, 5, pid=5670] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/11/30 09:01:17.651954, 3, pid=5670] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:17.651972, 5, pid=5670] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:17.651989, 5, pid=5670] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:17.652019, 5, pid=5670] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:01:17.652070, 3, pid=5670] smbd/connection.c:yield_connection(69) Yielding connection to [2007/11/30 09:01:17.652127, 3, pid=5670] smbd/server.c:exit_server_common(768) Server exit (normal exit) winbind failed to find a gid for sid S-1-1-0 hash_a_service: hashing index 7 for service name godai$ [2007/11/30 09:01:17.653109, 10, pid=5657] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-1-0 to gid, ignoring it [2007/11/30 09:01:17.653128, 3, pid=5660] param/loadparm.c:lp_add_home(2670) adding home's share [godai$] for user 'godai$' at '/dev/null' [2007/11/30 09:01:17.653176, 6, pid=5660] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:01:17.653232, 5, pid=5660] lib/util.c:show_msg(506) [2007/11/30 09:01:17.653245, 5, pid=5660] lib/util.c:show_msg(516) size=120 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=101 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=77 [2007/11/30 09:01:17.653352, 10, pid=5660] lib/util.c:dump_data(2285) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 36 00 61 00 2D 00 30 ...0...2 .6.a.-.0 [030] 00 2E 00 66 00 63 00 37 00 00 00 5A 00 41 00 52 ...f.c.7 ...Z.A.R [040] 00 54 00 53 00 4F 00 46 00 54 00 00 00 .T.S.O.F .T... [2007/11/30 09:01:17.653518, 10, pid=5660] lib/util_sock.c:read_data(525) [2007/11/30 09:01:17.653535, 10, pid=5657] passdb/lookup_sid.c:sid_to_gid(1450) winbind failed to find a gid for sid S-1-5-2 read_data: read of 4 returned 0. Error = Success [2007/11/30 09:01:17.653559, 10, pid=5657] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-2 to gid, ignoring it [2007/11/30 09:01:17.653567, 10, pid=5660] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length < 0! [2007/11/30 09:01:17.653594, 3, pid=5660] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). [2007/11/30 09:01:17.653618, 5, pid=5660] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/11/30 09:01:17.653646, 5, pid=5660] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/11/30 09:01:17.653668, 3, pid=5660] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:17.653687, 5, pid=5660] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:17.653705, 5, pid=5660] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:17.653737, 5, pid=5660] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:01:17.653792, 3, pid=5660] smbd/connection.c:yield_connection(69) Yielding connection to [2007/11/30 09:01:17.653848, 3, pid=5660] smbd/server.c:exit_server_common(768) Server exit (normal exit) [2007/11/30 09:01:17.653978, 10, pid=5657] passdb/lookup_sid.c:sid_to_gid(1450) winbind failed to find a gid for sid S-1-5-11 [2007/11/30 09:01:17.654000, 10, pid=5657] auth/auth_util.c:create_local_token(1039) Could not convert SID S-1-5-11 to gid, ignoring it [2007/11/30 09:01:17.654021, 10, pid=5657] passdb/lookup_sid.c:sid_to_gid(1437) sid S-1-22-2-1515 -> gid 1515 [2007/11/30 09:01:17.654042, 10, pid=5657] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-2274471336-3138038065-606154707-2040 contains 6 SIDs SID[ 0]: S-1-5-21-2274471336-3138038065-606154707-2040 SID[ 1]: S-1-0-0 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1515 SE_PRIV 0x0 0x0 0x0 0x0 [2007/11/30 09:01:17.654122, 10, pid=5657] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2007/11/30 09:01:17.654142, 10, pid=5657] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144) Got LM session key of length 16 [2007/11/30 09:01:17.654165, 10, pid=5657] libsmb/ntlmssp.c:ntlmssp_server_auth(805) ntlmssp_server_auth: Created NTLM2 session key. [2007/11/30 09:01:17.654195, 3, pid=5657] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2007/11/30 09:01:17.654216, 3, pid=5657] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2007/11/30 09:01:17.654292, 10, pid=5657] smbd/password.c:register_vuid(186) register_vuid: allocated vuid = 101 [2007/11/30 09:01:17.654317, 10, pid=5657] lib/util_pw.c:getpwnam_alloc(76) Got godai$ from pwnam_cache [2007/11/30 09:01:17.654336, 10, pid=5657] smbd/password.c:register_vuid(277) register_vuid: (520,1515) godai$ GODAI$ ZARTSOFT guest=0 [2007/11/30 09:01:17.654355, 3, pid=5657] smbd/password.c:register_vuid(280) User name: godai$ Real name: godai [2007/11/30 09:01:17.654374, 3, pid=5657] smbd/password.c:register_vuid(301) UNIX uid 520 is UNIX user godai$, and will be vuid 101 [2007/11/30 09:01:17.654448, 7, pid=5657] param/loadparm.c:lp_servicenumber(5209) lp_servicenumber: couldn't find godai$ [2007/11/30 09:01:17.654469, 3, pid=5657] smbd/password.c:register_vuid(332) Adding homes service for user 'godai$' using home directory: '/dev/null' [2007/11/30 09:01:17.654551, 8, pid=5657] param/loadparm.c:add_a_service(2577) add_a_service: Creating snum = 7 for godai$ [2007/11/30 09:01:17.654574, 10, pid=5657] param/loadparm.c:hash_a_service(2624) hash_a_service: hashing index 7 for service name godai$ [2007/11/30 09:01:17.654604, 3, pid=5657] param/loadparm.c:lp_add_home(2670) adding home's share [godai$] for user 'godai$' at '/dev/null' [2007/11/30 09:01:17.654646, 6, pid=5657] param/loadparm.c:lp_file_list_changed(3080) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Nov 30 08:56:43 2007 [2007/11/30 09:01:17.654694, 5, pid=5657] lib/util.c:show_msg(506) [2007/11/30 09:01:17.654766, 5, pid=5657] lib/util.c:show_msg(516) size=120 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5651 smb_uid=101 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=77 [2007/11/30 09:01:17.654866, 10, pid=5657] lib/util.c:dump_data(2285) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 32 00 36 00 61 00 2D 00 30 ...0...2 .6.a.-.0 [030] 00 2E 00 66 00 63 00 37 00 00 00 5A 00 41 00 52 ...f.c.7 ...Z.A.R [040] 00 54 00 53 00 4F 00 46 00 54 00 00 00 .T.S.O.F .T... [2007/11/30 09:01:17.655004, 10, pid=5657] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2007/11/30 09:01:17.655052, 10, pid=5657] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length < 0! [2007/11/30 09:01:17.655071, 3, pid=5657] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). [2007/11/30 09:01:17.655091, 5, pid=5657] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/11/30 09:01:17.655118, 5, pid=5657] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/11/30 09:01:17.655138, 3, pid=5657] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:17.655156, 5, pid=5657] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:17.655173, 5, pid=5657] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:17.655209, 5, pid=5657] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:01:17.655261, 3, pid=5657] smbd/connection.c:yield_connection(69) Yielding connection to [2007/11/30 09:01:17.655315, 3, pid=5657] smbd/server.c:exit_server_common(768) Server exit (normal exit) [2007/11/30 09:01:25.942917, 10, pid=5654] lib/util_sock.c:read_data(525) read_data: read of 4 returned 0. Error = Success [2007/11/30 09:01:25.942979, 10, pid=5654] lib/util_sock.c:receive_smb_raw(672) receive_smb_raw: length < 0! [2007/11/30 09:01:25.942999, 3, pid=5654] smbd/process.c:timeout_processing(1328) timeout_processing: End of file from client (client has disconnected). [2007/11/30 09:01:25.943022, 5, pid=5654] lib/gencache.c:gencache_shutdown(94) Closing cache file [2007/11/30 09:01:25.943050, 5, pid=5654] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2007/11/30 09:01:25.943071, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:25.943090, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:25.943108, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:25.943167, 5, pid=5654] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:01:25.943195, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:25.943236, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:25.943253, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:25.943282, 5, pid=5654] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:01:25.943302, 3, pid=5654] smbd/service.c:close_cnum(1230) godai (192.168.64.1) closed connection to service IPC$ [2007/11/30 09:01:25.943327, 3, pid=5654] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2007/11/30 09:01:25.943370, 4, pid=5654] smbd/vfs.c:vfs_ChDir(665) vfs_ChDir to / [2007/11/30 09:01:25.943393, 3, pid=5654] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:25.943412, 5, pid=5654] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:25.943429, 5, pid=5654] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:25.943457, 5, pid=5654] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:01:25.943517, 3, pid=5654] smbd/connection.c:yield_connection(69) Yielding connection to [2007/11/30 09:01:25.943565, 3, pid=5654] smbd/server.c:exit_server_common(768) Server exit (normal exit) [2007/11/30 09:01:30.522467, 3, pid=5594] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:30.522529, 5, pid=5594] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:30.522554, 5, pid=5594] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:30.522594, 5, pid=5594] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:01:30.522636, 3, pid=5594] smbd/connection.c:yield_connection(69) Yielding connection to [2007/11/30 09:01:30.522703, 3, pid=5594] smbd/server.c:exit_server_common(768) Server exit (normal exit) [2007/11/30 09:01:30.523166, 3, pid=5596] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/11/30 09:01:30.523207, 5, pid=5596] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/11/30 09:01:30.523234, 5, pid=5596] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/11/30 09:01:30.523275, 5, pid=5596] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/11/30 09:01:30.523307, 3, pid=5596] smbd/connection.c:yield_connection(69) Yielding connection to [2007/11/30 09:01:30.523337, 3, pid=5596] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2007/11/30 09:01:30.523386, 3, pid=5596] smbd/server.c:exit_server_common(768) Server exit (normal exit)