Maximum core file size limits now 16777216(soft) -1(hard) get_current_groups: user is in 7 groups: 0, 1, 2, 3, 4, 6, 10 smbd version 3.0.26pre1-SVN-build-UNKNOWN started. Copyright Andrew Tridgell and the Samba Team 1992-2007 uid=0 gid=0 euid=0 egid=0 Build environment: Built by: root@localhost.localdomain Built on: Wed Dec 19 09:53:19 EST 2007 Built using: gcc Build host: Linux localhost.localdomain 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:37:32 EDT 2006 i686 i686 i386 GNU/Linux SRCDIR: /mikev/samba/samba_3_0_ctdb/source BUILDDIR: /mikev/samba/samba_3_0_ctdb/source Paths: SBINDIR: /usr/samba-ctdb/sbin BINDIR: /usr/samba-ctdb/bin SWATDIR: /usr/samba-ctdb/samba/swat CONFIGFILE: /usr/samba-ctdb/samba/lib/smb.conf LOGFILEBASE: /usr/samba-ctdb/var LMHOSTSFILE: /usr/samba-ctdb/samba/lib/lmhosts LIBDIR: /usr/samba-ctdb/samba/lib SHLIBEXT: so LOCKDIR: /usr/samba-ctdb/samba/var/locks PIDDIR: /usr/samba-ctdb/samba/var/locks SMB_PASSWD_FILE: /usr/samba-ctdb/samba/private/smbpasswd PRIVATE_DIR: /usr/samba-ctdb/samba/private System Headers: HAVE_SYS_ACL_H HAVE_SYS_CAPABILITY_H HAVE_SYS_CDEFS_H HAVE_SYS_FCNTL_H HAVE_SYS_IOCTL_H HAVE_SYS_IPC_H HAVE_SYS_MMAN_H HAVE_SYS_MOUNT_H HAVE_SYS_PARAM_H HAVE_SYS_PRCTL_H HAVE_SYS_QUOTA_H HAVE_SYS_RESOURCE_H HAVE_SYS_SELECT_H HAVE_SYS_SHM_H HAVE_SYS_SOCKET_H HAVE_SYS_STATFS_H HAVE_SYS_STATVFS_H HAVE_SYS_STAT_H HAVE_SYS_SYSCALL_H HAVE_SYS_SYSLOG_H HAVE_SYS_SYSMACROS_H HAVE_SYS_TIME_H HAVE_SYS_TYPES_H HAVE_SYS_UIO_H HAVE_SYS_UNISTD_H HAVE_SYS_UN_H HAVE_SYS_VFS_H HAVE_SYS_WAIT_H HAVE_SYS_XATTR_H Headers: HAVE_ACL_LIBACL_H HAVE_AIO_H HAVE_ALLOCA_H HAVE_ARPA_INET_H HAVE_ASM_TYPES_H HAVE_ASM_UNISTD_H HAVE_ATTR_XATTR_H HAVE_CTYPE_H HAVE_DIRENT_H HAVE_DLFCN_H HAVE_EXECINFO_H HAVE_FCNTL_H HAVE_FLOAT_H HAVE_FNMATCH_H HAVE_GLOB_H HAVE_GRP_H HAVE_GSSAPI_GSSAPI_GENERIC_H HAVE_GSSAPI_GSSAPI_H HAVE_KRB5_H HAVE_KRB5_LOCATE_PLUGIN_H HAVE_LANGINFO_H HAVE_LASTLOG_H HAVE_LBER_H HAVE_LDAP_H HAVE_LIMITS_H HAVE_LINUX_INOTIFY_H HAVE_LOCALE_H HAVE_MEMORY_H HAVE_MNTENT_H HAVE_NETDB_H HAVE_NETINET_IN_H HAVE_NETINET_IN_SYSTM_H HAVE_NETINET_IP_H HAVE_NETINET_TCP_H HAVE_NET_IF_H HAVE_NSS_H HAVE_PWD_H HAVE_READLINE_HISTORY_H HAVE_READLINE_READLINE_H HAVE_RPCSVC_NIS_H HAVE_RPCSVC_YPCLNT_H HAVE_RPCSVC_YP_PROT_H HAVE_RPC_RPC_H HAVE_SETJMP_H HAVE_SHADOW_H HAVE_STDARG_H HAVE_STDBOOL_H HAVE_STDINT_H HAVE_STDIO_H HAVE_STDLIB_H HAVE_STRINGS_H HAVE_STRING_H HAVE_SYSCALL_H HAVE_SYSLOG_H HAVE_TERMIOS_H HAVE_TERMIO_H HAVE_TIME_H HAVE_UNISTD_H HAVE_UTIME_H HAVE_VALGRIND_MEMCHECK_H HAVE_VALGRIND_VALGRIND_H UTMP Options: HAVE_GETUTMPX HAVE_UTMPX_H HAVE_UTMP_H HAVE_UT_UT_ADDR HAVE_UT_UT_EXIT HAVE_UT_UT_HOST HAVE_UT_UT_ID HAVE_UT_UT_NAME HAVE_UT_UT_PID HAVE_UT_UT_TIME HAVE_UT_UT_TV HAVE_UT_UT_TYPE HAVE_UT_UT_USER PUTUTLINE_RETURNS_UTMP WITH_UTMP HAVE_* Defines: HAVE_ADDRTYPE_IN_KRB5_ADDRESS HAVE_AP_OPTS_USE_SUBKEY HAVE_ASPRINTF HAVE_ASPRINTF_DECL HAVE_ATEXIT HAVE_BACKTRACE_SYMBOLS HAVE_BER_SCANF HAVE_BOOL HAVE_BZERO HAVE_C99_VSNPRINTF HAVE_CAP_GET_PROC HAVE_CHMOD HAVE_CHOWN HAVE_CHROOT HAVE_COMPARISON_FN_T HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS HAVE_CONNECT HAVE_CREAT64 HAVE_CRYPT HAVE_DECL_ASPRINTF HAVE_DECL_RL_EVENT_HOOK HAVE_DECL_SNPRINTF HAVE_DECL_VASPRINTF HAVE_DECL_VSNPRINTF HAVE_DEVICE_MAJOR_FN HAVE_DEVICE_MINOR_FN HAVE_DIRENT_D_OFF HAVE_DLCLOSE HAVE_DLERROR HAVE_DLOPEN HAVE_DLSYM HAVE_DUP2 HAVE_ENDMNTENT HAVE_ENDNETGRENT HAVE_ERRNO_DECL HAVE_EXECL HAVE_EXPLICIT_LARGEFILE_SUPPORT HAVE_FCHMOD HAVE_FCHOWN HAVE_FCNTL_LOCK HAVE_FCVT HAVE_FGETXATTR HAVE_FLISTXATTR HAVE_FOPEN64 HAVE_FREMOVEXATTR HAVE_FSEEKO64 HAVE_FSETXATTR HAVE_FSID_INT HAVE_FSTAT HAVE_FSTAT64 HAVE_FSYNC HAVE_FTELLO64 HAVE_FTRUNCATE HAVE_FTRUNCATE64 HAVE_FTRUNCATE_EXTEND HAVE_FUNCTION_MACRO HAVE_GETCONTEXT HAVE_GETCWD HAVE_GETDIRENTRIES HAVE_GETGRENT HAVE_GETGRNAM HAVE_GETGROUPLIST HAVE_GETMNTENT HAVE_GETNETGRENT HAVE_GETPAGESIZE HAVE_GETPGRP HAVE_GETPWENT_R HAVE_GETRLIMIT HAVE_GETSPNAM HAVE_GETTIMEOFDAY_TZ HAVE_GETXATTR HAVE_GLOB HAVE_GRANTPT HAVE_GSSAPI HAVE_GSS_DISPLAY_STATUS HAVE_HISTORY_LIST HAVE_ICONV HAVE_IFACE_IFCONF HAVE_IMMEDIATE_STRUCTURES HAVE_INITGROUPS HAVE_INITIALIZE_KRB5_ERROR_TABLE HAVE_INNETGR HAVE_INOTIFY HAVE_KERNEL_CHANGE_NOTIFY HAVE_KERNEL_OPLOCKS_LINUX HAVE_KERNEL_SHARE_MODES HAVE_KRB5 HAVE_KRB5_AUTH_CON_SETUSERUSERKEY HAVE_KRB5_C_ENCTYPE_COMPARE HAVE_KRB5_C_VERIFY_CHECKSUM HAVE_KRB5_ENCRYPT_BLOCK HAVE_KRB5_ENCRYPT_DATA HAVE_KRB5_ENCTYPE_TO_STRING HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG HAVE_KRB5_FREE_DATA_CONTENTS HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS HAVE_KRB5_FREE_UNPARSED_NAME HAVE_KRB5_GET_PERMITTED_ENCTYPES HAVE_KRB5_GET_RENEWED_CREDS HAVE_KRB5_KEYBLOCK_IN_CREDS HAVE_KRB5_KEYTAB_ENTRY_KEY HAVE_KRB5_KEYUSAGE_APP_DATA_CKSUM HAVE_KRB5_KT_FREE_ENTRY HAVE_KRB5_LOCATE_KDC HAVE_KRB5_MK_REQ_EXTENDED HAVE_KRB5_PRINCIPAL2SALT HAVE_KRB5_PRINC_COMPONENT HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES HAVE_KRB5_SET_DEFAULT_TGS_KTYPES HAVE_KRB5_SET_REAL_TIME HAVE_KRB5_STRING_TO_KEY HAVE_KRB5_TKT_ENC_PART2 HAVE_KRB5_USE_ENCTYPE HAVE_KRB5_VERIFY_CHECKSUM HAVE_KV5M_KEYTAB HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SET_REBIND_PROC HAVE_LDB_LDAP HAVE_LGETXATTR HAVE_LIBCOM_ERR HAVE_LIBGSSAPI_KRB5 HAVE_LIBK5CRYPTO HAVE_LIBKRB5 HAVE_LIBLBER HAVE_LIBLDAP HAVE_LIBREADLINE HAVE_LIBRESOLV HAVE_LINK HAVE_LINUX_READAHEAD HAVE_LINUX_XFS_QUOTAS HAVE_LISTXATTR HAVE_LLISTXATTR HAVE_LLSEEK HAVE_LONGLONG HAVE_LONG_LONG HAVE_LREMOVEXATTR HAVE_LSEEK64 HAVE_LSETXATTR HAVE_LSTAT HAVE_LSTAT64 HAVE_MAGIC_IN_KRB5_ADDRESS HAVE_MAKECONTEXT HAVE_MAKEDEV HAVE_MEMALIGN HAVE_MEMCPY HAVE_MEMMOVE HAVE_MEMSET HAVE_MKDIR_MODE HAVE_MKDTEMP HAVE_MKNOD HAVE_MKTIME HAVE_MLOCK HAVE_MLOCKALL HAVE_MMAP HAVE_MUNLOCK HAVE_MUNLOCKALL HAVE_NANOSLEEP HAVE_NATIVE_ICONV HAVE_NEW_LIBREADLINE HAVE_NL_LANGINFO HAVE_NO_ACLS HAVE_NO_AIO HAVE_OPEN64 HAVE_PATHCONF HAVE_PEERCRED HAVE_PIPE HAVE_POLL HAVE_POSIX_CAPABILITIES HAVE_POSIX_FADVISE HAVE_POSIX_MEMALIGN HAVE_PRCTL HAVE_PREAD HAVE_PREAD64 HAVE_PRINTF HAVE_PUTUTLINE HAVE_PUTUTXLINE HAVE_PWRITE HAVE_PWRITE64 HAVE_QUOTACTL_LINUX HAVE_RAND HAVE_RANDOM HAVE_READDIR64 HAVE_READLINK HAVE_REALPATH HAVE_REMOVEXATTR HAVE_RENAME HAVE_SECURE_MKSTEMP HAVE_SELECT HAVE_SENDFILE64 HAVE_SETBUFFER HAVE_SETCONTEXT HAVE_SETEGID HAVE_SETENV HAVE_SETENV_DECL HAVE_SETEUID HAVE_SETGROUPS HAVE_SETLINEBUF HAVE_SETLOCALE HAVE_SETMNTENT HAVE_SETNETGRENT HAVE_SETPGID HAVE_SETRESGID HAVE_SETRESGID_DECL HAVE_SETRESUID HAVE_SETRESUID_DECL HAVE_SETSID HAVE_SETXATTR HAVE_SHMGET HAVE_SHORT_KRB5_MK_ERROR_INTERFACE HAVE_SIGACTION HAVE_SIGBLOCK HAVE_SIGPROCMASK HAVE_SIGSET HAVE_SIG_ATOMIC_T_TYPE HAVE_SNPRINTF HAVE_SNPRINTF_DECL HAVE_SOCKETPAIR HAVE_SOCKLEN_T_TYPE HAVE_SRAND HAVE_SRANDOM HAVE_STAT64 HAVE_STAT_HIRES_TIMESTAMPS HAVE_STAT_ST_ATIM HAVE_STAT_ST_BLKSIZE HAVE_STAT_ST_BLOCKS HAVE_STAT_ST_CTIM HAVE_STAT_ST_MTIM HAVE_STRCASECMP HAVE_STRCASESTR HAVE_STRCHR HAVE_STRDUP HAVE_STRERROR HAVE_STRFTIME HAVE_STRNDUP HAVE_STRNLEN HAVE_STRPBRK HAVE_STRSIGNAL HAVE_STRTOK_R HAVE_STRTOL HAVE_STRTOLL HAVE_STRTOQ HAVE_STRTOUL HAVE_STRTOULL HAVE_STRTOUQ HAVE_STRUCT_DIRENT64 HAVE_STRUCT_FLOCK64 HAVE_STRUCT_STAT_ST_RDEV HAVE_STRUCT_TIMESPEC HAVE_ST_RDEV HAVE_SWAPCONTEXT HAVE_SYMLINK HAVE_SYSCONF HAVE_SYSLOG HAVE_SYS_QUOTAS HAVE_TICKET_POINTER_IN_KRB5_AP_REQ HAVE_TIMEGM HAVE_UNIXSOCKET HAVE_UNSETENV HAVE_UPDWTMP HAVE_UPDWTMPX HAVE_USLEEP HAVE_UTIMBUF HAVE_UTIME HAVE_UTIMES HAVE_VASPRINTF HAVE_VASPRINTF_DECL HAVE_VA_COPY HAVE_VOLATILE HAVE_VSNPRINTF HAVE_VSNPRINTF_DECL HAVE_VSYSLOG HAVE_WAITPID HAVE_WORKING_AF_LOCAL HAVE_WRFILE_KEYTAB HAVE_XFS_QUOTAS HAVE_YP_GET_DEFAULT_DOMAIN HAVE__Bool HAVE__ET_LIST HAVE__VA_ARGS__MACRO HAVE___CLOSE HAVE___DUP2 HAVE___FCNTL HAVE___FORK HAVE___FSTAT HAVE___FXSTAT HAVE___LSEEK HAVE___LSTAT HAVE___LXSTAT HAVE___NR_INOTIFY_INIT_DECL HAVE___OPEN HAVE___OPEN64 HAVE___PREAD64 HAVE___PWRITE64 HAVE___READ HAVE___STAT HAVE___WRITE HAVE___XSTAT --with Options: WITH_ADS WITH_CIFSMOUNT WITH_QUOTAS WITH_SENDFILE WITH_UTMP WITH_WINBIND Build Options: CLUSTER_SUPPORT COMPILER_SUPPORTS_LL CONFIG_H_IS_FROM_SAMBA DEFAULT_DISPLAY_CHARSET DEFAULT_DOS_CHARSET DEFAULT_UNIX_CHARSET KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT KRB5_TICKET_HAS_KEYINFO KRB5_VERIFY_CHECKSUM_ARGS LDAP_SET_REBIND_PROC_ARGS LINUX LINUX_SENDFILE_API PACKAGE_BUGREPORT PACKAGE_NAME PACKAGE_STRING PACKAGE_TARNAME PACKAGE_VERSION REALPATH_TAKES_NULL RETSIGTYPE SEEKDIR_RETURNS_VOID SHLIBEXT SIZEOF_CHAR SIZEOF_DEV_T SIZEOF_INO_T SIZEOF_INT SIZEOF_LONG_LONG SIZEOF_OFF_T SIZEOF_SHORT SIZEOF_SIZE_T SIZEOF_SSIZE_T STAT_STATVFS64 STAT_ST_BLOCKSIZE STDC_HEADERS STRING_STATIC_MODULES SYSCONF_SC_NGROUPS_MAX SYSCONF_SC_NPROCESSORS_ONLN SYSCONF_SC_PAGESIZE TIME_WITH_SYS_TIME USE_SETRESUID WITH_ADS WITH_CIFSMOUNT WITH_QUOTAS WITH_SENDFILE WITH_WINBIND _FILE_OFFSET_BITS _GNU_SOURCE _LARGEFILE64_SOURCE _POSIX_C_SOURCE _POSIX_SOURCE _XOPEN_SOURCE_EXTENDED auth_script_init charset_CP437_init charset_CP850_init offset_t static_decl_auth static_decl_charset static_decl_idmap static_decl_nss_info static_decl_pdb static_decl_rpc static_decl_vfs static_init_auth static_init_charset static_init_idmap static_init_nss_info static_init_pdb static_init_rpc static_init_vfs uint_t vfs_audit_init vfs_cap_init vfs_default_quota_init vfs_expand_msdfs_init vfs_extd_audit_init vfs_fake_perms_init vfs_full_audit_init vfs_netatalk_init vfs_readahead_init vfs_readonly_init vfs_recycle_init vfs_shadow_copy2_init vfs_shadow_copy_init vfs_syncops_init Type sizes: sizeof(char): 1 sizeof(int): 4 sizeof(long): 4 sizeof(long long): 8 sizeof(uint8): 1 sizeof(uint16): 2 sizeof(uint32): 4 sizeof(short): 2 sizeof(void*): 4 sizeof(size_t): 4 sizeof(off_t): 8 sizeof(ino_t): 8 sizeof(dev_t): 8 Builtin modules: pdb_ldap pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_winreg rpc_initshutdown rpc_lsa_ds rpc_wkssvc rpc_svcctl rpc_ntsvcs rpc_net rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog rpc_samr rpc_unixinfo rpc_epmapper idmap_ldap idmap_tdb idmap_tdb2 idmap_passdb idmap_nss nss_info_template auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin vfs_default lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/usr/samba-ctdb/samba/lib/smb.conf" Processing section "[global]" doing parameter kernel oplocks = no doing parameter syslog = no doing parameter notify:inotify = no doing parameter workgroup = MYGROUP doing parameter log file = usr/samba-ctdb/log/log.smbd.%V doing parameter server string = SambaServer doing parameter security = user doing parameter printcap name = /etc/printcap doing parameter load printers = yes doing parameter cups options = raw doing parameter max log size = 50 doing parameter username map = /usr/samba-ctdb/samba/smbusers doing parameter dns proxy = no doing parameter restrict anonymous = no doing parameter domain master = no doing parameter preferred master = no doing parameter smb ports = 145 139 doing parameter max protocol = NT doing parameter acl compatibility = winnt doing parameter ldap ssl = No doing parameter server signing = Auto doing parameter netbios name = MICHAELV3 handle_netbios_name: set global_myname to: MICHAELV3 Processing section "[data]" add_a_service: Creating snum = 0 for data hash_a_service: creating tdb servicehash hash_a_service: hashing index 0 for service name data doing parameter path = usr/samba-ctdb/samba/data doing parameter read only = no doing parameter map hidden = yes doing parameter map system = yes doing parameter create mask = 755 Processing section "[homes]" add_a_service: Creating snum = 1 for homes hash_a_service: hashing index 1 for service name homes doing parameter comment = Home Directories doing parameter browseable = no doing parameter read only = no Processing section "[printers]" add_a_service: Creating snum = 2 for printers hash_a_service: hashing index 2 for service name printers doing parameter comment = All Printers doing parameter path = /usr/samba-ctdb/samba/spool doing parameter browseable = no doing parameter guest ok = no doing parameter printable = yes Processing section "[share01]" add_a_service: Creating snum = 3 for share01 hash_a_service: hashing index 3 for service name share01 doing parameter case sensitive = no doing parameter strict locking = no doing parameter msdfs proxy = no doing parameter comment = Read Only doing parameter path = /usr/samba-ctdb/samba/share/testing/share01 Processing section "[share02]" add_a_service: Creating snum = 4 for share02 hash_a_service: hashing index 4 for service name share02 doing parameter comment = share02 doing parameter path = path = /usr/samba-ctdb/samba/share/testing/share02 doing parameter read only = no doing parameter guest ok = yes pm_process() returned Yes add_a_service: Creating snum = 5 for IPC$ hash_a_service: hashing index 5 for service name IPC$ adding IPC service set_server_role: role = ROLE_STANDALONE Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF-16LE Registered charset UTF-16LE Attempting to register new charset UCS-2BE Registered charset UCS-2BE Attempting to register new charset UTF-16BE Registered charset UTF-16BE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset UTF-8 Registered charset UTF-8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE reloading printcap cache reload status: ok reloading printcap cache reload status: ok lp_file_list_changed() file /usr/samba-ctdb/samba/lib/smb.conf -> /usr/samba-ctdb/samba/lib/smb.conf last mod_time: Wed Dec 19 11:30:54 2007 added interface ip=192.168.2.6 bcast=192.168.2.255 nmask=255.255.255.0 Netbios name list:- my_netbios_names[0]="MICHAELV3" loaded services Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend 'NDS_ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to find an passdb backend to match smbpasswd (smbpasswd) Found pdb backend smbpasswd pdb backend smbpasswd has a valid init Opening cache file at /usr/samba-ctdb/samba/var/locks/gencache.tdb namecache_enable: enabling netbios namecache, timeout 660 seconds init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Print] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] with subkey [Printers] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Ports] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [LanmanServer] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer] with subkey [Shares] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Eventlog] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKLM\SOFTWARE\Samba\smbconf] init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Samba] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Samba] with subkey [smbconf] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Samba\smbconf] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [009] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [Monitors] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [ProductOptions] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Terminal Server] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server] with subkey [DefaultUserConfiguration] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [TcpIp] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp] with subkey [Parameters] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Netlogon] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon] with subkey [Parameters] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKU] init_registry_data: Storing key [HKU] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKCR] init_registry_data: Storing key [HKCR] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKPD] init_registry_data: Storing key [HKPD] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 init_registry_data: Adding [HKPT] init_registry_data: Storing key [HKPT] with subkey [NULL] tdb(/usr/samba-ctdb/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] specific: [Samba Printer Port], len: 2 regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] specific: [DefaultSpoolDirectory], len: 70 regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] specific: [DisplayName], len: 20 specific: [ErrorControl], len: 4 regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] specific: [DisplayName], len: 20 specific: [ErrorControl], len: 4 reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree pathtree_add: Exit reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] to tree pathtree_add: Exit reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] to tree pathtree_add: Exit reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree pathtree_add: Exit reghook_cache_add: Adding key [/HKLM/SOFTWARE/Samba/smbconf] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SOFTWARE/Samba/smbconf] to tree pathtree_add: Exit WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups getsampwnam (smbpasswd): search by name: root startsmbfilepwent_internal: opening file /usr/samba-ctdb/samba/private/smbpasswd getsmbfilepwent: returning passwd entry for user sambauser, uid 501 getsmbfilepwent: end of file reached. endsmbfilepwent_internal: closed password file. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_default_uid_to_rid: Did not find user root (0) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: uid 0 -> sid S-1-22-1-0 WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: gid 0 -> sid S-1-22-2-0 Create local NT token for S-1-22-1-0 WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-544 WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-545 Locking key 534543524554532F5349442F4D49434841454C5633 Allocated locked data 0x0x98623f0 Unlocking key 534543524554532F5349442F4D49434841454C5633 grant_privilege: S-1-1-0 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-548 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-549 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-550 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-551 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-544 original privilege mask: SE_PRIV 0xff0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0xff0 0x0 0x0 0x0 get_privileges: No privileges assigned to SID [S-1-22-1-0] get_privileges_for_sids: sid = S-1-5-32-544 Privilege set: SE_PRIV 0xff0 0x0 0x0 0x0 get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-11] regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (1) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (3) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. regdb_close: decrementing refcount (3) regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Spooler] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Spooler] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) 000000 sec_io_desc sec_desc 0000 revision: 0001 0002 type : 8004 0004 off_owner_sid: 00000000 0008 off_grp_sid : 00000000 000c off_sacl : 00000000 0010 off_dacl : 00000014 000014 sec_io_acl dacl 0014 revision: 0002 0018 num_aces : 00000004 00001c sec_io_ace ace_list[00]: 001c type : 00 001d flags: 00 0020 access_mask: 0002018d 000024 smb_io_dom_sid trustee 0024 sid_rev_num: 01 0025 num_auths : 01 0026 id_auth[0] : 00 0027 id_auth[1] : 00 0028 id_auth[2] : 00 0029 id_auth[3] : 00 002a id_auth[4] : 00 002b id_auth[5] : 01 002c sub_auths : 00000000 001e size : 0014 000030 sec_io_ace ace_list[01]: 0030 type : 00 0031 flags: 00 0034 access_mask: 000201fd 000038 smb_io_dom_sid trustee 0038 sid_rev_num: 01 0039 num_auths : 02 003a id_auth[0] : 00 003b id_auth[1] : 00 003c id_auth[2] : 00 003d id_auth[3] : 00 003e id_auth[4] : 00 003f id_auth[5] : 05 0040 sub_auths : 00000020 00000223 0032 size : 0018 000048 sec_io_ace ace_list[02]: 0048 type : 00 0049 flags: 00 004c access_mask: 000f01ff 000050 smb_io_dom_sid trustee 0050 sid_rev_num: 01 0051 num_auths : 02 0052 id_auth[0] : 00 0053 id_auth[1] : 00 0054 id_auth[2] : 00 0055 id_auth[3] : 00 0056 id_auth[4] : 00 0057 id_auth[5] : 05 0058 sub_auths : 00000020 00000225 004a size : 0018 000060 sec_io_ace ace_list[03]: 0060 type : 00 0061 flags: 00 0064 access_mask: 000f01ff 000068 smb_io_dom_sid trustee 0068 sid_rev_num: 01 0069 num_auths : 02 006a id_auth[0] : 00 006b id_auth[1] : 00 006c id_auth[2] : 00 006d id_auth[3] : 00 006e id_auth[4] : 00 006f id_auth[5] : 05 0070 sub_auths : 00000020 00000220 0062 size : 0018 0016 size : 0064 regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [NETLOGON] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [NETLOGON] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) 000000 sec_io_desc sec_desc 0000 revision: 0001 0002 type : 8004 0004 off_owner_sid: 00000000 0008 off_grp_sid : 00000000 000c off_sacl : 00000000 0010 off_dacl : 00000014 000014 sec_io_acl dacl 0014 revision: 0002 0018 num_aces : 00000004 00001c sec_io_ace ace_list[00]: 001c type : 00 001d flags: 00 0020 access_mask: 0002018d 000024 smb_io_dom_sid trustee 0024 sid_rev_num: 01 0025 num_auths : 01 0026 id_auth[0] : 00 0027 id_auth[1] : 00 0028 id_auth[2] : 00 0029 id_auth[3] : 00 002a id_auth[4] : 00 002b id_auth[5] : 01 002c sub_auths : 00000000 001e size : 0014 000030 sec_io_ace ace_list[01]: 0030 type : 00 0031 flags: 00 0034 access_mask: 000201fd 000038 smb_io_dom_sid trustee 0038 sid_rev_num: 01 0039 num_auths : 02 003a id_auth[0] : 00 003b id_auth[1] : 00 003c id_auth[2] : 00 003d id_auth[3] : 00 003e id_auth[4] : 00 003f id_auth[5] : 05 0040 sub_auths : 00000020 00000223 0032 size : 0018 000048 sec_io_ace ace_list[02]: 0048 type : 00 0049 flags: 00 004c access_mask: 000f01ff 000050 smb_io_dom_sid trustee 0050 sid_rev_num: 01 0051 num_auths : 02 0052 id_auth[0] : 00 0053 id_auth[1] : 00 0054 id_auth[2] : 00 0055 id_auth[3] : 00 0056 id_auth[4] : 00 0057 id_auth[5] : 05 0058 sub_auths : 00000020 00000225 004a size : 0018 000060 sec_io_ace ace_list[03]: 0060 type : 00 0061 flags: 00 0064 access_mask: 000f01ff 000068 smb_io_dom_sid trustee 0068 sid_rev_num: 01 0069 num_auths : 02 006a id_auth[0] : 00 006b id_auth[1] : 00 006c id_auth[2] : 00 006d id_auth[3] : 00 006e id_auth[4] : 00 006f id_auth[5] : 05 0070 sub_auths : 00000020 00000220 0062 size : 0018 0016 size : 0064 regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [RemoteRegistry] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [RemoteRegistry] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) 000000 sec_io_desc sec_desc 0000 revision: 0001 0002 type : 8004 0004 off_owner_sid: 00000000 0008 off_grp_sid : 00000000 000c off_sacl : 00000000 0010 off_dacl : 00000014 000014 sec_io_acl dacl 0014 revision: 0002 0018 num_aces : 00000004 00001c sec_io_ace ace_list[00]: 001c type : 00 001d flags: 00 0020 access_mask: 0002018d 000024 smb_io_dom_sid trustee 0024 sid_rev_num: 01 0025 num_auths : 01 0026 id_auth[0] : 00 0027 id_auth[1] : 00 0028 id_auth[2] : 00 0029 id_auth[3] : 00 002a id_auth[4] : 00 002b id_auth[5] : 01 002c sub_auths : 00000000 001e size : 0014 000030 sec_io_ace ace_list[01]: 0030 type : 00 0031 flags: 00 0034 access_mask: 000201fd 000038 smb_io_dom_sid trustee 0038 sid_rev_num: 01 0039 num_auths : 02 003a id_auth[0] : 00 003b id_auth[1] : 00 003c id_auth[2] : 00 003d id_auth[3] : 00 003e id_auth[4] : 00 003f id_auth[5] : 05 0040 sub_auths : 00000020 00000223 0032 size : 0018 000048 sec_io_ace ace_list[02]: 0048 type : 00 0049 flags: 00 004c access_mask: 000f01ff 000050 smb_io_dom_sid trustee 0050 sid_rev_num: 01 0051 num_auths : 02 0052 id_auth[0] : 00 0053 id_auth[1] : 00 0054 id_auth[2] : 00 0055 id_auth[3] : 00 0056 id_auth[4] : 00 0057 id_auth[5] : 05 0058 sub_auths : 00000020 00000225 004a size : 0018 000060 sec_io_ace ace_list[03]: 0060 type : 00 0061 flags: 00 0064 access_mask: 000f01ff 000068 smb_io_dom_sid trustee 0068 sid_rev_num: 01 0069 num_auths : 02 006a id_auth[0] : 00 006b id_auth[1] : 00 006c id_auth[2] : 00 006d id_auth[3] : 00 006e id_auth[4] : 00 006f id_auth[5] : 05 0070 sub_auths : 00000020 00000220 0062 size : 0018 0016 size : 0064 regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [WINS] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [WINS] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 se_access_check: access (8) granted. regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] pathtree_find: Exit regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) 000000 sec_io_desc sec_desc 0000 revision: 0001 0002 type : 8004 0004 off_owner_sid: 00000000 0008 off_grp_sid : 00000000 000c off_sacl : 00000000 0010 off_dacl : 00000014 000014 sec_io_acl dacl 0014 revision: 0002 0018 num_aces : 00000004 00001c sec_io_ace ace_list[00]: 001c type : 00 001d flags: 00 0020 access_mask: 0002018d 000024 smb_io_dom_sid trustee 0024 sid_rev_num: 01 0025 num_auths : 01 0026 id_auth[0] : 00 0027 id_auth[1] : 00 0028 id_auth[2] : 00 0029 id_auth[3] : 00 002a id_auth[4] : 00 002b id_auth[5] : 01 002c sub_auths : 00000000 001e size : 0014 000030 sec_io_ace ace_list[01]: 0030 type : 00 0031 flags: 00 0034 access_mask: 000201fd 000038 smb_io_dom_sid trustee 0038 sid_rev_num: 01 0039 num_auths : 02 003a id_auth[0] : 00 003b id_auth[1] : 00 003c id_auth[2] : 00 003d id_auth[3] : 00 003e id_auth[4] : 00 003f id_auth[5] : 05 0040 sub_auths : 00000020 00000223 0032 size : 0018 000048 sec_io_ace ace_list[02]: 0048 type : 00 0049 flags: 00 004c access_mask: 000f01ff 000050 smb_io_dom_sid trustee 0050 sid_rev_num: 01 0051 num_auths : 02 0052 id_auth[0] : 00 0053 id_auth[1] : 00 0054 id_auth[2] : 00 0055 id_auth[3] : 00 0056 id_auth[4] : 00 0057 id_auth[5] : 05 0058 sub_auths : 00000020 00000225 004a size : 0018 000060 sec_io_ace ace_list[03]: 0060 type : 00 0061 flags: 00 0064 access_mask: 000f01ff 000068 smb_io_dom_sid trustee 0068 sid_rev_num: 01 0069 num_auths : 02 006a id_auth[0] : 00 006b id_auth[1] : 00 006c id_auth[2] : 00 006d id_auth[3] : 00 006e id_auth[4] : 00 006f id_auth[5] : 05 0070 sub_auths : 00000020 00000220 0062 size : 0018 0016 size : 0064 regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] regdb_close: decrementing refcount (2) regdb_close: decrementing refcount (1) regdb_close: decrementing refcount (0) update_c_setprinter: c_setprinter = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_getsampwsid: Building guest account pdb_set_username: setting username nobody, was pdb_set_full_name: setting full name Nobody, was pdb_set_domain: setting domain MICHAELV3, was pdb_set_user_sid: setting user sid S-1-5-21-826370149-284595157-2372590033-501 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-826370149-284595157-2372590033-501 from rid 501 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 Got nobody from pwnam_cache Got nobody from pwnam_cache sys_getgrouplist: user [nobody] WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: gid 99 -> sid S-1-22-2-99 make_server_info_sam: made server info for user nobody -> nobody Create local NT token for S-1-5-21-826370149-284595157-2372590033-501 WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-544 WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-545 get_privileges: No privileges assigned to SID [S-1-5-21-826370149-284595157-2372590033-501] get_privileges: No privileges assigned to SID [S-1-22-2-99] get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-32-546] sid S-1-22-2-99 -> gid 99 WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-1-0 Could not convert SID S-1-1-0 to gid, ignoring it WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-2 Could not convert SID S-1-5-2 to gid, ignoring it WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-546 Could not convert SID S-1-5-32-546 to gid, ignoring it NT user token of user S-1-5-21-826370149-284595157-2372590033-501 contains 5 SIDs SID[ 0]: S-1-5-21-826370149-284595157-2372590033-501 SID[ 1]: S-1-22-2-99 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 bind succeeded on port 145 socket option SO_KEEPALIVE = 1 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 0 socket option TCP_KEEPCNT = 9 socket option TCP_KEEPIDLE = 7200 socket option TCP_KEEPINTVL = 75 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 87380 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 socket option SO_KEEPALIVE = 1 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option TCP_KEEPCNT = 9 socket option TCP_KEEPIDLE = 7200 socket option TCP_KEEPINTVL = 75 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 87380 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 bind succeeded on port 139 socket option SO_KEEPALIVE = 1 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 0 socket option TCP_KEEPCNT = 9 socket option TCP_KEEPIDLE = 7200 socket option TCP_KEEPINTVL = 75 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 87380 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 socket option SO_KEEPALIVE = 1 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option TCP_KEEPCNT = 9 socket option TCP_KEEPIDLE = 7200 socket option TCP_KEEPINTVL = 75 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 87380 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 claiming [] Locking key 85140000FFFFFFFFFFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Unlocking key 85140000FFFFFFFFFFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 waiting for a connection ################################################################################################### MIKE VITALE NOTE: Here we are before calling /usr/samba-ctdb/bin/smbclient -L //127.0.0.1 -N ################################################################################################### init_oplocks: initializing messages. Added timed event "idle_evt(keepalive)": 985fdc0 Added timed event "idle_evt(deadtime)": 985f160 got smb length of 68 got message type 0x81 of len 0x44 Transaction 0 of length 72 netbios connect: name1=127.0.0.1 name2=MICHAELV3 netbios connect: local=127.0.0.1 remote=michaelv3, name type = 0 lp_file_list_changed() file /usr/samba-ctdb/samba/lib/smb.conf -> /usr/samba-ctdb/samba/lib/smb.conf last mod_time: Wed Dec 19 11:30:54 2007 init msg_type=0x81 msg_flags=0x0 got smb length of 190 got message type 0x0 of len 0xbe Transaction 1 of length 194 size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=5279 smb_uid=0 smb_mid=2 smt_wct=0 smb_bcc=155 [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. switch message SMBnegprot (pid 5253) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Requested protocol [PC NETWORK PROGRAM 1.0] Requested protocol [MICROSOFT NETWORKS 1.03] Requested protocol [MICROSOFT NETWORKS 3.0] Requested protocol [LANMAN1.0] Requested protocol [LM1.2X002] Requested protocol [DOS LANMAN2.1] Requested protocol [LANMAN2.1] Requested protocol [Samba] set_remote_arch: Client arch is 'Samba' lp_file_list_changed() file /usr/samba-ctdb/samba/lib/smb.conf -> /usr/samba-ctdb/samba/lib/smb.conf last mod_time: Wed Dec 19 11:30:54 2007 claiming [] Locking key 85140000FFFFFFFFFFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Allocated locked data 0x0x9864310 Unlocking key 85140000FFFFFFFFFFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 lp_file_list_changed() file /usr/samba-ctdb/samba/lib/smb.conf -> /usr/samba-ctdb/samba/lib/smb.conf last mod_time: Wed Dec 19 11:30:54 2007 using SPNEGO Selected protocol NT LANMAN 1.0 negprot index=8 size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5279 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=34048 (0x8500) smb_vwv[ 8]= 20 (0x14) smb_vwv[ 9]=64512 (0xFC00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=44483 (0xADC3) smb_vwv[13]= 1428 (0x594) smb_vwv[14]=51268 (0xC844) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]= 1 (0x1) smb_bcc=58 [000] 6D 69 63 68 61 65 6C 76 33 00 00 00 00 00 00 00 michaelv 3....... [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE got smb length of 164 got message type 0x0 of len 0xa4 Transaction 2 of length 168 size=164 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51205 smb_tid=0 smb_pid=5279 smb_uid=0 smb_mid=3 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 82 (0x52) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=53340 (0xD05C) smb_vwv[11]=32768 (0x8000) smb_bcc=105 [000] 60 50 06 06 2B 06 01 05 05 02 A0 46 30 44 A0 0E `P..+... ...F0D.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 32 0...+... ..7....2 [020] 04 30 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 82 .0NTLMSS P....... [030] 08 60 07 00 07 00 20 00 00 00 09 00 09 00 27 00 .`.... . ......'. [040] 00 00 4D 59 47 52 4F 55 50 4D 49 43 48 41 45 4C ..MYGROU PMICHAEL [050] 56 33 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 V3.U.n.i .x...S.a [060] 00 6D 00 62 00 61 00 00 00 .m.b.a.. . switch message SMBsesssetupX (pid 5253) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc805 Doing spnego session setup NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] register_vuid: allocated vuid = 100 check_spnego_blob_complete: needed_len = 82, pblob->length = 82 parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 reply_spnego_negotiate: Got secblob of size 48 Making default auth method list for standalone security=user, encrypt passwords = yes Attempting to register auth backend sam Successfully added auth method 'sam' Attempting to register auth backend sam_ignoredomain Successfully added auth method 'sam_ignoredomain' Attempting to register auth backend unix Successfully added auth method 'unix' Attempting to register auth backend winbind Successfully added auth method 'winbind' Attempting to register auth backend smbserver Successfully added auth method 'smbserver' Attempting to register auth backend trustdomain Successfully added auth method 'trustdomain' Attempting to register auth backend ntdomain Successfully added auth method 'ntdomain' Attempting to register auth backend guest Successfully added auth method 'guest' load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH auth_get_challenge: module guest did not want to specify a challenge auth_get_challenge: module sam did not want to specify a challenge auth_context challenge created by random challenge is: [000] 1A 52 3B 84 1B 43 89 04 .R;..C.. size=356 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5279 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 217 (0xD9) smb_bcc=313 [000] A1 81 D6 30 81 D3 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 BD 04 81 BA 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 12 00 12 00 30 TLMSSP.. .......0 [030] 00 00 00 15 82 8A 60 1A 52 3B 84 1B 43 89 04 00 ......`. R;..C... [040] 00 00 00 00 00 00 00 78 00 78 00 42 00 00 00 4D .......x .x.B...M [050] 00 49 00 43 00 48 00 41 00 45 00 4C 00 56 00 33 .I.C.H.A .E.L.V.3 [060] 00 02 00 12 00 4D 00 49 00 43 00 48 00 41 00 45 .....M.I .C.H.A.E [070] 00 4C 00 56 00 33 00 01 00 12 00 4D 00 49 00 43 .L.V.3.. ...M.I.C [080] 00 48 00 41 00 45 00 4C 00 56 00 33 00 04 00 16 .H.A.E.L .V.3.... [090] 00 6C 00 6F 00 63 00 61 00 6C 00 64 00 6F 00 6D .l.o.c.a .l.d.o.m [0A0] 00 61 00 69 00 6E 00 03 00 2A 00 6C 00 6F 00 63 .a.i.n.. .*.l.o.c [0B0] 00 61 00 6C 00 68 00 6F 00 73 00 74 00 2E 00 6C .a.l.h.o .s.t...l [0C0] 00 6F 00 63 00 61 00 6C 00 64 00 6F 00 6D 00 61 .o.c.a.l .d.o.m.a [0D0] 00 69 00 6E 00 00 00 00 00 55 00 6E 00 69 00 78 .i.n.... .U.n.i.x [0E0] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0F0] 00 2E 00 30 00 2E 00 32 00 36 00 70 00 72 00 65 ...0...2 .6.p.r.e [100] 00 31 00 2D 00 53 00 56 00 4E 00 2D 00 62 00 75 .1.-.S.V .N.-.b.u [110] 00 69 00 6C 00 64 00 2D 00 55 00 4E 00 4B 00 4E .i.l.d.- .U.N.K.N [120] 00 4F 00 57 00 4E 00 00 00 4D 00 59 00 47 00 52 .O.W.N.. .M.Y.G.R [130] 00 4F 00 55 00 50 00 00 00 .O.U.P.. . got smb length of 262 got message type 0x0 of len 0x106 Transaction 3 of length 266 size=262 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51205 smb_tid=0 smb_pid=5279 smb_uid=100 smb_mid=4 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 180 (0xB4) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=53340 (0xD05C) smb_vwv[11]=32768 (0x8000) smb_bcc=203 [000] A1 81 B1 30 81 AE A2 81 AB 04 81 A8 4E 54 4C 4D ...0.... ....NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 SSP..... ....@... [020] 18 00 18 00 58 00 00 00 0E 00 0E 00 70 00 00 00 ....X... ....p... [030] 08 00 08 00 7E 00 00 00 12 00 12 00 86 00 00 00 ....~... ........ [040] 10 00 10 00 98 00 00 00 15 82 08 60 80 55 76 7A ........ ...`.Uvz [050] 70 2A BF 03 00 00 00 00 00 00 00 00 00 00 00 00 p*...... ........ [060] 00 00 00 00 6D 90 F9 FA 31 91 08 E8 5C 55 ED DD ....m... 1...\U.. [070] C1 11 2F 82 CA AC 4C 96 4A 7D 9F 85 4D 00 59 00 ../...L. J}..M.Y. [080] 47 00 52 00 4F 00 55 00 50 00 72 00 6F 00 6F 00 G.R.O.U. P.r.o.o. [090] 74 00 4D 00 49 00 43 00 48 00 41 00 45 00 4C 00 t.M.I.C. H.A.E.L. [0A0] 56 00 33 00 1C DE AF B9 C5 C0 7D 64 74 CD B6 18 V.3..... ..}dt... [0B0] 11 A6 5A 16 00 55 00 6E 00 69 00 78 00 00 00 53 ..Z..U.n .i.x...S [0C0] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... switch message SMBsesssetupX (pid 5253) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc805 Doing spnego session setup NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] check_spnego_blob_complete: needed_len = 180, pblob->length = 180 Got user=[root] domain=[MYGROUP] workstation=[MICHAELV3] len1=24 len2=24 auth_context challenge set by NTLMSSP callback (NTLM2) challenge is: [000] D3 91 6A 7C 35 6D C7 13 ..j|5m.. lp_file_list_changed() file /usr/samba-ctdb/samba/lib/smb.conf -> /usr/samba-ctdb/samba/lib/smb.conf last mod_time: Wed Dec 19 11:30:54 2007 Scanning username map /usr/samba-ctdb/samba/smbusers user_in_list: checking user root in list user_in_list: checking user |root| against |administrator| user_in_list: checking user |root| against |admin| user_in_list: checking user root in list user_in_list: checking user |root| against |guest| user_in_list: checking user |root| against |pcguest| user_in_list: checking user |root| against |smbguest| user_in_list: checking user root in list user_in_list: checking user |root| against |sambauser| make_user_info_map: Mapping user [MYGROUP]\[root] from workstation [MICHAELV3] attempting to make a user_info for root (root) making strings for root's user_info struct making blobs for root's user_info struct made an encrypted user_info for root (root) check_ntlm_password: Checking password for unmapped user [MYGROUP]\[root]@[MICHAELV3] with the new password interface check_ntlm_password: mapped user is: [MICHAELV3]\[root]@[MICHAELV3] check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) challenge is: [000] D3 91 6A 7C 35 6D C7 13 ..j|5m.. check_ntlm_password: guest had nothing to say is_myname("MICHAELV3") returns 1 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups getsampwnam (smbpasswd): search by name: root startsmbfilepwent_internal: opening file /usr/samba-ctdb/samba/private/smbpasswd getsmbfilepwent: returning passwd entry for user sambauser, uid 501 getsmbfilepwent: end of file reached. endsmbfilepwent_internal: closed password file. pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_sam_security: Couldn't find user 'root' in passdb. check_ntlm_password: sam authentication for user [root] FAILED with error NT_STATUS_NO_SUCH_USER check_ntlm_password: Authentication for user [root] -> [root] FAILED with error NT_STATUS_NO_SUCH_USER attempting to free (and zero) a user_info structure structure was created for root error packet at smbd/sesssetup.c(108) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5279 smb_uid=100 smb_mid=4 smt_wct=0 smb_bcc=0 got smb length of 88 got message type 0x0 of len 0x58 Transaction 4 of length 92 size=88 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51205 smb_tid=0 smb_pid=5279 smb_uid=100 smb_mid=5 smt_wct=13 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 5279 (0x149F) smb_vwv[ 5]= 5253 (0x1485) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=53340 (0xD05C) smb_vwv[12]= 0 (0x0) smb_bcc=27 [000] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S [010] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... switch message SMBsesssetupX (pid 5253) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=13 flg2=0xc805 Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] sesssetupX:name=[]\[]@[michaelv3] lp_file_list_changed() file /usr/samba-ctdb/samba/lib/smb.conf -> /usr/samba-ctdb/samba/lib/smb.conf last mod_time: Wed Dec 19 11:30:54 2007 Got anonymous request Making default auth method list for standalone security=user, encrypt passwords = yes load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init attempting to make a user_info for () making strings for 's user_info struct making blobs for 's user_info struct made an encrypted user_info for () check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface check_ntlm_password: mapped user is: []\[]@[] check_ntlm_password: auth_context challenge created by fixed challenge is: [000] 00 00 00 00 00 00 00 00 ........ push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username nobody, was pdb_set_domain: setting domain MICHAELV3, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Nobody, was Home server: 127.0.0.1 pdb_set_homedir: setting home dir \\127.0.0.1\nobody, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: 127.0.0.1 pdb_set_profile_path: setting profile path \\127.0.0.1\nobody\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-826370149-284595157-2372590033-501 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-826370149-284595157-2372590033-501 from rid 501 check_ntlm_password: guest authentication for user [] succeeded check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded attempting to free (and zero) a user_info structure structure was created for attempting to free (and zero) a user_info structure Create local NT token for S-1-5-21-826370149-284595157-2372590033-501 WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-544 WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-545 get_privileges: No privileges assigned to SID [S-1-5-21-826370149-284595157-2372590033-501] get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-32-546] WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-1-0 Could not convert SID S-1-1-0 to gid, ignoring it WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-2 Could not convert SID S-1-5-2 to gid, ignoring it WARNING: Winbindd not running, mapping ids with legacy code push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-546 Could not convert SID S-1-5-32-546 to gid, ignoring it NT user token of user S-1-5-21-826370149-284595157-2372590033-501 contains 4 SIDs SID[ 0]: S-1-5-21-826370149-284595157-2372590033-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 register_vuid: allocated vuid = 101 Got nobody from pwnam_cache register_vuid: (99,99) nobody nobody MICHAELV3 guest=1 User name: nobody Real name: Nobody UNIX uid 99 is UNIX user nobody, and will be vuid 101 lp_file_list_changed() file /usr/samba-ctdb/samba/lib/smb.conf -> /usr/samba-ctdb/samba/lib/smb.conf last mod_time: Wed Dec 19 11:30:54 2007 size=138 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=5279 smb_uid=101 smb_mid=5 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=97 [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 32 .b.a. .3 ...0...2 [020] 00 36 00 70 00 72 00 65 00 31 00 2D 00 53 00 56 .6.p.r.e .1.-.S.V [030] 00 4E 00 2D 00 62 00 75 00 69 00 6C 00 64 00 2D .N.-.b.u .i.l.d.- [040] 00 55 00 4E 00 4B 00 4E 00 4F 00 57 00 4E 00 00 .U.N.K.N .O.W.N.. [050] 00 4D 00 59 00 47 00 52 00 4F 00 55 00 50 00 00 .M.Y.G.R .O.U.P.. [060] 00 . got smb length of 84 got message type 0x0 of len 0x54 Transaction 5 of length 88 size=84 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51205 smb_tid=0 smb_pid=5279 smb_uid=101 smb_mid=6 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=41 [000] 00 5C 00 5C 00 31 00 32 00 37 00 2E 00 30 00 2E .\.\.1.2 .7...0.. [010] 00 30 00 2E 00 31 00 5C 00 49 00 50 00 43 00 24 .0...1.\ .I.P.C.$ [020] 00 00 00 3F 3F 3F 3F 3F 00 ...????? . switch message SMBtconX (pid 5253) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [IPC$] making a connection to 'normal' service ipc$ Finding user nobody Trying _Get_Pwnam(), username as lowercase is nobody Got nobody from pwnam_cache Get_Pwnam_internals did find user [nobody]! set_conn_connectpath: service IPC$, connectpath = /tmp Connect path is '/tmp' for service [IPC$] get_share_security: using default secdesc for IPC$ se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 4 entries and first sid S-1-5-21-826370149-284595157-2372590033-501. se_access_check: user sid is S-1-5-21-826370149-284595157-2372590033-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. Initialising default vfs hooks Successfully added vfs backend '/[Default VFS]/' Initialising custom vfs hooks from [/[Default VFS]/] Successfully loaded vfs module [/[Default VFS]/] with the new modules system Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ claiming [IPC$] Locking key 85140000FFFFFFFF0100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Unlocking key 85140000FFFFFFFF0100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 user_ok_token: share IPC$ is ok for unix user nobody is_share_read_only_for_user: share IPC$ is read-only for unix user nobody get_share_security: using default secdesc for IPC$ se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-826370149-284595157-2372590033-501. se_access_check: user sid is S-1-5-21-826370149-284595157-2372590033-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 se_access_check: access (1) granted. setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-826370149-284595157-2372590033-501 contains 4 SIDs SID[ 0]: S-1-5-21-826370149-284595157-2372590033-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups change_to_user uid=(99,99) gid=(0,99) michaelv3 (127.0.0.1) connect to service IPC$ initially as user nobody (uid=99, gid=99) (pid 5253) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) tconX service=IPC$ size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5279 smb_uid=101 smb_mid=6 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [000] 49 50 43 00 00 00 00 IPC.... got smb length of 100 got message type 0x0 of len 0x64 Transaction 6 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51205 smb_tid=1 smb_pid=5279 smb_uid=101 smb_mid=7 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . switch message SMBntcreateX (pid 5253) conn 0x98a7158 setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-826370149-284595157-2372590033-501 contains 4 SIDs SID[ 0]: S-1-5-21-826370149-284595157-2372590033-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups change_to_user uid=(99,99) gid=(0,99) vfs_ChDir to /tmp reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \srvsvc. nt_open_pipe: Known pipe srvsvc opening. Open pipe requested srvsvc (pipes_open=0) Create pipe requested srvsvc init_pipe_handles: created handle list for pipe srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc Created internal pipe srvsvc (pipes_open=0) Opened pipe srvsvc with handle 74db (pipes_open=1) open pipes: name srvsvc pnum=74db Locking key 7372767376632F353235332F323939313500 Unlocking key 7372767376632F353235332F323939313500 do_ntcreate_pipe_open: open pipe = \srvsvc size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5279 smb_uid=101 smb_mid=7 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=56064 (0xDB00) smb_vwv[ 3]= 372 (0x174) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 got smb length of 154 got message type 0x0 of len 0x9a Transaction 7 of length 158 size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51205 smb_tid=1 smb_pid=5279 smb_uid=101 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29915 (0x74DB) smb_bcc=87 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 C8 ........ ........ [030] 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 88 03 O2Kp.... xZG.n... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... switch message SMBtrans (pid 5253) conn 0x98a7158 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=74db pipe name srvsvc pnum=74db (pipes_open=1) Got API command 0x26 on pipe "srvsvc" (pnum 74db) api_fd_reply: p:0x98a8398 max_trans_reply: 4280 write_to_pipe: 74db name: srvsvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1549 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 1602 check_bind_req for \PIPE\srvsvc checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\srvsvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 read_from_pipe: 74db name: srvsvc len: 4280 read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. copy_trans_params_and_data: params[0..0] data[0..68] size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5279 smb_uid=101 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... got smb length of 158 got message type 0x0 of len 0x9e Transaction 8 of length 162 size=158 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51205 smb_tid=1 smb_pid=5279 smb_uid=101 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29915 (0x74DB) smb_bcc=91 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 4C 00 00 00 02 00 00 00 34 .......L .......4 [020] 00 00 00 00 00 24 00 00 00 02 00 01 00 00 00 00 .....$.. ........ [030] 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 01 ........ ........ [040] 00 00 00 04 00 02 00 00 00 00 00 00 00 00 00 FF ........ ........ [050] FF FF FF 08 00 02 00 00 00 00 00 ........ ... switch message SMBtrans (pid 5253) conn 0x98a7158 change_to_user: Skipping user change - already user trans <\PIPE\> data=76 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=74db pipe name srvsvc pnum=74db (pipes_open=1) Got API command 0x26 on pipe "srvsvc" (pnum 74db) api_fd_reply: p:0x98a8398 max_trans_reply: 4280 write_to_pipe: 74db name: srvsvc open: Yes len: 76 write_to_pipe: data_left = 76 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000002 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000034 0004 context_id: 0000 0006 opnum : 0024 free_pipe_context: destroying talloc pool of size 70 push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 setting sec ctx (99, 99) - sec_ctx_stack_ndx = 1 NT user token of user S-1-5-21-826370149-284595157-2372590033-501 contains 4 SIDs SID[ 0]: S-1-5-21-826370149-284595157-2372590033-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups Requested \PIPE\srvsvc api_rpcTNP: srvsvc op 0x24 - api_rpcTNP: rpc command: SRVSVC_NETSHAREENUM api_rpc_cmds[36].fn == 0x819d433 srvsvc_NetShareEnum: struct srvsvc_NetShareEnum in: struct srvsvc_NetShareEnum server_unc : * server_unc : '' level : * level : 0x00000001 (1) ctr : * ctr : union srvsvc_NetShareCtr(case 1) ctr1 : * ctr1: struct srvsvc_NetShareCtr1 count : 0x00000000 (0) array : NULL max_buffer : 0xffffffff (4294967295) resume_handle : * resume_handle : 0x00000000 (0) _srv_net_share_enum: 1269 init_srv_share_info_ctr push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 2 push_conn_ctx(101) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 1 srvsvc_NetShareEnum: struct srvsvc_NetShareEnum out: struct srvsvc_NetShareEnum level : * level : 0x00000001 (1) ctr : * ctr : union srvsvc_NetShareCtr(case 1) ctr1 : * ctr1: struct srvsvc_NetShareCtr1 count : 0x00000003 (3) array : * array: ARRAY(3) array: struct srvsvc_NetShareInfo1 name : * name : 'data' type : STYPE_DISKTREE (0x0) comment : * comment : '' array: struct srvsvc_NetShareInfo1 name : * name : 'share01' type : STYPE_DISKTREE (0x0) comment : * comment : 'Read Only' array: struct srvsvc_NetShareInfo1 name : * name : 'share02' type : STYPE_DISKTREE (0x0) comment : * comment : 'share02' totalentries : * totalentries : 0x00000003 (3) resume_handle : * resume_handle : 0x00000000 (0) result : WERR_OK api_rpcTNP: called srvsvc successfully pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 free_pipe_context: destroying talloc pool of size 63 write_to_pipe: data_used = 60 read_from_pipe: 74db name: srvsvc len: 4280 read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 232. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0100 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 000000e8 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..256] size=312 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5279 smb_uid=101 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 256 (0x100) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=257 [000] 00 05 00 02 03 10 00 00 00 00 01 00 00 02 00 00 ........ ........ [010] 00 E8 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ [020] 00 00 00 02 00 03 00 00 00 04 00 02 00 03 00 00 ........ ........ [030] 00 08 00 02 00 00 00 00 00 0C 00 02 00 10 00 02 ........ ........ [040] 00 00 00 00 00 14 00 02 00 18 00 02 00 00 00 00 ........ ........ [050] 00 1C 00 02 00 05 00 00 00 00 00 00 00 05 00 00 ........ ........ [060] 00 64 00 61 00 74 00 61 00 00 00 00 00 01 00 00 .d.a.t.a ........ [070] 00 00 00 00 00 01 00 00 00 00 00 00 00 08 00 00 ........ ........ [080] 00 00 00 00 00 08 00 00 00 73 00 68 00 61 00 72 ........ .s.h.a.r [090] 00 65 00 30 00 31 00 00 00 0A 00 00 00 00 00 00 .e.0.1.. ........ [0A0] 00 0A 00 00 00 52 00 65 00 61 00 64 00 20 00 4F .....R.e .a.d. .O [0B0] 00 6E 00 6C 00 79 00 00 00 08 00 00 00 00 00 00 .n.l.y.. ........ [0C0] 00 08 00 00 00 73 00 68 00 61 00 72 00 65 00 30 .....s.h .a.r.e.0 [0D0] 00 32 00 00 00 08 00 00 00 00 00 00 00 08 00 00 .2...... ........ [0E0] 00 73 00 68 00 61 00 72 00 65 00 30 00 32 00 00 .s.h.a.r .e.0.2.. [0F0] 00 03 00 00 00 20 00 02 00 00 00 00 00 00 00 00 ..... .. ........ [100] 00 . got smb length of 41 got message type 0x0 of len 0x29 Transaction 9 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51205 smb_tid=1 smb_pid=5279 smb_uid=101 smb_mid=10 smt_wct=3 smb_vwv[ 0]=29915 (0x74DB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 5253) conn 0x98a7158 change_to_user: Skipping user change - already user search for pipe pnum=74db pipe name srvsvc pnum=74db (pipes_open=1) reply_pipe_close: pnum:74db close_policy_by_pipe: deleted handle list for pipe srvsvc closed pipe name srvsvc pnum=74db (pipes_open=0) Locking key 7372767376632F353235332F323939313500 Allocated locked data 0x0x985e468 Unlocking key 7372767376632F353235332F323939313500 size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5279 smb_uid=101 smb_mid=10 smt_wct=0 smb_bcc=0 got smb length of 35 got message type 0x0 of len 0x23 Transaction 10 of length 39 size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51205 smb_tid=1 smb_pid=5279 smb_uid=101 smb_mid=11 smt_wct=0 smb_bcc=0 switch message SMBtdis (pid 5253) conn 0x98a7158 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) michaelv3 (127.0.0.1) closed connection to service IPC$ Yielding connection to IPC$ Locking key 85140000FFFFFFFF0100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Allocated locked data 0x0x985e708 Unlocking key 85140000FFFFFFFF0100000049504324000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vfs_ChDir to / setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=5279 smb_uid=101 smb_mid=11 smt_wct=0 smb_bcc=0 read_data: read of 4 returned 0. Error = Success receive_smb_raw: length < 0! timeout_processing: End of file from client (client has disconnected). Closing cache file namecache_shutdown: netbios namecache closed successfully. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Yielding connection to Locking key 85140000FFFFFFFFFFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Allocated locked data 0x0x9863ef8 Unlocking key 85140000FFFFFFFFFFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Server exit (normal exit)