The Samba-Bugzilla – Attachment 3336 Details for
Bug 5519
Samba 3.0.30 interdomain trust with Samba 3.0.20 fails
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
smbd_logfile from failing Samba 3.0.22
log_smbd.txt (text/plain), 456.74 KB, created by
Sysadmin HTL-Leonding
on 2008-06-06 00:23:54 UTC
(
hide
)
Description:
smbd_logfile from failing Samba 3.0.22
Filename:
MIME Type:
Creator:
Sysadmin HTL-Leonding
Created:
2008-06-06 00:23:54 UTC
Size:
456.74 KB
patch
obsolete
>[2008/06/05 20:55:06, 0] smbd/server.c:main(805) > smbd version 3.0.22-11-SUSE-CODE10 started. > Copyright Andrew Tridgell and the Samba Team 1992-2006 >[2008/06/05 20:55:06, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 20:55:06, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 20:55:55, 0] lib/debug.c:reopen_logs(597) > Unable to open new log file /var/log/samba/log.smbd: Permission denied >[2008/06/05 20:56:03, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:56:03, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:56:03, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:56:03, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:56:08, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:56:08, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:56:08, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:56:08, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:56:55, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 20:56:55, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 20:57:08, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 20:57:08, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 20:57:12, 0] smbd/server.c:main(805) > smbd version 3.0.22-11-SUSE-CODE10 started. > Copyright Andrew Tridgell and the Samba Team 1992-2006 >[2008/06/05 20:57:12, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 20:57:12, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 20:57:22, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:22, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:22, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:22, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:26, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:26, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:26, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:26, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:36, 0] lib/debug.c:reopen_logs(597) > Unable to open new log file /var/log/samba/log.smbd: Permission denied >[2008/06/05 20:57:41, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:41, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:41, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:41, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:44, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:44, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:44, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:44, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:49, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:49, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:49, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:57:49, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 20:59:36, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 20:59:36, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 20:59:44, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 20:59:44, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 20:59:49, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 20:59:49, 0] printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 21:01:23, 0] smbd/server.c:main(805) > smbd version 3.0.22-11-SUSE-CODE10 started. > Copyright Andrew Tridgell and the Samba Team 1992-2006 >[2008/06/05 21:01:23, 5] lib/debug.c:debug_dump_status(368) > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 > quota: False/0 > acls: False/0 > locking: False/0 > msdfs: False/0 >[2008/06/05 21:01:23, 2] param/loadparm.c:do_section(3716) > Processing section "[homes]" >[2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) > add_a_service: Creating snum = 0 for homes >[2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2528) > hash_a_service: creating tdb servicehash >[2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) > hash_a_service: hashing index 0 for service name homes > doing parameter comment = Home Directories > doing parameter valid users = %S, %D%w%S > doing parameter browseable = No > doing parameter read only = No > doing parameter inherit acls = Yes >[2008/06/05 21:01:23, 2] param/loadparm.c:do_section(3716) > Processing section "[profiles]" >[2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) > add_a_service: Creating snum = 1 for profiles >[2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) > hash_a_service: hashing index 1 for service name profiles > doing parameter comment = Network Profiles Service > doing parameter path = %H > doing parameter read only = No > doing parameter store dos attributes = Yes > doing parameter create mask = 0600 > doing parameter directory mask = 0700 >[2008/06/05 21:01:23, 2] param/loadparm.c:do_section(3716) > Processing section "[users]" >[2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) > add_a_service: Creating snum = 2 for users >[2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) > hash_a_service: hashing index 2 for service name users > doing parameter comment = All users > doing parameter path = /home > doing parameter read only = No > doing parameter inherit acls = Yes > doing parameter veto files = /aquota.user/groups/shares/ >[2008/06/05 21:01:23, 2] param/loadparm.c:do_section(3716) > Processing section "[groups]" >[2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) > add_a_service: Creating snum = 3 for groups >[2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) > hash_a_service: hashing index 3 for service name groups > doing parameter comment = All groups > doing parameter path = /home/groups > doing parameter read only = No > doing parameter inherit acls = Yes >[2008/06/05 21:01:23, 2] param/loadparm.c:do_section(3716) > Processing section "[printers]" >[2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) > add_a_service: Creating snum = 4 for printers >[2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) > hash_a_service: hashing index 4 for service name printers > doing parameter comment = All Printers > doing parameter path = /var/tmp > doing parameter printable = Yes > doing parameter create mask = 0600 > doing parameter browseable = No >[2008/06/05 21:01:23, 2] param/loadparm.c:do_section(3716) > Processing section "[print$]" >[2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) > add_a_service: Creating snum = 5 for print$ >[2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) > hash_a_service: hashing index 5 for service name print$ > doing parameter comment = Printer Drivers > doing parameter path = /var/lib/samba/drivers > doing parameter write list = @ntadmin root > doing parameter force group = ntadmin > doing parameter create mask = 0664 > doing parameter directory mask = 0775 >[2008/06/05 21:01:23, 2] param/loadparm.c:do_section(3716) > Processing section "[netlogon]" >[2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) > add_a_service: Creating snum = 6 for netlogon >[2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) > hash_a_service: hashing index 6 for service name netlogon > doing parameter comment = Network Logon Service > doing parameter path = /var/lib/samba/netlogon > doing parameter write list = root >[2008/06/05 21:01:23, 4] param/loadparm.c:lp_load(4909) > pm_process() returned Yes >[2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) > add_a_service: Creating snum = 7 for IPC$ >[2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) > hash_a_service: hashing index 7 for service name IPC$ >[2008/06/05 21:01:23, 3] param/loadparm.c:lp_add_ipc(2625) > adding IPC service >[2008/06/05 21:01:23, 8] param/loadparm.c:add_a_service(2491) > add_a_service: Creating snum = 8 for ADMIN$ >[2008/06/05 21:01:23, 10] param/loadparm.c:hash_a_service(2538) > hash_a_service: hashing index 8 for service name ADMIN$ >[2008/06/05 21:01:23, 3] param/loadparm.c:lp_add_ipc(2625) > adding IPC service >[2008/06/05 21:01:23, 10] param/loadparm.c:set_server_role(4233) > set_server_role: role = ROLE_DOMAIN_PDC >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) > Attempting to register new charset UCS-2LE >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) > Registered charset UCS-2LE >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) > Attempting to register new charset UTF-16LE >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) > Registered charset UTF-16LE >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) > Attempting to register new charset UCS-2BE >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) > Registered charset UCS-2BE >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) > Attempting to register new charset UTF-16BE >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) > Registered charset UTF-16BE >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) > Attempting to register new charset UTF8 >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) > Registered charset UTF8 >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) > Attempting to register new charset UTF-8 >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) > Registered charset UTF-8 >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) > Attempting to register new charset ASCII >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) > Registered charset ASCII >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) > Attempting to register new charset 646 >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) > Registered charset 646 >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) > Attempting to register new charset ISO-8859-1 >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) > Registered charset ISO-8859-1 >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(103) > Attempting to register new charset UCS2-HEX >[2008/06/05 21:01:23, 5] lib/iconv.c:smb_register_charset(111) > Registered charset UCS2-HEX >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2008/06/05 21:01:23, 3] printing/pcap.c:pcap_cache_reload(117) > reloading printcap cache >[2008/06/05 21:01:23, 5] printing/print_cups.c:cups_cache_reload(71) > reloading cups printcap cache >[2008/06/05 21:01:23, 10] printing/print_cups.c:cups_server(51) > cups server left to default localhost >[2008/06/05 21:01:23, 0] printing/print_cups.c:cups_cache_reload(85) >[2008/06/05 21:01:23, 10] printing/print_cups.c:cups_server(51) > cups server left to default localhost > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 21:01:23, 3] printing/pcap.c:pcap_cache_reload(223) > reload status: error >[2008/06/05 21:01:23, 3] printing/pcap.c:pcap_cache_reload(117) > reloading printcap cache >[2008/06/05 21:01:23, 5] printing/print_cups.c:cups_cache_reload(71) > reloading cups printcap cache >[2008/06/05 21:01:23, 10] printing/print_cups.c:cups_server(51) > cups server left to default localhost >[2008/06/05 21:01:23, 0] printing/print_cups.c:cups_cache_reload(85) >[2008/06/05 21:01:23, 10] printing/print_cups.c:cups_server(51) > cups server left to default localhost > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 21:01:23, 3] printing/pcap.c:pcap_cache_reload(223) > reload status: error >[2008/06/05 21:01:23, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:01:23, 2] lib/interface.c:add_interface(81) > added interface ip=192.168.0.129 bcast=192.168.0.255 nmask=255.255.255.0 >[2008/06/05 21:01:23, 5] lib/util.c:init_names(260) > Netbios name list:- > my_netbios_names[0]="DUDOW" >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:23, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:23, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:23, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:make_pdb_context_list(950) > Trying to load: smbpasswd >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(94) > Attempting to register passdb backend ldapsam >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(107) > Successfully added passdb backend 'ldapsam' >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(94) > Attempting to register passdb backend ldapsam_compat >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(107) > Successfully added passdb backend 'ldapsam_compat' >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(94) > Attempting to register passdb backend NDS_ldapsam >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(107) > Successfully added passdb backend 'NDS_ldapsam' >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(94) > Attempting to register passdb backend NDS_ldapsam_compat >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(107) > Successfully added passdb backend 'NDS_ldapsam_compat' >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(94) > Attempting to register passdb backend smbpasswd >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(107) > Successfully added passdb backend 'smbpasswd' >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(94) > Attempting to register passdb backend tdbsam >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(107) > Successfully added passdb backend 'tdbsam' >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(94) > Attempting to register passdb backend guest >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:smb_register_passdb(107) > Successfully added passdb backend 'guest' >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:make_pdb_methods_name(822) > Attempting to find an passdb backend to match smbpasswd (smbpasswd) >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:make_pdb_methods_name(843) > Found pdb backend smbpasswd >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:make_pdb_methods_name(846) > pdb backend smbpasswd has a valid init >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:make_pdb_methods_name(822) > Attempting to find an passdb backend to match guest (guest) >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:make_pdb_methods_name(843) > Found pdb backend guest >[2008/06/05 21:01:23, 5] passdb/pdb_interface.c:make_pdb_methods_name(846) > pdb backend guest has a valid init >[2008/06/05 21:01:23, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwsid(1371) > smbpasswd_getsampwrid: search by sid: S-1-5-21-3322384919-3754806424-3664837664-501 >[2008/06/05 21:01:23, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1322) > getsampwnam (smbpasswd): search by name: nobody >[2008/06/05 21:01:23, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /etc/samba/smbpasswd >[2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:23, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(488) > getsmbfilepwent: returning passwd entry for user root, uid 0 >[2008/06/05 21:01:23, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(488) > getsmbfilepwent: returning passwd entry for user SMBONE$, uid 1000 >[2008/06/05 21:01:23, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2008/06/05 21:01:23, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username nobody, was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name nobody, was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain DUDO, was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-501 >[2008/06/05 21:01:23, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3322384919-3754806424-3664837664-501 from rid 501 >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-514 >[2008/06/05 21:01:23, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-3322384919-3754806424-3664837664-514 from rid 514 >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:23, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:23, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:23, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:23, 10] lib/system_smbd.c:sys_getgrouplist(167) > sys_getgrouplist: user [nobody] >[2008/06/05 21:01:23, 10] lib/system_smbd.c:sys_getgrouplist(176) > sys_getgrouplist(): disabled winbindd for group lookup [user == nobody] >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2008/06/05 21:01:23, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2008/06/05 21:01:23, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:23, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:23, 10] passdb/passdb.c:local_gid_to_sid(1245) > local_gid_to_sid: Fall back to algorithmic mapping: 65533 -> S-1-5-21-3322384919-3754806424-3664837664-132067 >[2008/06/05 21:01:23, 10] passdb/lookup_sid.c:gid_to_sid(406) > gid_to_sid: local 65533 -> S-1-5-21-3322384919-3754806424-3664837664-132067 >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2008/06/05 21:01:23, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2008/06/05 21:01:23, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:23, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:23, 10] passdb/passdb.c:local_gid_to_sid(1245) > local_gid_to_sid: Fall back to algorithmic mapping: 65534 -> S-1-5-21-3322384919-3754806424-3664837664-132069 >[2008/06/05 21:01:23, 10] passdb/lookup_sid.c:gid_to_sid(406) > gid_to_sid: local 65534 -> S-1-5-21-3322384919-3754806424-3664837664-132069 >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:23, 10] lib/privileges.c:grant_privilege(565) > grant_privilege: S-1-1-0 > original privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 > new privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 >[2008/06/05 21:01:23, 10] lib/privileges.c:grant_privilege(565) > grant_privilege: S-1-5-32-544 > original privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 > new privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 >[2008/06/05 21:01:23, 10] lib/privileges.c:grant_privilege(565) > grant_privilege: S-1-5-32-548 > original privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 > new privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 >[2008/06/05 21:01:23, 10] lib/privileges.c:grant_privilege(565) > grant_privilege: S-1-5-32-549 > original privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 > new privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 >[2008/06/05 21:01:23, 10] lib/privileges.c:grant_privilege(565) > grant_privilege: S-1-5-32-550 > original privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 > new privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 >[2008/06/05 21:01:23, 10] lib/privileges.c:grant_privilege(565) > grant_privilege: S-1-5-32-551 > original privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 > new privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 >[2008/06/05 21:01:23, 10] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-3322384919-3754806424-3664837664-501 > contains 7 SIDs > SID[ 0]: S-1-5-21-3322384919-3754806424-3664837664-501 > SID[ 1]: S-1-5-21-3322384919-3754806424-3664837664-514 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-32-546 > SID[ 5]: S-1-5-21-3322384919-3754806424-3664837664-132067 > SID[ 6]: S-1-5-21-3322384919-3754806424-3664837664-132069 > SE_PRIV 0x0 0x0 0x0 0x0 >[2008/06/05 21:01:23, 5] auth/auth_util.c:make_server_info_sam(898) > make_server_info_sam: made server info for user nobody -> nobody >[2008/06/05 21:01:23, 3] smbd/server.c:main(840) > loaded services >[2008/06/05 21:01:23, 3] smbd/server.c:main(855) > Becoming a daemon. >[2008/06/05 21:01:23, 8] lib/util.c:fcntl_lock(1820) > fcntl_lock 9 13 0 1 1 >[2008/06/05 21:01:23, 8] lib/util.c:fcntl_lock(1855) > fcntl_lock: Lock call successful >[2008/06/05 21:01:23, 2] lib/tallocmsg.c:register_msg_pool_usage(61) > Registered MSG_REQ_POOL_USAGE >[2008/06/05 21:01:23, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >[2008/06/05 21:01:23, 5] lib/gencache.c:gencache_init(59) > Opening cache file at /var/lib/samba/gencache.tdb >[2008/06/05 21:01:23, 5] libsmb/namecache.c:namecache_enable(58) > namecache_enable: enabling netbios namecache, timeout 660 seconds >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Print] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] with subkey [Printers] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Ports] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [LanmanServer] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer] with subkey [Shares] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Eventlog] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [009] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [Monitors] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [ProductOptions] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Terminal Server] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server] with subkey [DefaultUserConfiguration] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [TcpIp] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp] with subkey [Parameters] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Netlogon] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon] with subkey [Parameters] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKU] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKU] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKCR] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKCR] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKPD] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKPD] with subkey [NULL] >[2008/06/05 21:01:23, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKPT] >[2008/06/05 21:01:23, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKPT] with subkey [NULL] >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_fetch_values(562) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2008/06/05 21:01:23, 8] registry/reg_db.c:regdb_unpack_values(514) > specific: [Samba Printer Port], len: 2 >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_fetch_values(562) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2008/06/05 21:01:23, 8] registry/reg_db.c:regdb_unpack_values(514) > specific: [DefaultSpoolDirectory], len: 70 >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_fetch_values(562) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2008/06/05 21:01:23, 8] registry/reg_db.c:regdb_unpack_values(514) > specific: [DisplayName], len: 20 >[2008/06/05 21:01:23, 8] registry/reg_db.c:regdb_unpack_values(514) > specific: [ErrorControl], len: 4 >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_fetch_values(562) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2008/06/05 21:01:23, 8] registry/reg_db.c:regdb_unpack_values(514) > specific: [DisplayName], len: 20 >[2008/06/05 21:01:23, 8] registry/reg_db.c:regdb_unpack_values(514) > specific: [ErrorControl], len: 4 >[2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_add(61) > reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] >[2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(201) > pathtree_add: Enter >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_add(268) > pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree >[2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(270) > pathtree_add: Exit >[2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_add(61) > reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] >[2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(201) > pathtree_add: Enter >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_add(268) > pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] to tree >[2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(270) > pathtree_add: Exit >[2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_add(61) > reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] >[2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(201) > pathtree_add: Enter >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_add(268) > pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] to tree >[2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(270) > pathtree_add: Exit >[2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_add(61) > reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] >[2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(201) > pathtree_add: Enter >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_add(268) > pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree >[2008/06/05 21:01:23, 8] lib/adt_tree.c:pathtree_add(270) > pathtree_add: Exit >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:23, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:23, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:23, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:23, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1322) > getsampwnam (smbpasswd): search by name: root >[2008/06/05 21:01:23, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /etc/samba/smbpasswd >[2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:23, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:23, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(488) > getsmbfilepwent: returning passwd entry for user root, uid 0 >[2008/06/05 21:01:23, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2008/06/05 21:01:23, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1344) > getsampwnam (smbpasswd): found by name: root >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username root, was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name root, was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_unix_homedir(833) > pdb_set_unix_homedir: setting home dir /root, was NULL >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain DUDO, was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-1000 >[2008/06/05 21:01:23, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3322384919-3754806424-3664837664-1000 from rid 1000 >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2008/06/05 21:01:23, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2008/06/05 21:01:23, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:23, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1001 >[2008/06/05 21:01:23, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-3322384919-3754806424-3664837664-1001 from rid 1001 >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\dudow\profiles\.msprofile, was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\dudow\root\.9xprofile, was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive P:, was NULL >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script , was >[2008/06/05 21:01:23, 10] lib/account_pol.c:account_policy_get(332) > account_policy_get: name: password history, val: 0 >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username root, was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain DUDO, was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username , was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name root, was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\dudow\root\.9xprofile, was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive P:, was NULL >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script , was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\dudow\profiles\.msprofile, was >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2008/06/05 21:01:23, 10] lib/account_pol.c:account_policy_get(332) > account_policy_get: name: password history, val: 0 >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-1000 >[2008/06/05 21:01:23, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3322384919-3754806424-3664837664-1000 from rid 1000 >[2008/06/05 21:01:23, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1001 >[2008/06/05 21:01:23, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-3322384919-3754806424-3664837664-1001 from rid 1001 >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:23, 10] passdb/passdb.c:local_uid_to_sid(1154) > local_uid_to_sid: uid (0) -> SID S-1-5-21-3322384919-3754806424-3664837664-1000 (root). >[2008/06/05 21:01:23, 10] passdb/lookup_sid.c:uid_to_sid(364) > uid_to_sid: local 0 -> S-1-5-21-3322384919-3754806424-3664837664-1000 >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:23, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:23, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:23, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:23, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:23, 10] passdb/passdb.c:local_gid_to_sid(1245) > local_gid_to_sid: Fall back to algorithmic mapping: 0 -> S-1-5-21-3322384919-3754806424-3664837664-1001 >[2008/06/05 21:01:23, 10] passdb/lookup_sid.c:gid_to_sid(406) > gid_to_sid: local 0 -> S-1-5-21-3322384919-3754806424-3664837664-1001 >[2008/06/05 21:01:23, 10] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-3322384919-3754806424-3664837664-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-3322384919-3754806424-3664837664-1000 > SID[ 1]: S-1-5-21-3322384919-3754806424-3664837664-1001 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-32-544 > SE_PRIV 0x0 0x0 0x0 0x0 >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (1) >[2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services] >[2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 sec_io_desc sec_desc >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 revision : 0001 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 type : 8004 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 off_owner_sid: 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 off_grp_sid : 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c off_sacl : 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 off_dacl : 00000014 >[2008/06/05 21:01:23, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 sec_io_acl dacl >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 revision: 0002 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 num_aces : 00000004 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c sec_io_ace ace_list[00]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 001c type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 001d flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000020 sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 mask: 0002018d >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0024 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0025 num_auths : 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0026 id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0027 id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0028 id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0029 id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002a id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002b id_auth[5] : 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 002c sub_auths : 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e size : 0014 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 sec_io_ace ace_list[01]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0030 type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0031 flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000034 sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 mask: 000201fd >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0038 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0039 num_auths : 02 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003a id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003b id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003c id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003d id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003e id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003f id_auth[5] : 05 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 0040 sub_auths : 00000020 00000223 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0032 size : 0018 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 sec_io_ace ace_list[02]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0048 type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0049 flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00004c sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 004c mask: 000f01ff >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0050 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0051 num_auths : 02 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0052 id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0053 id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0054 id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0055 id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0056 id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0057 id_auth[5] : 05 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 0058 sub_auths : 00000020 00000225 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 004a size : 0018 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000060 sec_io_ace ace_list[03]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0060 type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0061 flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000064 sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0064 mask: 000f01ff >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0068 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0069 num_auths : 02 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006a id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006b id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006c id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006d id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006e id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006f id_auth[5] : 05 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 0070 sub_auths : 00000020 00000220 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0062 size : 0018 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 size : 0064 >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 sec_io_desc sec_desc >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 revision : 0001 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 type : 8004 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 off_owner_sid: 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 off_grp_sid : 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c off_sacl : 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 off_dacl : 00000014 >[2008/06/05 21:01:23, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 sec_io_acl dacl >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 revision: 0002 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 num_aces : 00000004 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c sec_io_ace ace_list[00]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 001c type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 001d flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000020 sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 mask: 0002018d >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0024 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0025 num_auths : 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0026 id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0027 id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0028 id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0029 id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002a id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002b id_auth[5] : 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 002c sub_auths : 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e size : 0014 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 sec_io_ace ace_list[01]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0030 type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0031 flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000034 sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 mask: 000201fd >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0038 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0039 num_auths : 02 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003a id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003b id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003c id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003d id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003e id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003f id_auth[5] : 05 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 0040 sub_auths : 00000020 00000223 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0032 size : 0018 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 sec_io_ace ace_list[02]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0048 type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0049 flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00004c sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 004c mask: 000f01ff >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0050 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0051 num_auths : 02 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0052 id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0053 id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0054 id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0055 id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0056 id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0057 id_auth[5] : 05 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 0058 sub_auths : 00000020 00000225 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 004a size : 0018 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000060 sec_io_ace ace_list[03]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0060 type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0061 flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000064 sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0064 mask: 000f01ff >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0068 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0069 num_auths : 02 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006a id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006b id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006c id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006d id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006e id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006f id_auth[5] : 05 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 0070 sub_auths : 00000020 00000220 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0062 size : 0018 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 size : 0064 >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 sec_io_desc sec_desc >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 revision : 0001 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 type : 8004 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 off_owner_sid: 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 off_grp_sid : 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c off_sacl : 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 off_dacl : 00000014 >[2008/06/05 21:01:23, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 sec_io_acl dacl >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 revision: 0002 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 num_aces : 00000004 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c sec_io_ace ace_list[00]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 001c type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 001d flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000020 sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 mask: 0002018d >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0024 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0025 num_auths : 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0026 id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0027 id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0028 id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0029 id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002a id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002b id_auth[5] : 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 002c sub_auths : 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e size : 0014 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 sec_io_ace ace_list[01]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0030 type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0031 flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000034 sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 mask: 000201fd >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0038 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0039 num_auths : 02 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003a id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003b id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003c id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003d id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003e id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003f id_auth[5] : 05 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 0040 sub_auths : 00000020 00000223 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0032 size : 0018 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 sec_io_ace ace_list[02]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0048 type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0049 flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00004c sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 004c mask: 000f01ff >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0050 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0051 num_auths : 02 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0052 id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0053 id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0054 id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0055 id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0056 id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0057 id_auth[5] : 05 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 0058 sub_auths : 00000020 00000225 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 004a size : 0018 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000060 sec_io_ace ace_list[03]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0060 type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0061 flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000064 sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0064 mask: 000f01ff >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0068 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0069 num_auths : 02 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006a id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006b id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006c id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006d id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006e id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006f id_auth[5] : 05 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 0070 sub_auths : 00000020 00000220 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0062 size : 0018 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 size : 0064 >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2008/06/05 21:01:23, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2008/06/05 21:01:23, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] >[2008/06/05 21:01:23, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2008/06/05 21:01:23, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2008/06/05 21:01:23, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 6 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-1000. >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:23, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-1000 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-1001 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2008/06/05 21:01:23, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 sec_io_desc sec_desc >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 revision : 0001 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 type : 8004 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 off_owner_sid: 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 off_grp_sid : 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c off_sacl : 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 off_dacl : 00000014 >[2008/06/05 21:01:23, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 sec_io_acl dacl >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 revision: 0002 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 num_aces : 00000004 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c sec_io_ace ace_list[00]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 001c type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 001d flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000020 sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 mask: 0002018d >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0024 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0025 num_auths : 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0026 id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0027 id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0028 id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0029 id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002a id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002b id_auth[5] : 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 002c sub_auths : 00000000 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e size : 0014 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 sec_io_ace ace_list[01]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0030 type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0031 flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000034 sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 mask: 000201fd >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0038 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0039 num_auths : 02 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003a id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003b id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003c id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003d id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003e id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003f id_auth[5] : 05 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 0040 sub_auths : 00000020 00000223 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0032 size : 0018 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 sec_io_ace ace_list[02]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0048 type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0049 flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00004c sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 004c mask: 000f01ff >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0050 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0051 num_auths : 02 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0052 id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0053 id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0054 id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0055 id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0056 id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0057 id_auth[5] : 05 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 0058 sub_auths : 00000020 00000225 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 004a size : 0018 >[2008/06/05 21:01:23, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000060 sec_io_ace ace_list[03]: >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0060 type : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0061 flags: 00 >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000064 sec_io_access info >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0064 mask: 000f01ff >[2008/06/05 21:01:23, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_dom_sid trustee >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0068 sid_rev_num: 01 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0069 num_auths : 02 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006a id_auth[0] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006b id_auth[1] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006c id_auth[2] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006d id_auth[3] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006e id_auth[4] : 00 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 006f id_auth[5] : 05 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 0070 sub_auths : 00000020 00000220 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0062 size : 0018 >[2008/06/05 21:01:23, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 size : 0064 >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_store_values(592) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (1) >[2008/06/05 21:01:23, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (0) >[2008/06/05 21:01:23, 10] printing/nt_printing.c:update_c_setprinter(689) > update_c_setprinter: c_setprinter = 0 >[2008/06/05 21:01:23, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2008/06/05 21:01:23, 3] printing/printing.c:start_background_queue(1379) > start_background_queue: Starting background LPQ thread >[2008/06/05 21:01:23, 5] printing/printing.c:start_background_queue(1389) > start_background_queue: background LPQ thread started >[2008/06/05 21:01:23, 5] smbd/connection.c:claim_connection(170) > claiming smbd lpq backend 0 >[2008/06/05 21:01:23, 5] printing/printing.c:start_background_queue(1400) > start_background_queue: background LPQ thread waiting for messages >[2008/06/05 21:01:23, 10] lib/util_sock.c:open_socket_in(835) > bind succeeded on port 445 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2008/06/05 21:01:23, 10] lib/util_sock.c:open_socket_in(835) > bind succeeded on port 139 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2008/06/05 21:01:23, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2008/06/05 21:01:23, 2] smbd/server.c:open_sockets_smbd(336) > waiting for a connection >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:01:42, 3] smbd/oplock.c:init_oplocks(871) > open_oplock_ipc: initializing messages. >[2008/06/05 21:01:42, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(259) > Linux kernel oplocks enabled >[2008/06/05 21:01:42, 4] lib/time.c:TimeInit(142) > TimeInit: Serverzone is -7200 >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 190 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0xbe >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 0 of length 194 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=190 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=5094 > smb_uid=0 > smb_mid=1 > smt_wct=0 > smb_bcc=155 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO > [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 > [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW > [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN > [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. > [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L > [070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. > [080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. > [090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBnegprot (pid 7908) conn 0x0 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [MICROSOFT NETWORKS 1.03] >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [MICROSOFT NETWORKS 3.0] >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LANMAN1.0] >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LM1.2X002] >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [DOS LANMAN2.1] >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LANMAN2.1] >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [Samba] >[2008/06/05 21:01:42, 10] lib/util.c:set_remote_arch(2033) > set_remote_arch: Client arch is 'Samba' >[2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:01:42, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_nt1(357) > using SPNEGO >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(579) > Selected protocol NT LANMAN 1.0 >[2008/06/05 21:01:42, 5] smbd/negprot.c:reply_negprot(585) > negprot index=8 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=5094 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=58368 (0xE400) > smb_vwv[ 8]= 30 (0x1E) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=32995 (0x80E3) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]=18287 (0x476F) > smb_vwv[13]=16023 (0x3E97) > smb_vwv[14]=51399 (0xC8C7) > smb_vwv[15]=34817 (0x8801) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 64 75 64 6F 77 00 00 00 00 00 00 00 00 00 00 00 dudow... ........ > [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:01:42, 3] smbd/oplock.c:init_oplocks(871) > open_oplock_ipc: initializing messages. >[2008/06/05 21:01:42, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(259) > Linux kernel oplocks enabled >[2008/06/05 21:01:42, 4] lib/time.c:TimeInit(142) > TimeInit: Serverzone is -7200 >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_data(520) > read_data: read of 4 returned 0. Error = Success >[2008/06/05 21:01:42, 10] lib/util_sock.c:receive_smb_raw(669) > receive_smb_raw: length < 0! >[2008/06/05 21:01:42, 3] smbd/process.c:timeout_processing(1340) > timeout_processing: End of file from client (client has disconnected). >[2008/06/05 21:01:42, 5] lib/gencache.c:gencache_shutdown(89) > Closing cache file >[2008/06/05 21:01:42, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:01:42, 2] smbd/server.c:exit_server(614) > Closing connections >[2008/06/05 21:01:42, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2008/06/05 21:01:42, 3] smbd/connection.c:yield_connection(76) > yield_connection: tdb_delete for name failed with error Record does not exist. >[2008/06/05 21:01:42, 3] smbd/server.c:exit_server(655) > Server exit (normal exit) >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 88 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x58 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 1 of length 92 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=88 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=5094 > smb_uid=0 > smb_mid=2 > smt_wct=13 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 5094 (0x13E6) > smb_vwv[ 5]= 7908 (0x1EE4) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]=49244 (0xC05C) > smb_vwv[12]= 0 (0x0) > smb_bcc=27 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S > [010] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBsesssetupX (pid 7908) conn 0x0 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:01:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) > wct=13 flg2=0xc801 >[2008/06/05 21:01:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(968) > Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] >[2008/06/05 21:01:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(983) > sesssetupX:name=[]\[]@[192.168.0.131] >[2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:01:42, 3] smbd/sesssetup.c:check_guest_password(132) > Got anonymous request >[2008/06/05 21:01:42, 5] auth/auth.c:make_auth_context_subsystem(482) > Making default auth method list for DC, security=user, encrypt passwords = yes >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend rhosts >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'rhosts' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend hostsequiv >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'hostsequiv' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam_ignoredomain >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam_ignoredomain' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend unix >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'unix' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend winbind >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'winbind' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend smbserver >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'smbserver' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend trustdomain >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'trustdomain' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend ntdomain >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'ntdomain' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend guest >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'guest' >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match guest >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method guest has a valid init >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match sam >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method sam has a valid init >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match winbind:trustdomain >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match trustdomain >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method trustdomain has a valid init >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method winbind has a valid init >[2008/06/05 21:01:42, 5] auth/auth_util.c:make_user_info(69) > attempting to make a user_info for () >[2008/06/05 21:01:42, 5] auth/auth_util.c:make_user_info(79) > making strings for 's user_info struct >[2008/06/05 21:01:42, 5] auth/auth_util.c:make_user_info(121) > making blobs for 's user_info struct >[2008/06/05 21:01:42, 10] auth/auth_util.c:make_user_info(139) > made an encrypted user_info for () >[2008/06/05 21:01:42, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface >[2008/06/05 21:01:42, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: []\[]@[] >[2008/06/05 21:01:42, 10] auth/auth.c:check_ntlm_password(231) > check_ntlm_password: auth_context challenge created by fixed >[2008/06/05 21:01:42, 10] auth/auth.c:check_ntlm_password(233) > challenge is: >[2008/06/05 21:01:42, 5] lib/util.c:dump_data(2058) > [000] 00 00 00 00 00 00 00 00 ........ >[2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) > account_policy_get: name: password history, val: 0 >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username nobody, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain DUDO, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username , was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name nobody, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\dudow\nobody\.9xprofile, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive P:, was NULL >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script , was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\dudow\profiles\.msprofile, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) > account_policy_get: name: password history, val: 0 >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-501 >[2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3322384919-3754806424-3664837664-501 from rid 501 >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-514 >[2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-3322384919-3754806424-3664837664-514 from rid 514 >[2008/06/05 21:01:42, 3] auth/auth.c:check_ntlm_password(268) > check_ntlm_password: guest authentication for user [] succeeded >[2008/06/05 21:01:42, 5] auth/auth.c:check_ntlm_password(307) > check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded >[2008/06/05 21:01:42, 5] auth/auth_util.c:free_user_info(1485) > attempting to free (and zero) a user_info structure >[2008/06/05 21:01:42, 10] auth/auth_util.c:free_user_info(1488) > structure was created for >[2008/06/05 21:01:42, 5] auth/auth_util.c:free_user_info(1485) > attempting to free (and zero) a user_info structure >[2008/06/05 21:01:42, 10] smbd/password.c:register_vuid(182) > register_vuid: allocated vuid = 100 >[2008/06/05 21:01:42, 10] lib/util_pw.c:getpwnam_alloc(98) > Got nobody from pwnam_cache >[2008/06/05 21:01:42, 10] smbd/password.c:register_vuid(255) > register_vuid: (65534,65533) nobody nobody DUDO guest=1 >[2008/06/05 21:01:42, 3] smbd/password.c:register_vuid(257) > User name: nobody Real name: nobody >[2008/06/05 21:01:42, 3] smbd/password.c:register_vuid(276) > UNIX uid 65534 is UNIX user nobody, and will be vuid 100 >[2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=118 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=5094 > smb_uid=100 > smb_mid=2 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=77 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m > [010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 32 .b.a. .3 ...0...2 > [020] 00 32 00 2D 00 31 00 31 00 2D 00 53 00 55 00 53 .2.-.1.1 .-.S.U.S > [030] 00 45 00 2D 00 43 00 4F 00 44 00 45 00 31 00 30 .E.-.C.O .D.E.1.0 > [040] 00 00 00 44 00 55 00 44 00 4F 00 00 00 ...D.U.D .O... >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 74 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x4a >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 2 of length 78 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=74 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=5094 > smb_uid=100 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=31 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 5C 00 44 00 55 00 44 00 4F 00 57 00 5C .\.\.D.U .D.O.W.\ > [010] 00 49 00 50 00 43 00 24 00 00 00 49 50 43 00 .I.P.C.$ ...IPC. >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtconX (pid 7908) conn 0x0 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:01:42, 4] smbd/reply.c:reply_tcon_and_X(660) > Client requested device type [IPC] for share [IPC$] >[2008/06/05 21:01:42, 5] smbd/service.c:make_connection(867) > making a connection to 'normal' service ipc$ >[2008/06/05 21:01:42, 5] lib/username.c:Get_Pwnam_alloc(290) > Finding user nobody >[2008/06/05 21:01:42, 5] lib/username.c:Get_Pwnam_internals(234) > Trying _Get_Pwnam(), username as lowercase is nobody >[2008/06/05 21:01:42, 10] lib/util_pw.c:getpwnam_alloc(98) > Got nobody from pwnam_cache >[2008/06/05 21:01:42, 5] lib/username.c:Get_Pwnam_internals(267) > Get_Pwnam_internals did find user [nobody]! >[2008/06/05 21:01:42, 3] smbd/service.c:make_connection_snum(495) > Connect path is '/var/tmp' for service [IPC$] >[2008/06/05 21:01:42, 4] lib/sharesec.c:get_share_security(130) > get_share_security: using default secdesc for IPC$ >[2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000002, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2008/06/05 21:01:42, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2) granted. >[2008/06/05 21:01:42, 3] smbd/vfs.c:vfs_init_default(216) > Initialising default vfs hooks >[2008/06/05 21:01:42, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2008/06/05 21:01:42, 10] smbd/uid.c:is_share_read_only_for_user(127) > is_share_read_only_for_user: share IPC$ is read-only for unix user nobody >[2008/06/05 21:01:42, 4] lib/sharesec.c:get_share_security(130) > get_share_security: using default secdesc for IPC$ >[2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000001, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2008/06/05 21:01:42, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (1) granted. >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-3322384919-3754806424-3664837664-501 > contains 7 SIDs > SID[ 0]: S-1-5-21-3322384919-3754806424-3664837664-501 > SID[ 1]: S-1-5-21-3322384919-3754806424-3664837664-514 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-32-546 > SID[ 5]: S-1-5-21-3322384919-3754806424-3664837664-132067 > SID[ 6]: S-1-5-21-3322384919-3754806424-3664837664-132069 > SE_PRIV 0x0 0x0 0x0 0x0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 65534 > Primary group is 65533 and contains 2 supplementary groups > Group[ 0]: 65533 > Group[ 1]: 65534 >[2008/06/05 21:01:42, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(65534,65534) gid=(0,65533) >[2008/06/05 21:01:42, 3] smbd/service.c:make_connection_snum(700) > 192.168.0.131 (192.168.0.131) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 7908) >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:01:42, 3] smbd/reply.c:reply_tcon_and_X(708) > tconX service=IPC$ >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 49 50 43 00 00 00 00 IPC.... >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 100 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x64 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 3 of length 104 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=4 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=17 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [010] 00 . >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBntcreateX (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-3322384919-3754806424-3664837664-501 > contains 7 SIDs > SID[ 0]: S-1-5-21-3322384919-3754806424-3664837664-501 > SID[ 1]: S-1-5-21-3322384919-3754806424-3664837664-514 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-32-546 > SID[ 5]: S-1-5-21-3322384919-3754806424-3664837664-132067 > SID[ 6]: S-1-5-21-3322384919-3754806424-3664837664-132069 > SE_PRIV 0x0 0x0 0x0 0x0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 65534 > Primary group is 65533 and contains 2 supplementary groups > Group[ 0]: 65533 > Group[ 1]: 65534 >[2008/06/05 21:01:42, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(65534,65534) gid=(0,65533) >[2008/06/05 21:01:42, 4] smbd/vfs.c:vfs_ChDir(738) > vfs_ChDir to /var/tmp >[2008/06/05 21:01:42, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) > reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >[2008/06/05 21:01:42, 4] smbd/nttrans.c:nt_open_pipe(330) > nt_open_pipe: Opening pipe \lsarpc. >[2008/06/05 21:01:42, 3] smbd/nttrans.c:nt_open_pipe(351) > nt_open_pipe: Known pipe lsarpc opening. >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested lsarpc (pipes_open=0) >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(363) > Created internal pipe lsarpc (pipes_open=0) >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe lsarpc with handle 76f2 (pipes_open=1) >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=76f2 >[2008/06/05 21:01:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=4 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=61952 (0xF200) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 154 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x9a >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 4 of length 158 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=5 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30450 (0x76F2) > smb_bcc=87 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j > [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f2 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f2 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 76f2) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f2 name: lsarpc open: Yes len: 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0b >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0048 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000001 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 11 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1495) > api_pipe_bind_req: decode request. 1495 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1506) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0008 num_contexts: 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000c context_id : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 000e num_transfer_syntaxes: 01 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 data : 3919286a >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 data : b10c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 data : 11d0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0018 data : 9b a8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 001a data : 00 c0 4f d9 2e f5 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 version: 00000000 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 data : 8a885d04 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0028 data : 1ceb >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 002a data : 11c9 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002c data : 9f e8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002e data : 08 00 2b 10 48 60 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 version: 00000002 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1548) > api_pipe_bind_req: make response. 1548 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:check_bind_req(959) > check_bind_req for \PIPE\lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\lsarpc >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 000053f0 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 len: 000c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000a str: \PIPE\lsass. >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0018 num_results: 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001c result : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e reason : 0000 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 data : 8a885d04 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 data : 1ceb >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 data : 11c9 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0028 data : 9f e8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002a data : 08 00 2b 10 48 60 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 version: 00000002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000001 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 56 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f2 name: lsarpc len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=5 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 108 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x6c >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 5 of length 112 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=108 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 26 (0x1A) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 26 (0x1A) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30450 (0x76F2) > smb_bcc=41 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ > [020] 00 00 00 00 00 00 00 01 00 ........ . >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=26 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f2 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f2 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 76f2) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f2 name: lsarpc open: Yes len: 26 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 26 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 10 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 001a >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000002 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 10 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0000 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 71 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: lsarpc op 0x0 - unknown >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 23 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0020 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_hdr_fault fault >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0018 status : NT code 0x1c010002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c reserved: 00000000 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 10 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f2 name: lsarpc len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) > read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..32] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 41 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x29 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 6 of length 45 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=7 > smt_wct=3 > smb_vwv[ 0]=30450 (0x76F2) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBclose (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f2 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f2 (pipes_open=1) >[2008/06/05 21:01:42, 5] smbd/pipes.c:reply_pipe_close(272) > reply_pipe_close: pnum:76f2 >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1166) > closed pipe name lsarpc pnum=76f2 (pipes_open=0) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=7 > smt_wct=0 > smb_bcc=0 >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 100 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x64 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 7 of length 104 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=8 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=17 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [010] 00 . >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBntcreateX (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) > reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >[2008/06/05 21:01:42, 4] smbd/nttrans.c:nt_open_pipe(330) > nt_open_pipe: Opening pipe \lsarpc. >[2008/06/05 21:01:42, 3] smbd/nttrans.c:nt_open_pipe(351) > nt_open_pipe: Known pipe lsarpc opening. >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested lsarpc (pipes_open=0) >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(363) > Created internal pipe lsarpc (pipes_open=0) >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe lsarpc with handle 76f3 (pipes_open=1) >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=76f3 >[2008/06/05 21:01:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=8 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=62208 (0xF300) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 154 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x9a >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 8 of length 158 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30451 (0x76F3) > smb_bcc=87 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f3 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f3 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 76f3) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f3 name: lsarpc open: Yes len: 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0b >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0048 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000003 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 11 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1495) > api_pipe_bind_req: decode request. 1495 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1506) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0008 num_contexts: 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000c context_id : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 000e num_transfer_syntaxes: 01 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 data : 12345778 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 data : 1234 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 data : abcd >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0018 data : ef 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 001a data : 01 23 45 67 89 ab >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 version: 00000000 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 data : 8a885d04 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0028 data : 1ceb >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 002a data : 11c9 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002c data : 9f e8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002e data : 08 00 2b 10 48 60 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 version: 00000002 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1548) > api_pipe_bind_req: make response. 1548 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:check_bind_req(959) > check_bind_req for \PIPE\lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\lsarpc >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 000053f0 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 len: 000c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000a str: \PIPE\lsass. >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0018 num_results: 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001c result : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e reason : 0000 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 data : 8a885d04 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 data : 1ceb >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 data : 11c9 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0028 data : 9f e8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002a data : 08 00 2b 10 48 60 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 version: 00000002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000003 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 56 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f3 name: lsarpc len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 174 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0xae >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 9 of length 178 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=174 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=10 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 92 (0x5C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 92 (0x5C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30451 (0x76F3) > smb_bcc=107 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 5C 00 00 00 04 00 00 00 44 .......\ .......D > [020] 00 00 00 00 00 2C 00 01 00 00 00 08 00 00 00 00 .....,.. ........ > [030] 00 00 00 08 00 00 00 5C 00 5C 00 44 00 55 00 44 .......\ .\.D.U.D > [040] 00 4F 00 57 00 00 00 18 00 00 00 00 00 00 00 00 .O.W.... ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 0C ........ ........ > [060] 00 00 00 02 00 01 00 00 00 00 02 ........ ... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=92 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f3 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f3 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 76f3) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f3 name: lsarpc open: Yes len: 92 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 92 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 92 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 92, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 76 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 76 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 005c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000004 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 76 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 76, incoming data = 76 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000044 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 002c >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 71 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[0].fn == 0x800f5230 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_open_pol2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 ptr : 00000001 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 uni_max_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 offset : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c uni_str_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 0010 buffer : \.\.D.U.D.O.W... >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 lsa_io_obj_attr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 len : 00000018 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 ptr_root_dir: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 ptr_obj_name: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 002c attributes : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 ptr_sec_desc: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 ptr_sec_qos : 00000001 >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000038 lsa_io_obj_qos sec_qos >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0038 len : 0000000c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 003c sec_imp_level : 0002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003e sec_ctxt_mode : 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003f effective_only: 00 >[2008/06/05 21:01:42, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) > lsa_io_sec_qos: length c does not match size 8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0040 des_access: 02000000 >[2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 >[2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH > [010] E4 1E 00 00 .... >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_open_pol2 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000001 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000c data5: 16 38 48 48 e4 1e 00 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0014 status: NT_STATUS_OK >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called lsarpc successfully >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 824 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 76 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f3 name: lsarpc len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000004 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 16 38 48 48 E4 1E 00 00 00 00 00 ......8H H....... > [030] 00 . >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 128 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x80 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 10 of length 132 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=11 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30451 (0x76F3) > smb_bcc=61 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 00 00 ........ ........ > [030] 00 00 00 16 38 48 48 E4 1E 00 00 0C 00 ....8HH. ..... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f3 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f3 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 76f3) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f3 name: lsarpc open: Yes len: 46 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 46 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 30 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 002e >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000005 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 30 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000016 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 002e >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: lsarpc op 0x2e - unknown >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 23 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0020 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000005 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_hdr_fault fault >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0018 status : NT code 0x1c010002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c reserved: 00000000 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 30 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f3 name: lsarpc len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) > read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..32] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 150 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x96 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 11 of length 154 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=150 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30451 (0x76F3) > smb_bcc=83 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 44 00 00 00 06 00 00 00 2C .......D ......., > [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... > [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ > [050] 00 00 02 ... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=68 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f3 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f3 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 76f3) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f3 name: lsarpc open: Yes len: 68 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 68 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 52 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000006 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 52 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 52, incoming data = 52 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 0000002c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0006 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[1].fn == 0x800f53f0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_open_pol >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 ptr : 00000001 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 system_name: 005c >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 lsa_io_obj_attr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 len : 00000018 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c ptr_root_dir: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 ptr_obj_name: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 attributes : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 ptr_sec_desc: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c ptr_sec_qos : 00000001 >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 lsa_io_obj_qos sec_qos >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 len : 0000000c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 sec_imp_level : 0002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0026 sec_ctxt_mode : 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0027 effective_only: 00 >[2008/06/05 21:01:42, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) > lsa_io_sec_qos: length c does not match size 8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 des_access: 02000000 >[2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 >[2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH > [010] E4 1E 00 00 .... >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_open_pol >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000c data5: 16 38 48 48 e4 1e 00 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0014 status: NT_STATUS_OK >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called lsarpc successfully >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 808 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 52 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f3 name: lsarpc len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000006 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 16 38 48 48 E4 1E 00 00 00 00 00 ......8H H....... > [030] 00 . >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 128 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x80 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 12 of length 132 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30451 (0x76F3) > smb_bcc=61 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 07 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ > [030] 00 00 00 16 38 48 48 E4 1E 00 00 05 00 ....8HH. ..... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f3 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f3 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 76f3) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f3 name: lsarpc open: Yes len: 46 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 46 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 30 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 002e >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000007 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 30 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000016 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0007 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[2].fn == 0x800f56b0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_query >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000c data5: 16 38 48 48 e4 1e 00 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 info_class: 0005 >[2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH > [010] E4 1E 00 00 .... >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_query >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 22000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 info_class: 0005 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 lsa_io_dom_query >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 uni_dom_max_len: 0008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a uni_dom_str_len: 000a >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c buffer_dom_name: 00000001 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 buffer_dom_sid : 00000001 >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unistr2 unistr2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 uni_max_len: 00000005 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 offset : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c uni_str_len: 00000004 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 0020 buffer : D.U.D.O. >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_dom_sid2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 num_auths: 00000004 >[2008/06/05 21:01:42, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00002c smb_io_dom_sid sid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002c sid_rev_num: 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002d num_auths : 04 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002e id_auth[0] : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002f id_auth[1] : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0030 id_auth[2] : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0031 id_auth[3] : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0032 id_auth[4] : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0033 id_auth[5] : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 0034 sub_auths : 00000015 c6079217 dfcdcc98 da70fc20 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0044 status: NT_STATUS_OK >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called lsarpc successfully >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 10 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 30 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f3 name: lsarpc len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 72. >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0060 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000007 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000048 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..96] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 96 (0x60) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=97 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 07 00 00 ........ .`...... > [010] 00 48 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .H...... ...."... > [020] 00 08 00 0A 00 01 00 00 00 01 00 00 00 05 00 00 ........ ........ > [030] 00 00 00 00 00 04 00 00 00 44 00 55 00 44 00 4F ........ .D.U.D.O > [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [050] 00 17 92 07 C6 98 CC CD DF 20 FC 70 DA 00 00 00 ........ . .p.... > [060] 00 . >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 41 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x29 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 13 of length 45 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=14 > smt_wct=3 > smb_vwv[ 0]=30451 (0x76F3) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBclose (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f3 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f3 (pipes_open=1) >[2008/06/05 21:01:42, 5] smbd/pipes.c:reply_pipe_close(272) > reply_pipe_close: pnum:76f3 >[2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH > [010] E4 1E 00 00 .... >[2008/06/05 21:01:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH > [010] E4 1E 00 00 .... >[2008/06/05 21:01:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1166) > closed pipe name lsarpc pnum=76f3 (pipes_open=0) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=14 > smt_wct=0 > smb_bcc=0 >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:01:42, 3] smbd/oplock.c:init_oplocks(871) > open_oplock_ipc: initializing messages. >[2008/06/05 21:01:42, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(259) > Linux kernel oplocks enabled >[2008/06/05 21:01:42, 4] lib/time.c:TimeInit(142) > TimeInit: Serverzone is -7200 >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 190 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0xbe >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 0 of length 194 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=190 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=5071 > smb_uid=0 > smb_mid=1 > smt_wct=0 > smb_bcc=155 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO > [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 > [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW > [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN > [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. > [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L > [070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. > [080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. > [090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBnegprot (pid 7910) conn 0x0 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [MICROSOFT NETWORKS 1.03] >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [MICROSOFT NETWORKS 3.0] >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LANMAN1.0] >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LM1.2X002] >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [DOS LANMAN2.1] >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [LANMAN2.1] >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(486) > Requested protocol [Samba] >[2008/06/05 21:01:42, 10] lib/util.c:set_remote_arch(2033) > set_remote_arch: Client arch is 'Samba' >[2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:01:42, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_nt1(357) > using SPNEGO >[2008/06/05 21:01:42, 3] smbd/negprot.c:reply_negprot(579) > Selected protocol NT LANMAN 1.0 >[2008/06/05 21:01:42, 5] smbd/negprot.c:reply_negprot(585) > negprot index=8 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=127 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=5071 > smb_uid=0 > smb_mid=1 > smt_wct=17 > smb_vwv[ 0]= 8 (0x8) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=58880 (0xE600) > smb_vwv[ 8]= 30 (0x1E) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=32995 (0x80E3) > smb_vwv[11]= 128 (0x80) > smb_vwv[12]=18287 (0x476F) > smb_vwv[13]=16023 (0x3E97) > smb_vwv[14]=51399 (0xC8C7) > smb_vwv[15]=34817 (0x8801) > smb_vwv[16]= 255 (0xFF) > smb_bcc=58 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 64 75 64 6F 77 00 00 00 00 00 00 00 00 00 00 00 dudow... ........ > [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... > [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... > [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2008/06/05 21:01:42, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:01:42, 3] smbd/oplock.c:init_oplocks(871) > open_oplock_ipc: initializing messages. >[2008/06/05 21:01:42, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(259) > Linux kernel oplocks enabled >[2008/06/05 21:01:42, 4] lib/time.c:TimeInit(142) > TimeInit: Serverzone is -7200 >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_data(520) > read_data: read of 4 returned 0. Error = Success >[2008/06/05 21:01:42, 10] lib/util_sock.c:receive_smb_raw(669) > receive_smb_raw: length < 0! >[2008/06/05 21:01:42, 3] smbd/process.c:timeout_processing(1340) > timeout_processing: End of file from client (client has disconnected). >[2008/06/05 21:01:42, 5] lib/gencache.c:gencache_shutdown(89) > Closing cache file >[2008/06/05 21:01:42, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:01:42, 2] smbd/server.c:exit_server(614) > Closing connections >[2008/06/05 21:01:42, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2008/06/05 21:01:42, 3] smbd/connection.c:yield_connection(76) > yield_connection: tdb_delete for name failed with error Record does not exist. >[2008/06/05 21:01:42, 3] smbd/server.c:exit_server(655) > Server exit (normal exit) >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 88 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x58 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 1 of length 92 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=88 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=5071 > smb_uid=0 > smb_mid=2 > smt_wct=13 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=65535 (0xFFFF) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 5071 (0x13CF) > smb_vwv[ 5]= 7910 (0x1EE6) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]=49244 (0xC05C) > smb_vwv[12]= 0 (0x0) > smb_bcc=27 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S > [010] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBsesssetupX (pid 7910) conn 0x0 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:01:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) > wct=13 flg2=0xc801 >[2008/06/05 21:01:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(968) > Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] >[2008/06/05 21:01:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(983) > sesssetupX:name=[]\[]@[192.168.0.131] >[2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:01:42, 3] smbd/sesssetup.c:check_guest_password(132) > Got anonymous request >[2008/06/05 21:01:42, 5] auth/auth.c:make_auth_context_subsystem(482) > Making default auth method list for DC, security=user, encrypt passwords = yes >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend rhosts >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'rhosts' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend hostsequiv >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'hostsequiv' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam_ignoredomain >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam_ignoredomain' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend unix >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'unix' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend winbind >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'winbind' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend smbserver >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'smbserver' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend trustdomain >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'trustdomain' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend ntdomain >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'ntdomain' >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend guest >[2008/06/05 21:01:42, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'guest' >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match guest >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method guest has a valid init >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match sam >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method sam has a valid init >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match winbind:trustdomain >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(389) > load_auth_module: Attempting to find an auth method to match trustdomain >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method trustdomain has a valid init >[2008/06/05 21:01:42, 5] auth/auth.c:load_auth_module(414) > load_auth_module: auth method winbind has a valid init >[2008/06/05 21:01:42, 5] auth/auth_util.c:make_user_info(69) > attempting to make a user_info for () >[2008/06/05 21:01:42, 5] auth/auth_util.c:make_user_info(79) > making strings for 's user_info struct >[2008/06/05 21:01:42, 5] auth/auth_util.c:make_user_info(121) > making blobs for 's user_info struct >[2008/06/05 21:01:42, 10] auth/auth_util.c:make_user_info(139) > made an encrypted user_info for () >[2008/06/05 21:01:42, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface >[2008/06/05 21:01:42, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: []\[]@[] >[2008/06/05 21:01:42, 10] auth/auth.c:check_ntlm_password(231) > check_ntlm_password: auth_context challenge created by fixed >[2008/06/05 21:01:42, 10] auth/auth.c:check_ntlm_password(233) > challenge is: >[2008/06/05 21:01:42, 5] lib/util.c:dump_data(2058) > [000] 00 00 00 00 00 00 00 00 ........ >[2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) > account_policy_get: name: password history, val: 0 >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username nobody, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain DUDO, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username , was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name nobody, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\dudow\nobody\.9xprofile, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive P:, was NULL >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script , was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\dudow\profiles\.msprofile, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) > account_policy_get: name: password history, val: 0 >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-501 >[2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3322384919-3754806424-3664837664-501 from rid 501 >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-514 >[2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-3322384919-3754806424-3664837664-514 from rid 514 >[2008/06/05 21:01:42, 3] auth/auth.c:check_ntlm_password(268) > check_ntlm_password: guest authentication for user [] succeeded >[2008/06/05 21:01:42, 5] auth/auth.c:check_ntlm_password(307) > check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded >[2008/06/05 21:01:42, 5] auth/auth_util.c:free_user_info(1485) > attempting to free (and zero) a user_info structure >[2008/06/05 21:01:42, 10] auth/auth_util.c:free_user_info(1488) > structure was created for >[2008/06/05 21:01:42, 5] auth/auth_util.c:free_user_info(1485) > attempting to free (and zero) a user_info structure >[2008/06/05 21:01:42, 10] smbd/password.c:register_vuid(182) > register_vuid: allocated vuid = 100 >[2008/06/05 21:01:42, 10] lib/util_pw.c:getpwnam_alloc(98) > Got nobody from pwnam_cache >[2008/06/05 21:01:42, 10] smbd/password.c:register_vuid(255) > register_vuid: (65534,65533) nobody nobody DUDO guest=1 >[2008/06/05 21:01:42, 3] smbd/password.c:register_vuid(257) > User name: nobody Real name: nobody >[2008/06/05 21:01:42, 3] smbd/password.c:register_vuid(276) > UNIX uid 65534 is UNIX user nobody, and will be vuid 100 >[2008/06/05 21:01:42, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=118 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=5071 > smb_uid=100 > smb_mid=2 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=77 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m > [010] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 32 .b.a. .3 ...0...2 > [020] 00 32 00 2D 00 31 00 31 00 2D 00 53 00 55 00 53 .2.-.1.1 .-.S.U.S > [030] 00 45 00 2D 00 43 00 4F 00 44 00 45 00 31 00 30 .E.-.C.O .D.E.1.0 > [040] 00 00 00 44 00 55 00 44 00 4F 00 00 00 ...D.U.D .O... >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 74 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x4a >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 2 of length 78 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=74 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=0 > smb_pid=5071 > smb_uid=100 > smb_mid=3 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=31 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 5C 00 44 00 55 00 44 00 4F 00 57 00 5C .\.\.D.U .D.O.W.\ > [010] 00 49 00 50 00 43 00 24 00 00 00 49 50 43 00 .I.P.C.$ ...IPC. >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtconX (pid 7910) conn 0x0 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:01:42, 4] smbd/reply.c:reply_tcon_and_X(660) > Client requested device type [IPC] for share [IPC$] >[2008/06/05 21:01:42, 5] smbd/service.c:make_connection(867) > making a connection to 'normal' service ipc$ >[2008/06/05 21:01:42, 5] lib/username.c:Get_Pwnam_alloc(290) > Finding user nobody >[2008/06/05 21:01:42, 5] lib/username.c:Get_Pwnam_internals(234) > Trying _Get_Pwnam(), username as lowercase is nobody >[2008/06/05 21:01:42, 10] lib/util_pw.c:getpwnam_alloc(98) > Got nobody from pwnam_cache >[2008/06/05 21:01:42, 5] lib/username.c:Get_Pwnam_internals(267) > Get_Pwnam_internals did find user [nobody]! >[2008/06/05 21:01:42, 3] smbd/service.c:make_connection_snum(495) > Connect path is '/var/tmp' for service [IPC$] >[2008/06/05 21:01:42, 4] lib/sharesec.c:get_share_security(130) > get_share_security: using default secdesc for IPC$ >[2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000002, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 >[2008/06/05 21:01:42, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (2) granted. >[2008/06/05 21:01:42, 3] smbd/vfs.c:vfs_init_default(216) > Initialising default vfs hooks >[2008/06/05 21:01:42, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2008/06/05 21:01:42, 10] smbd/uid.c:is_share_read_only_for_user(127) > is_share_read_only_for_user: share IPC$ is read-only for unix user nobody >[2008/06/05 21:01:42, 4] lib/sharesec.c:get_share_security(130) > get_share_security: using default secdesc for IPC$ >[2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_map_generic(176) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x00000001, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 >[2008/06/05 21:01:42, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (1) granted. >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-3322384919-3754806424-3664837664-501 > contains 7 SIDs > SID[ 0]: S-1-5-21-3322384919-3754806424-3664837664-501 > SID[ 1]: S-1-5-21-3322384919-3754806424-3664837664-514 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-32-546 > SID[ 5]: S-1-5-21-3322384919-3754806424-3664837664-132067 > SID[ 6]: S-1-5-21-3322384919-3754806424-3664837664-132069 > SE_PRIV 0x0 0x0 0x0 0x0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 65534 > Primary group is 65533 and contains 2 supplementary groups > Group[ 0]: 65533 > Group[ 1]: 65534 >[2008/06/05 21:01:42, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(65534,65534) gid=(0,65533) >[2008/06/05 21:01:42, 3] smbd/service.c:make_connection_snum(700) > 192.168.0.131 (192.168.0.131) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 7910) >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:01:42, 3] smbd/reply.c:reply_tcon_and_X(708) > tconX service=IPC$ >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=48 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=3 > smt_wct=3 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 1 (0x1) > smb_bcc=7 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 49 50 43 00 00 00 00 IPC.... >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 100 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x64 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 3 of length 104 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=4 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=17 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [010] 00 . >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBntcreateX (pid 7910) conn 0x803ab748 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(438) > NT user token of user S-1-5-21-3322384919-3754806424-3664837664-501 > contains 7 SIDs > SID[ 0]: S-1-5-21-3322384919-3754806424-3664837664-501 > SID[ 1]: S-1-5-21-3322384919-3754806424-3664837664-514 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-32-546 > SID[ 5]: S-1-5-21-3322384919-3754806424-3664837664-132067 > SID[ 6]: S-1-5-21-3322384919-3754806424-3664837664-132069 > SE_PRIV 0x0 0x0 0x0 0x0 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 65534 > Primary group is 65533 and contains 2 supplementary groups > Group[ 0]: 65533 > Group[ 1]: 65534 >[2008/06/05 21:01:42, 5] smbd/uid.c:change_to_user(309) > change_to_user uid=(65534,65534) gid=(0,65533) >[2008/06/05 21:01:42, 4] smbd/vfs.c:vfs_ChDir(738) > vfs_ChDir to /var/tmp >[2008/06/05 21:01:42, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) > reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >[2008/06/05 21:01:42, 4] smbd/nttrans.c:nt_open_pipe(330) > nt_open_pipe: Opening pipe \lsarpc. >[2008/06/05 21:01:42, 3] smbd/nttrans.c:nt_open_pipe(351) > nt_open_pipe: Known pipe lsarpc opening. >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested lsarpc (pipes_open=0) >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(363) > Created internal pipe lsarpc (pipes_open=0) >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe lsarpc with handle 76f0 (pipes_open=1) >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=76f0 >[2008/06/05 21:01:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=4 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=61440 (0xF000) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 154 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x9a >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 4 of length 158 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=5 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30448 (0x76F0) > smb_bcc=87 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A ........ .......j > [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9..... ...O.... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7910) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f0 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f0 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 76f0) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f0 name: lsarpc open: Yes len: 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0b >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0048 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000001 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 11 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1495) > api_pipe_bind_req: decode request. 1495 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1506) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0008 num_contexts: 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000c context_id : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 000e num_transfer_syntaxes: 01 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 data : 3919286a >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 data : b10c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 data : 11d0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0018 data : 9b a8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 001a data : 00 c0 4f d9 2e f5 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 version: 00000000 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 data : 8a885d04 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0028 data : 1ceb >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 002a data : 11c9 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002c data : 9f e8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002e data : 08 00 2b 10 48 60 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 version: 00000002 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1548) > api_pipe_bind_req: make response. 1548 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:check_bind_req(959) > check_bind_req for \PIPE\lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\lsarpc >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 000053f0 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 len: 000c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000a str: \PIPE\lsass. >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0018 num_results: 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001c result : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e reason : 0000 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 data : 8a885d04 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 data : 1ceb >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 data : 11c9 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0028 data : 9f e8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002a data : 08 00 2b 10 48 60 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 version: 00000002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000001 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 56 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f0 name: lsarpc len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=5 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 108 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x6c >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 5 of length 112 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=108 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=6 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 26 (0x1A) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 26 (0x1A) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30448 (0x76F0) > smb_bcc=41 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ > [020] 00 00 00 00 00 00 00 01 00 ........ . >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7910) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=26 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f0 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f0 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 76f0) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f0 name: lsarpc open: Yes len: 26 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 26 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 10 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 001a >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000002 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 10 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0000 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 71 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: lsarpc op 0x0 - unknown >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 23 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0020 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_hdr_fault fault >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0018 status : NT code 0x1c010002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c reserved: 00000000 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 10 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f0 name: lsarpc len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) > read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..32] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=6 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 41 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x29 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 6 of length 45 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=7 > smt_wct=3 > smb_vwv[ 0]=30448 (0x76F0) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBclose (pid 7910) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f0 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f0 (pipes_open=1) >[2008/06/05 21:01:42, 5] smbd/pipes.c:reply_pipe_close(272) > reply_pipe_close: pnum:76f0 >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1166) > closed pipe name lsarpc pnum=76f0 (pipes_open=0) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=7 > smt_wct=0 > smb_bcc=0 >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 100 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x64 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 7 of length 104 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=8 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=17 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [010] 00 . >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBntcreateX (pid 7910) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) > reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >[2008/06/05 21:01:42, 4] smbd/nttrans.c:nt_open_pipe(330) > nt_open_pipe: Opening pipe \lsarpc. >[2008/06/05 21:01:42, 3] smbd/nttrans.c:nt_open_pipe(351) > nt_open_pipe: Known pipe lsarpc opening. >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested lsarpc (pipes_open=0) >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(363) > Created internal pipe lsarpc (pipes_open=0) >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe lsarpc with handle 76f1 (pipes_open=1) >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name lsarpc pnum=76f1 >[2008/06/05 21:01:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=8 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=61696 (0xF100) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 154 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x9a >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 8 of length 158 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=9 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30449 (0x76F1) > smb_bcc=87 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7910) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f1 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f1 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 76f1) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f1 name: lsarpc open: Yes len: 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0b >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0048 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000003 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 11 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1495) > api_pipe_bind_req: decode request. 1495 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1506) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0008 num_contexts: 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000c context_id : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 000e num_transfer_syntaxes: 01 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 data : 12345778 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 data : 1234 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 data : abcd >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0018 data : ef 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 001a data : 01 23 45 67 89 ab >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 version: 00000000 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 data : 8a885d04 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0028 data : 1ceb >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 002a data : 11c9 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002c data : 9f e8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002e data : 08 00 2b 10 48 60 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 version: 00000002 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1548) > api_pipe_bind_req: make response. 1548 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:check_bind_req(959) > check_bind_req for \PIPE\lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\lsarpc >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 000053f0 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 len: 000c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000a str: \PIPE\lsass. >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0018 num_results: 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001c result : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e reason : 0000 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 data : 8a885d04 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 data : 1ceb >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 data : 11c9 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0028 data : 9f e8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002a data : 08 00 2b 10 48 60 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 version: 00000002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000003 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 56 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f1 name: lsarpc len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) > read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=9 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 174 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0xae >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 9 of length 178 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=174 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=10 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 92 (0x5C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 92 (0x5C) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30449 (0x76F1) > smb_bcc=107 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 5C 00 00 00 04 00 00 00 44 .......\ .......D > [020] 00 00 00 00 00 2C 00 01 00 00 00 08 00 00 00 00 .....,.. ........ > [030] 00 00 00 08 00 00 00 5C 00 5C 00 44 00 55 00 44 .......\ .\.D.U.D > [040] 00 4F 00 57 00 00 00 18 00 00 00 00 00 00 00 00 .O.W.... ........ > [050] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 0C ........ ........ > [060] 00 00 00 02 00 01 00 00 00 00 02 ........ ... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7910) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=92 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f1 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f1 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 76f1) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f1 name: lsarpc open: Yes len: 92 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 92 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 92 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 92, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 76 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 76 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 005c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000004 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 76 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 76, incoming data = 76 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000044 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 002c >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 71 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[0].fn == 0x800f5230 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_open_pol2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 ptr : 00000001 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 uni_max_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 offset : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c uni_str_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 0010 buffer : \.\.D.U.D.O.W... >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 lsa_io_obj_attr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 len : 00000018 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 ptr_root_dir: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 ptr_obj_name: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 002c attributes : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 ptr_sec_desc: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 ptr_sec_qos : 00000001 >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000038 lsa_io_obj_qos sec_qos >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0038 len : 0000000c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 003c sec_imp_level : 0002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003e sec_ctxt_mode : 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 003f effective_only: 00 >[2008/06/05 21:01:42, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) > lsa_io_sec_qos: length c does not match size 8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0040 des_access: 02000000 >[2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 >[2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH > [010] E6 1E 00 00 .... >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_open_pol2 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000001 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000c data5: 16 38 48 48 e6 1e 00 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0014 status: NT_STATUS_OK >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called lsarpc successfully >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 824 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 76 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f1 name: lsarpc len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000004 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=10 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [020] 00 00 00 00 00 16 38 48 48 E6 1E 00 00 00 00 00 ......8H H....... > [030] 00 . >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 128 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x80 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 10 of length 132 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=11 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30449 (0x76F1) > smb_bcc=61 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 00 00 ........ ........ > [030] 00 00 00 16 38 48 48 E6 1E 00 00 0C 00 ....8HH. ..... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7910) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f1 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f1 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 76f1) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f1 name: lsarpc open: Yes len: 46 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 46 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 30 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 002e >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000005 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 30 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000016 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 002e >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: lsarpc op 0x2e - unknown >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 23 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0020 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000005 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_rpc_hdr_fault fault >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0018 status : NT code 0x1c010002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c reserved: 00000000 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 30 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f1 name: lsarpc len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) > read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..32] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=11 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... > [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [020] 00 . >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 150 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x96 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 11 of length 154 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=150 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=12 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 68 (0x44) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30449 (0x76F1) > smb_bcc=83 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 44 00 00 00 06 00 00 00 2C .......D ......., > [020] 00 00 00 00 00 06 00 01 00 00 00 5C 00 00 00 18 ........ ...\.... > [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [040] 00 00 00 01 00 00 00 0C 00 00 00 02 00 01 00 00 ........ ........ > [050] 00 00 02 ... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7910) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=68 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f1 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f1 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 76f1) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f1 name: lsarpc open: Yes len: 68 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 68 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 52 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000006 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 52 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 52, incoming data = 52 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 0000002c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0006 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[1].fn == 0x800f53f0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_open_pol >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 ptr : 00000001 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 system_name: 005c >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 lsa_io_obj_attr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 len : 00000018 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c ptr_root_dir: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 ptr_obj_name: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 attributes : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 ptr_sec_desc: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c ptr_sec_qos : 00000001 >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 lsa_io_obj_qos sec_qos >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 len : 0000000c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 sec_imp_level : 0002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0026 sec_ctxt_mode : 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0027 effective_only: 00 >[2008/06/05 21:01:42, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) > lsa_io_sec_qos: length c does not match size 8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 des_access: 02000000 >[2008/06/05 21:01:42, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x02000000, for NT token with 7 entries and first sid S-1-5-21-3322384919-3754806424-3664837664-501. >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(250) >[2008/06/05 21:01:42, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-5-21-3322384919-3754806424-3664837664-501 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-514 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-32-546 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132067 > se_access_check: also S-1-5-21-3322384919-3754806424-3664837664-132069 >[2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH > [010] E6 1E 00 00 .... >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_open_pol >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000c data5: 16 38 48 48 e6 1e 00 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0014 status: NT_STATUS_OK >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called lsarpc successfully >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 808 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 52 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f1 name: lsarpc len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0030 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000006 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000018 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..48] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=12 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... > [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [020] 00 00 00 00 00 16 38 48 48 E6 1E 00 00 00 00 00 ......8H H....... > [030] 00 . >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 128 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x80 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 12 of length 132 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=13 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30449 (0x76F1) > smb_bcc=61 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 2E 00 00 00 07 00 00 00 16 ........ ........ > [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ > [030] 00 00 00 16 38 48 48 E6 1E 00 00 05 00 ....8HH. ..... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7910) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=46 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f1 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f1 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "lsarpc" (pnum 76f1) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a6ea0 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f1 name: lsarpc open: Yes len: 46 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 46 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 30 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 002e >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000007 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 30 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000016 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0007 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[2].fn == 0x800f56b0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_q_query >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_pol_hnd >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 data1: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 data2: 00000002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 data3: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a data4: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000c data5: 16 38 48 48 e6 1e 00 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 info_class: 0005 >[2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH > [010] E6 1E 00 00 .... >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 lsa_io_r_query >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 22000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 info_class: 0005 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 lsa_io_dom_query >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 uni_dom_max_len: 0008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a uni_dom_str_len: 000a >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c buffer_dom_name: 00000001 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 buffer_dom_sid : 00000001 >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000014 smb_io_unistr2 unistr2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0014 uni_max_len: 00000005 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0018 offset : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 001c uni_str_len: 00000004 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 0020 buffer : D.U.D.O. >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_dom_sid2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 num_auths: 00000004 >[2008/06/05 21:01:42, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00002c smb_io_dom_sid sid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002c sid_rev_num: 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002d num_auths : 04 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002e id_auth[0] : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 002f id_auth[1] : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0030 id_auth[2] : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0031 id_auth[3] : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0032 id_auth[4] : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0033 id_auth[5] : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32s(959) > 0034 sub_auths : 00000015 c6079217 dfcdcc98 da70fc20 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0044 status: NT_STATUS_OK >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called lsarpc successfully >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 10 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 30 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f1 name: lsarpc len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 72. >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0060 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000007 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000048 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..96] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=13 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 96 (0x60) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 96 (0x60) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=97 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 60 00 00 00 07 00 00 ........ .`...... > [010] 00 48 00 00 00 00 00 00 00 00 00 00 22 05 00 00 .H...... ...."... > [020] 00 08 00 0A 00 01 00 00 00 01 00 00 00 05 00 00 ........ ........ > [030] 00 00 00 00 00 04 00 00 00 44 00 55 00 44 00 4F ........ .D.U.D.O > [040] 00 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 ........ ........ > [050] 00 17 92 07 C6 98 CC CD DF 20 FC 70 DA 00 00 00 ........ . .p.... > [060] 00 . >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 41 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x29 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 13 of length 45 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=14 > smt_wct=3 > smb_vwv[ 0]=30449 (0x76F1) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBclose (pid 7910) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f1 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name lsarpc pnum=76f1 (pipes_open=1) >[2008/06/05 21:01:42, 5] smbd/pipes.c:reply_pipe_close(272) > reply_pipe_close: pnum:76f1 >[2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH > [010] E6 1E 00 00 .... >[2008/06/05 21:01:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2008/06/05 21:01:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 16 38 48 48 ........ .....8HH > [010] E6 1E 00 00 .... >[2008/06/05 21:01:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe lsarpc >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1166) > closed pipe name lsarpc pnum=76f1 (pipes_open=0) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5071 > smb_uid=100 > smb_mid=14 > smt_wct=0 > smb_bcc=0 >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 104 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x68 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 14 of length 108 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=15 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=21 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O > [010] 00 4E 00 00 00 .N... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBntcreateX (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) > reply_ntcreateX: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 >[2008/06/05 21:01:42, 4] smbd/nttrans.c:nt_open_pipe(330) > nt_open_pipe: Opening pipe \NETLOGON. >[2008/06/05 21:01:42, 3] smbd/nttrans.c:nt_open_pipe(351) > nt_open_pipe: Known pipe NETLOGON opening. >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(180) > Open pipe requested NETLOGON (pipes_open=0) >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(285) > Create pipe requested NETLOGON >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) > init_pipe_handles: created handle list for pipe NETLOGON >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) > init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(363) > Created internal pipe NETLOGON (pipes_open=0) >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(263) > Opened pipe NETLOGON with handle 76f4 (pipes_open=1) >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(269) > open pipes: name NETLOGON pnum=76f4 >[2008/06/05 21:01:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(400) > do_ntcreate_pipe_open: open pipe = \NETLOGON >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=15 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=62464 (0xF400) > smb_vwv[ 3]= 374 (0x176) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 154 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x9a >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 15 of length 158 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=154 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=16 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30452 (0x76F4) > smb_bcc=87 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 0B 03 10 00 00 00 48 00 00 00 08 00 00 00 B8 .......H ........ > [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x > [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... > [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ > [050] 10 48 60 02 00 00 00 .H`.... >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=72 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f4 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name NETLOGON pnum=76f4 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 76f4) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f4 name: NETLOGON open: Yes len: 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0b >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0048 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000008 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 11, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 11 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1495) > api_pipe_bind_req: decode request. 1495 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1506) > api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_rb >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0008 num_contexts: 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000c context_id : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 000e num_transfer_syntaxes: 01 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00000f smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 data : 12345678 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 data : 1234 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0016 data : abcd >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0018 data : ef 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 001a data : 01 23 45 67 cf fb >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 version: 00000001 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 data : 8a885d04 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0028 data : 1ceb >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 002a data : 11c9 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002c data : 9f e8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002e data : 08 00 2b 10 48 60 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0034 version: 00000002 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1548) > api_pipe_bind_req: make response. 1548 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe.c:check_bind_req(959) > check_bind_req for \PIPE\NETLOGON >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\lsarpc >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\samr >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe.c:check_bind_req(964) > checking \PIPE\NETLOGON >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_ba >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_bba >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0000 max_tsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0002 max_rsize: 10b8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 assoc_gid: 000053f0 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_rpc_addr_str >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 len: 000c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 000a str: \PIPE\lsass. >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000016 smb_io_rpc_results >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0018 num_results: 01 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001c result : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 001e reason : 0000 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_rpc_iface >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_uuid uuid >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 data : 8a885d04 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0024 data : 1ceb >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0026 data : 11c9 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0028 data : 9f e8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 002a data : 08 00 2b 10 48 60 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0030 version: 00000002 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 0c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0044 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000008 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 56 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f4 name: NETLOGON len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1051) > read_from_pipe: NETLOGON: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..68] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=16 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 08 00 00 ........ .D...... > [010] 00 B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 ......S. ...\PIPE > [020] 5C 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 \lsass.. ........ > [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H > [040] 60 02 00 00 00 `.... >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 180 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0xb4 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 16 of length 184 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=17 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 98 (0x62) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 98 (0x62) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30452 (0x76F4) > smb_bcc=113 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 62 00 00 00 09 00 00 00 4A .......b .......J > [020] 00 00 00 00 00 04 00 01 00 00 00 08 00 00 00 00 ........ ........ > [030] 00 00 00 08 00 00 00 5C 00 5C 00 44 00 55 00 44 .......\ .\.D.U.D > [040] 00 4F 00 57 00 00 00 0B 00 00 00 00 00 00 00 0B .O.W.... ........ > [050] 00 00 00 53 00 4D 00 42 00 4F 00 4E 00 45 00 2D ...S.M.B .O.N.E.- > [060] 00 53 00 52 00 56 00 00 00 9C 45 AF F4 92 60 3B .S.R.V.. ..E...`; > [070] 9E . >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=98 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f4 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name NETLOGON pnum=76f4 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 76f4) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f4 name: NETLOGON open: Yes len: 98 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 98 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 98 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 98, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 82 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 82 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0062 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000009 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 82 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 82, incoming data = 82 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 0000004a >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0004 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 73 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\NETLOGON >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[0].fn == 0x80109a60 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_req_chal >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 00000001 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 uni_max_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 offset : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c uni_str_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 0010 buffer : \.\.D.U.D.O.W... >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_unistr2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 uni_max_len: 0000000b >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 offset : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 uni_str_len: 0000000b >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 002c buffer : S.M.B.O.N.E.-.S.R.V... >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000042 smb_io_chal >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0042 data: 9c 45 af f4 92 60 3b 9e >[2008/06/05 21:01:42, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) > init_net_r_req_chal: 41 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_req_chal >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0000 data: 62 08 3e bc 89 37 98 c8 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0008 status: NT_STATUS_OK >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called NETLOGON successfully >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 38 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 82 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f4 name: NETLOGON len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0024 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 00000009 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 0000000c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..36] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=17 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 09 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 62 08 3E BC 89 37 98 ........ .b.>..7. > [020] C8 00 00 00 00 ..... >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 218 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0xda >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 17 of length 222 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=218 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=18 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 136 (0x88) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 136 (0x88) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30452 (0x76F4) > smb_bcc=151 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 88 00 00 00 0A 00 00 00 70 ........ .......p > [020] 00 00 00 00 00 0F 00 01 00 00 00 08 00 00 00 00 ........ ........ > [030] 00 00 00 08 00 00 00 5C 00 5C 00 44 00 55 00 44 .......\ .\.D.U.D > [040] 00 4F 00 57 00 00 00 08 00 00 00 00 00 00 00 08 .O.W.... ........ > [050] 00 00 00 53 00 4D 00 42 00 4F 00 4E 00 45 00 24 ...S.M.B .O.N.E.$ > [060] 00 00 00 04 00 00 00 0B 00 00 00 00 00 00 00 0B ........ ........ > [070] 00 00 00 53 00 4D 00 42 00 4F 00 4E 00 45 00 2D ...S.M.B .O.N.E.- > [080] 00 53 00 52 00 56 00 00 00 BF 5F 28 FD 5A 92 59 .S.R.V.. .._(.Z.Y > [090] F6 00 00 FF FF 0F 60 ......` >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=136 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f4 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name NETLOGON pnum=76f4 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 76f4) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f4 name: NETLOGON open: Yes len: 136 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 136 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 136 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 136, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 120 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 120 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0088 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000a >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 120 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 120, incoming data = 120 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000070 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 000f >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\NETLOGON >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NET_AUTH2 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[2].fn == 0x80109dd0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_auth_2 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_log_info >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 00000001 >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 uni_max_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 offset : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c uni_str_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 0010 buffer : \.\.D.U.D.O.W... >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_unistr2 unistr2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 uni_max_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 offset : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 uni_str_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 002c buffer : S.M.B.O.N.E.$... >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 003c sec_chan: 0004 >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00003e smb_io_unistr2 unistr2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0040 uni_max_len: 0000000b >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0044 offset : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0048 uni_str_len: 0000000b >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 004c buffer : S.M.B.O.N.E.-.S.R.V... >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000062 smb_io_chal >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0062 data: bf 5f 28 fd 5a 92 59 f6 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00006a net_io_neg_flags >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 006c neg_flags: 600fffff >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:42, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:42, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1322) > getsampwnam (smbpasswd): search by name: SMBONE$ >[2008/06/05 21:01:42, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /etc/samba/smbpasswd >[2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:42, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(488) > getsmbfilepwent: returning passwd entry for user root, uid 0 >[2008/06/05 21:01:42, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(488) > getsmbfilepwent: returning passwd entry for user SMBONE$, uid 1000 >[2008/06/05 21:01:42, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2008/06/05 21:01:42, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1344) > getsampwnam (smbpasswd): found by name: SMBONE$ >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username SMBONE$, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Machine, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_unix_homedir(833) > pdb_set_unix_homedir: setting home dir /home/SMBONE$, was NULL >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain DUDO, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 >[2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 from rid 3000 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2008/06/05 21:01:42, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 >[2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 from rid 1201 >[2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) > account_policy_get: name: password history, val: 0 >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username SMBONE$, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain DUDO, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username , was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Machine, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\dudow\smbone_\.9xprofile, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive P:, was NULL >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script , was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\dudow\profiles\.msprofile, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) > account_policy_get: name: password history, val: 0 >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 >[2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 from rid 3000 >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 >[2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 from rid 1201 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] lib/util.c:dump_data(2058) > [000] E1 5C F4 69 B7 92 22 22 D0 CB 2D E0 D7 38 79 FE .\.i.."" ..-..8y. >[2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(116) > creds_server_init: client chal : 9C45AFF492603B9E >[2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(117) > creds_server_init: server chal : 62083EBC893798C8 >[2008/06/05 21:01:42, 4] libsmb/credentials.c:cred_create_session_key(65) > cred_create_session_key >[2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(67) > clnt_chal_in: 9C45AFF492603B9E >[2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(68) > srv_chal_in : 62083EBC893798C8 >[2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(69) > clnt+srv : FE4DEDB01B98D366 >[2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(70) > sess_key_out : 9BF923E2DBDF13E2 >[2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(143) > creds_server_init: clnt : 7574A743F705DE3A >[2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(144) > creds_server_init: server : E5DC7C408E2E8C9C >[2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(145) > creds_server_init: seed : 7574A743F705DE3A >[2008/06/05 21:01:42, 5] libsmb/credentials.c:creds_server_check(157) > creds_server_check: challenge : BF5F28FD5A9259F6 >[2008/06/05 21:01:42, 5] libsmb/credentials.c:creds_server_check(158) > calculated: 7574A743F705DE3A >[2008/06/05 21:01:42, 2] libsmb/credentials.c:creds_server_check(159) > creds_server_check: credentials check failed. >[2008/06/05 21:01:42, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_auth_2 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0000 data: 00 00 00 00 00 00 00 00 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 net_io_neg_flags >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 neg_flags: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 000c status: NT_STATUS_ACCESS_DENIED >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called NETLOGON successfully >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 54 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 120 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f4 name: NETLOGON len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0028 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000a >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000010 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..40] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=18 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 0A 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 22 00 00 C0 .....".. . >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 180 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0xb4 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 18 of length 184 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=180 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=19 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 98 (0x62) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 98 (0x62) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30452 (0x76F4) > smb_bcc=113 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 62 00 00 00 0B 00 00 00 4A .......b .......J > [020] 00 00 00 00 00 04 00 01 00 00 00 08 00 00 00 00 ........ ........ > [030] 00 00 00 08 00 00 00 5C 00 5C 00 44 00 55 00 44 .......\ .\.D.U.D > [040] 00 4F 00 57 00 00 00 0B 00 00 00 00 00 00 00 0B .O.W.... ........ > [050] 00 00 00 53 00 4D 00 42 00 4F 00 4E 00 45 00 2D ...S.M.B .O.N.E.- > [060] 00 53 00 52 00 56 00 00 00 AA 49 B8 EF DA 6E C5 .S.R.V.. ..I...n. > [070] 78 x >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=98 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f4 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name NETLOGON pnum=76f4 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 76f4) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f4 name: NETLOGON open: Yes len: 98 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 98 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 98 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 98, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 82 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 82 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0062 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000b >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 82 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 82, incoming data = 82 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 0000004a >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 0004 >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\NETLOGON >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NET_REQCHAL >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[0].fn == 0x80109a60 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_req_chal >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 00000001 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 uni_max_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 offset : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c uni_str_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 0010 buffer : \.\.D.U.D.O.W... >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_unistr2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 uni_max_len: 0000000b >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 offset : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 uni_str_len: 0000000b >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 002c buffer : S.M.B.O.N.E.-.S.R.V... >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000042 smb_io_chal >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0042 data: aa 49 b8 ef da 6e c5 78 >[2008/06/05 21:01:42, 10] rpc_server/srv_netlog_nt.c:_net_req_chal(276) > _net_req_chal: new challenge requested. Clearing old state. >[2008/06/05 21:01:42, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) > init_net_r_req_chal: 41 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_req_chal >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0000 data: d0 b1 ab ea e9 44 04 62 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 0008 status: NT_STATUS_OK >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called NETLOGON successfully >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 38 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 82 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f4 name: NETLOGON len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0024 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000b >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 0000000c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..36] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=19 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 0B 00 00 ........ .$...... > [010] 00 0C 00 00 00 00 00 00 00 D0 B1 AB EA E9 44 04 ........ ......D. > [020] 62 00 00 00 00 b.... >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 218 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0xda >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 19 of length 222 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=218 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=20 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 136 (0x88) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 82 (0x52) > smb_vwv[11]= 136 (0x88) > smb_vwv[12]= 82 (0x52) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=30452 (0x76F4) > smb_bcc=151 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... > [010] 00 00 03 10 00 00 00 88 00 00 00 0C 00 00 00 70 ........ .......p > [020] 00 00 00 00 00 0F 00 01 00 00 00 08 00 00 00 00 ........ ........ > [030] 00 00 00 08 00 00 00 5C 00 5C 00 44 00 55 00 44 .......\ .\.D.U.D > [040] 00 4F 00 57 00 00 00 08 00 00 00 00 00 00 00 08 .O.W.... ........ > [050] 00 00 00 53 00 4D 00 42 00 4F 00 4E 00 45 00 24 ...S.M.B .O.N.E.$ > [060] 00 00 00 04 00 00 00 0B 00 00 00 00 00 00 00 0B ........ ........ > [070] 00 00 00 53 00 4D 00 42 00 4F 00 4E 00 45 00 2D ...S.M.B .O.N.E.- > [080] 00 53 00 52 00 56 00 00 00 FD 3F F3 40 94 5E 86 .S.R.V.. ..?.@.^. > [090] 57 00 00 FF FF 0F 60 W.....` >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBtrans (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 3] smbd/ipc.c:reply_trans(539) > trans <\PIPE\> data=136 params=0 setup=2 >[2008/06/05 21:01:42, 5] smbd/ipc.c:reply_trans(560) > calling named_pipe >[2008/06/05 21:01:42, 3] smbd/ipc.c:named_pipe(334) > named pipe command on <> name >[2008/06/05 21:01:42, 5] smbd/ipc.c:api_fd_reply(265) > api_fd_reply >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f4 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name NETLOGON pnum=76f4 (pipes_open=1) >[2008/06/05 21:01:42, 3] smbd/ipc.c:api_fd_reply(294) > Got API command 0x26 on pipe "NETLOGON" (pnum 76f4) >[2008/06/05 21:01:42, 10] smbd/ipc.c:api_fd_reply(299) > api_fd_reply: p:0x803a7bb8 max_trans_reply: 4280 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(934) > write_to_pipe: 76f4 name: NETLOGON open: Yes len: 136 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 136 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 136 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(392) > fill_rpc_header: data_to_copy = 136, len_needed_to_complete_hdr = 16, receive_len = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 16 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 120 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 120 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0088 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000c >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(479) > unmarshall_rpc_header: using little-endian RPC >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(508) > unmarshall_rpc_header: type = 0, flags = 3 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 0 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(956) > write_to_pipe: data_left = 120 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(849) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 120, incoming data = 120 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(716) > process_complete_pdu: processing packet type 0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr_req req >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 alloc_hint: 00000070 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0004 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0006 opnum : 000f >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 0 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2195) > Requested \PIPE\NETLOGON >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2230) > api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NET_AUTH2 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2256) > api_rpc_cmds[2].fn == 0x80109dd0 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_q_auth_2 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_log_info >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0000 undoc_buffer: 00000001 >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000004 smb_io_unistr2 unistr2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0004 uni_max_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 offset : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c uni_str_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 0010 buffer : \.\.D.U.D.O.W... >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_unistr2 unistr2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0020 uni_max_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0024 offset : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0028 uni_str_len: 00000008 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 002c buffer : S.M.B.O.N.E.$... >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 003c sec_chan: 0004 >[2008/06/05 21:01:42, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00003e smb_io_unistr2 unistr2 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0040 uni_max_len: 0000000b >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0044 offset : 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0048 uni_str_len: 0000000b >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:dbg_rw_punival(904) > 004c buffer : S.M.B.O.N.E.-.S.R.V... >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000062 smb_io_chal >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0062 data: fd 3f f3 40 94 5e 86 57 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00006a net_io_neg_flags >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 006c neg_flags: 600fffff >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:42, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:42, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1322) > getsampwnam (smbpasswd): search by name: SMBONE$ >[2008/06/05 21:01:42, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /etc/samba/smbpasswd >[2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:42, 6] passdb/pdb_smbpasswd.c:getsmbfilepwent(386) > getsmbfilepwent: skipping comment or blank line >[2008/06/05 21:01:42, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(488) > getsmbfilepwent: returning passwd entry for user root, uid 0 >[2008/06/05 21:01:42, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(488) > getsmbfilepwent: returning passwd entry for user SMBONE$, uid 1000 >[2008/06/05 21:01:42, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2008/06/05 21:01:42, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1344) > getsampwnam (smbpasswd): found by name: SMBONE$ >[2008/06/05 21:01:42, 10] lib/util_pw.c:getpwnam_alloc(98) > Got SMBONE$ from pwnam_cache >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username SMBONE$, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Machine, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_unix_homedir(833) > pdb_set_unix_homedir: setting home dir /home/SMBONE$, was NULL >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain DUDO, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 >[2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 from rid 3000 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2008/06/05 21:01:42, 3] smbd/uid.c:push_conn_ctx(393) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:01:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 >[2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 from rid 1201 >[2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) > account_policy_get: name: password history, val: 0 >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_username(617) > pdb_set_username: setting username SMBONE$, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_domain(644) > pdb_set_domain: setting domain DUDO, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_nt_username(671) > pdb_set_nt_username: setting nt username , was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(698) > pdb_set_full_name: setting full name Machine, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_homedir(806) > pdb_set_homedir: setting home dir \\dudow\smbone_\.9xprofile, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(779) > pdb_set_dir_drive: setting dir drive P:, was NULL >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_logon_script(725) > pdb_set_logon_script: setting logon script , was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_profile_path(752) > pdb_set_profile_path: setting profile path \\dudow\profiles\.msprofile, was >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_workstations(885) > pdb_set_workstations: setting workstations , was >[2008/06/05 21:01:42, 10] lib/account_pol.c:account_policy_get(332) > account_policy_get: name: password history, val: 0 >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) > pdb_set_user_sid: setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 >[2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3322384919-3754806424-3664837664-3000 from rid 3000 >[2008/06/05 21:01:42, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) > pdb_set_group_sid: setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 >[2008/06/05 21:01:42, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) > pdb_set_group_sid_from_rid: > setting group sid S-1-5-21-3322384919-3754806424-3664837664-1201 from rid 1201 >[2008/06/05 21:01:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:01:42, 5] lib/util.c:dump_data(2058) > [000] E1 5C F4 69 B7 92 22 22 D0 CB 2D E0 D7 38 79 FE .\.i.."" ..-..8y. >[2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(116) > creds_server_init: client chal : AA49B8EFDA6EC578 >[2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(117) > creds_server_init: server chal : D0B1ABEAE9440462 >[2008/06/05 21:01:42, 4] libsmb/credentials.c:cred_create_session_key(65) > cred_create_session_key >[2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(67) > clnt_chal_in: AA49B8EFDA6EC578 >[2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(68) > srv_chal_in : D0B1ABEAE9440462 >[2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(69) > clnt+srv : 7AFB63DAC3B3C9DA >[2008/06/05 21:01:42, 5] libsmb/credentials.c:cred_create_session_key(70) > sess_key_out : 56DD31A590DCCA8C >[2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(143) > creds_server_init: clnt : CBC666CF37C380B2 >[2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(144) > creds_server_init: server : C2D3A96489BDA691 >[2008/06/05 21:01:42, 10] libsmb/credentials.c:creds_server_init(145) > creds_server_init: seed : CBC666CF37C380B2 >[2008/06/05 21:01:42, 5] libsmb/credentials.c:creds_server_check(157) > creds_server_check: challenge : FD3FF340945E8657 >[2008/06/05 21:01:42, 5] libsmb/credentials.c:creds_server_check(158) > calculated: CBC666CF37C380B2 >[2008/06/05 21:01:42, 2] libsmb/credentials.c:creds_server_check(159) > creds_server_check: credentials check failed. >[2008/06/05 21:01:42, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424) > _net_auth2: creds_server_check failed. Rejecting auth request from client SMBONE-SRV machine account SMBONE$ >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 net_io_r_auth_2 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_chal >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8s(819) > 0000 data: 00 00 00 00 00 00 00 00 >[2008/06/05 21:01:42, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 net_io_neg_flags >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0008 neg_flags: 00000000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_ntstatus(762) > 000c status: NT_STATUS_ACCESS_DENIED >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2277) > api_rpcTNP: called NETLOGON successfully >[2008/06/05 21:01:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(526) > free_pipe_context: destroying talloc pool of size 54 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(960) > write_to_pipe: data_used = 120 >[2008/06/05 21:01:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(992) > read_from_pipe: 76f4 name: NETLOGON len: 4280 >[2008/06/05 21:01:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1065) > read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 smb_io_rpc_hdr hdr >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0000 major : 05 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0001 minor : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0002 pkt_type : 02 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0003 flags : 03 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0004 pack_type0: 10 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0005 pack_type1: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0006 pack_type2: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0007 pack_type3: 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0008 frag_len : 0028 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 000a auth_len : 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 000c call_id : 0000000c >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_rpc_hdr_resp resp >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint32(703) > 0010 alloc_hint: 00000010 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint16(674) > 0014 context_id: 0000 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0016 cancel_ct : 00 >[2008/06/05 21:01:42, 5] rpc_parse/parse_prs.c:prs_uint8(614) > 0017 reserved : 00 >[2008/06/05 21:01:42, 5] smbd/ipc.c:copy_trans_params_and_data(60) > copy_trans_params_and_data: params[0..0] data[0..40] >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=20 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2008/06/05 21:01:42, 10] lib/util.c:dump_data(2058) > [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 0C 00 00 ........ .(...... > [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [020] 00 00 00 00 00 22 00 00 C0 .....".. . >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:01:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(618) > got smb length of 41 >[2008/06/05 21:01:42, 6] smbd/process.c:process_smb(1086) > got message type 0x0 of len 0x29 >[2008/06/05 21:01:42, 3] smbd/process.c:process_smb(1087) > Transaction 20 of length 45 >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=8 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=21 > smt_wct=3 > smb_vwv[ 0]=30452 (0x76F4) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2008/06/05 21:01:42, 3] smbd/process.c:switch_message(886) > switch message SMBclose (pid 7908) conn 0x803ab748 >[2008/06/05 21:01:42, 4] smbd/uid.c:change_to_user(222) > change_to_user: Skipping user change - already user >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1261) > search for pipe pnum=76f4 >[2008/06/05 21:01:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1265) > pipe name NETLOGON pnum=76f4 (pipes_open=1) >[2008/06/05 21:01:42, 5] smbd/pipes.c:reply_pipe_close(272) > reply_pipe_close: pnum:76f4 >[2008/06/05 21:01:42, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(235) > close_policy_by_pipe: deleted handle list for pipe NETLOGON >[2008/06/05 21:01:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1166) > closed pipe name NETLOGON pnum=76f4 (pipes_open=0) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(454) >[2008/06/05 21:01:42, 5] lib/util.c:show_msg(464) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=5094 > smb_uid=100 > smb_mid=21 > smt_wct=0 > smb_bcc=0 >[2008/06/05 21:01:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:01:42, 10] lib/events.c:run_events(87) > run_events: No events >[2008/06/05 21:02:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:02:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:02:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:02:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:02:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:02:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:02:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:02:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:02:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:02:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:03:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:03:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:03:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:03:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:03:42, 3] smbd/process.c:check_reload(1321) > Printcap cache time expired. >[2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(117) > reloading printcap cache >[2008/06/05 21:03:42, 5] printing/print_cups.c:cups_cache_reload(71) > reloading cups printcap cache >[2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) > cups server left to default localhost >[2008/06/05 21:03:42, 0] printing/print_cups.c:cups_cache_reload(85) >[2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) > cups server left to default localhost > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(223) > reload status: error >[2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(117) > reloading printcap cache >[2008/06/05 21:03:42, 5] printing/print_cups.c:cups_cache_reload(71) > reloading cups printcap cache >[2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) > cups server left to default localhost >[2008/06/05 21:03:42, 0] printing/print_cups.c:cups_cache_reload(85) >[2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) > cups server left to default localhost > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(223) > reload status: error >[2008/06/05 21:03:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:03:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:03:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:03:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:03:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:03:42, 3] smbd/process.c:check_reload(1321) > Printcap cache time expired. >[2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(117) > reloading printcap cache >[2008/06/05 21:03:42, 5] printing/print_cups.c:cups_cache_reload(71) > reloading cups printcap cache >[2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) > cups server left to default localhost >[2008/06/05 21:03:42, 0] printing/print_cups.c:cups_cache_reload(85) >[2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) > cups server left to default localhost > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(223) > reload status: error >[2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(117) > reloading printcap cache >[2008/06/05 21:03:42, 5] printing/print_cups.c:cups_cache_reload(71) > reloading cups printcap cache >[2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) > cups server left to default localhost >[2008/06/05 21:03:42, 0] printing/print_cups.c:cups_cache_reload(85) >[2008/06/05 21:03:42, 10] printing/print_cups.c:cups_server(51) > cups server left to default localhost > Unable to connect to CUPS server localhost - Connection refused >[2008/06/05 21:03:42, 3] printing/pcap.c:pcap_cache_reload(223) > reload status: error >[2008/06/05 21:03:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:04:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:04:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:04:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:04:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:04:42, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:04:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1 >[2008/06/05 21:04:42, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2008/06/05 21:04:42, 5] auth/auth_util.c:debug_nt_user_token(433) > NT user token: (NULL) >[2008/06/05 21:04:42, 5] auth/auth_util.c:debug_unix_user_token(454) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2008/06/05 21:04:42, 5] smbd/uid.c:change_to_root_user(324) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2008/06/05 21:04:42, 6] param/loadparm.c:lp_file_list_changed(2992) > lp_file_list_changed() > file /etc/samba/dhcp.conf -> /etc/samba/dhcp.conf last mod_time: Thu Jun 5 20:52:45 2008 > > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Jun 5 21:01:18 2008 > >[2008/06/05 21:04:42, 10] smbd/process.c:setup_select_timeout(1265) > change_notify_timeout: -1
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3336">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 5519
: 3336