[2008/06/14 08:38:40, 3] param/loadparm.c:lp_load_ex(8669) lp_load_ex: refreshing parameters Initialising global parameters [2008/06/14 08:38:40, 3] param/params.c:pm_process(569) params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.conf" [2008/06/14 08:38:40, 3] param/loadparm.c:do_section(7334) Processing section "[global]" doing parameter log file = /var/log/samba/samba-all.log doing parameter log level = 10 [2008/06/14 08:38:40, 5] lib/debug.c:debug_dump_status(395) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 doing parameter syslog = 0 doing parameter enable privileges = yes doing parameter workgroup = SKUPINA doing parameter netbios name = tygr [2008/06/14 08:38:40, 4] param/loadparm.c:handle_netbios_name(6682) handle_netbios_name: set global_myname to: TYGR doing parameter server string = Tygr Samba Server doing parameter encrypt passwords = yes doing parameter null passwords = no doing parameter passdb backend = ldapsam:ldaps://ldap.zelva.cz/ doing parameter ldap suffix = dc=zelva,dc=cz doing parameter ldap group suffix = ou=Group doing parameter ldap user suffix = ou=People doing parameter ldap machine suffix = ou=Computers doing parameter ldap admin dn = cn=Manager,dc=zelva,dc=cz doing parameter ldap idmap suffix = ou= doing parameter ldap passwd sync = no doing parameter ldap delete dn = no doing parameter security = user doing parameter map to guest = Bad User doing parameter socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 doing parameter display charset = UTF-8 doing parameter unix charset = UTF-8 doing parameter dos charset = 852 doing parameter interfaces = 127.0.0.1, 172.16.0.0/12 #,eth0.3 doing parameter bind interfaces only = yes doing parameter os level = 64 doing parameter domain master = yes doing parameter preferred master = yes doing parameter wins support = yes doing parameter domain logons = yes doing parameter pam password change = yes doing parameter local master = yes doing parameter admin users = @admins doing parameter create mask = 0644 doing parameter force create mode = 0644 doing parameter directory mask = 0755 doing parameter force directory mode = 0755 doing parameter load printers = yes doing parameter printing = cups doing parameter printcap name = cups doing parameter hide special files = Yes doing parameter logon script = logon.vbs doing parameter logon path = \\%L\profiles\%U doing parameter logon drive = U: [2008/06/14 08:38:40, 2] param/loadparm.c:do_section(7351) Processing section "[appl]" [2008/06/14 08:38:40, 8] param/loadparm.c:add_a_service(5750) add_a_service: Creating snum = 0 for appl [2008/06/14 08:38:40, 10] param/loadparm.c:hash_a_service(5788) hash_a_service: creating servicehash [2008/06/14 08:38:40, 10] param/loadparm.c:hash_a_service(5797) hash_a_service: hashing index 0 for service name appl doing parameter path = /export/appl doing parameter comment = "Applications" doing parameter valid users = durdin doing parameter guest ok = no doing parameter browseable = yes doing parameter read only = yes [2008/06/14 08:38:40, 2] param/loadparm.c:do_section(7351) Processing section "[pub]" [2008/06/14 08:38:40, 8] param/loadparm.c:add_a_service(5750) add_a_service: Creating snum = 1 for pub [2008/06/14 08:38:40, 10] param/loadparm.c:hash_a_service(5797) hash_a_service: hashing index 1 for service name pub doing parameter path = /export/pub doing parameter valid users = durdin doing parameter comment = "Public stuff" doing parameter guest ok = no doing parameter read only = no doing parameter browseable = yes [2008/06/14 08:38:40, 2] param/loadparm.c:do_section(7351) Processing section "[homes]" [2008/06/14 08:38:40, 8] param/loadparm.c:add_a_service(5750) add_a_service: Creating snum = 2 for homes [2008/06/14 08:38:40, 10] param/loadparm.c:hash_a_service(5797) hash_a_service: hashing index 2 for service name homes doing parameter guest ok = no doing parameter read only = no doing parameter browseable = no [2008/06/14 08:38:40, 2] param/loadparm.c:do_section(7351) Processing section "[netlogon]" [2008/06/14 08:38:40, 8] param/loadparm.c:add_a_service(5750) add_a_service: Creating snum = 3 for netlogon [2008/06/14 08:38:40, 10] param/loadparm.c:hash_a_service(5797) hash_a_service: hashing index 3 for service name netlogon doing parameter comment = Network Logon Service doing parameter path = /export/netlogon doing parameter read list = @users, @admins doing parameter write list = @admins doing parameter guest ok = Yes doing parameter share modes = No [2008/06/14 08:38:40, 2] param/loadparm.c:do_section(7351) Processing section "[Profiles]" [2008/06/14 08:38:40, 8] param/loadparm.c:add_a_service(5750) add_a_service: Creating snum = 4 for Profiles [2008/06/14 08:38:40, 10] param/loadparm.c:hash_a_service(5797) hash_a_service: hashing index 4 for service name Profiles doing parameter comment = User profiles doing parameter path = /export/profiles doing parameter read only = No doing parameter create mask = 0600 doing parameter force create mode = 00 doing parameter directory mask = 0700 doing parameter force directory mode = 00 doing parameter guest ok = Yes doing parameter browseable = No [2008/06/14 08:38:40, 2] param/loadparm.c:do_section(7351) Processing section "[print$]" [2008/06/14 08:38:40, 8] param/loadparm.c:add_a_service(5750) add_a_service: Creating snum = 5 for print$ [2008/06/14 08:38:40, 10] param/loadparm.c:hash_a_service(5797) hash_a_service: hashing index 5 for service name print$ doing parameter comment = Printer Driver Download Area doing parameter path = /export/drivers doing parameter browseable = yes doing parameter guest ok = yes doing parameter read only = yes doing parameter write list = @admins [2008/06/14 08:38:40, 2] param/loadparm.c:do_section(7351) Processing section "[printers]" [2008/06/14 08:38:40, 8] param/loadparm.c:add_a_service(5750) add_a_service: Creating snum = 6 for printers [2008/06/14 08:38:40, 10] param/loadparm.c:hash_a_service(5797) hash_a_service: hashing index 6 for service name printers doing parameter comment = All Printers doing parameter path = /var/spool/samba doing parameter public = yes doing parameter guest ok = yes doing parameter writable = no doing parameter printable = yes [2008/06/14 08:38:40, 4] param/loadparm.c:lp_load_ex(8712) pm_process() returned Yes [2008/06/14 08:38:40, 8] param/loadparm.c:add_a_service(5750) add_a_service: Creating snum = 7 for IPC$ [2008/06/14 08:38:40, 10] param/loadparm.c:hash_a_service(5797) hash_a_service: hashing index 7 for service name IPC$ [2008/06/14 08:38:40, 3] param/loadparm.c:lp_add_ipc(5894) adding IPC service [2008/06/14 08:38:40, 10] param/loadparm.c:set_server_role(7893) set_server_role: role = ROLE_DOMAIN_PDC [2008/06/14 08:38:40, 3] printing/pcap.c:pcap_cache_reload(116) reloading printcap cache [2008/06/14 08:38:40, 5] printing/print_cups.c:cups_cache_reload(93) reloading cups printcap cache [2008/06/14 08:38:40, 10] printing/print_cups.c:cups_connect(64) connecting to cups server /var/run/cups/cups.sock:631 [2008/06/14 08:38:40, 3] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2008/06/14 08:38:40, 7] param/loadparm.c:lp_servicenumber(8905) lp_servicenumber: couldn't find HP1020 [2008/06/14 08:38:40, 8] param/loadparm.c:add_a_service(5750) add_a_service: Creating snum = 8 for HP1020 [2008/06/14 08:38:40, 10] param/loadparm.c:hash_a_service(5797) hash_a_service: hashing index 8 for service name HP1020 [2008/06/14 08:38:40, 3] param/loadparm.c:lp_add_printer(5933) adding printer service HP1020 [2008/06/14 08:38:40, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sat Jun 14 08:38:22 2008 [2008/06/14 08:38:40, 2] lib/interface.c:add_interface(334) added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 [2008/06/14 08:38:40, 2] lib/interface.c:interpret_interface(454) interpret_interface: using netmask value 12 from config file on interface eth0.3 [2008/06/14 08:38:40, 2] lib/interface.c:add_interface(334) added interface eth0.3 ip=172.16.172.1 bcast=172.31.255.255 netmask=255.240.0.0 [2008/06/14 08:38:40, 3] lib/util_sock.c:interpret_string_addr_internal(122) interpret_string_addr_internal: getaddrinfo failed for name # [Name or service not known] [2008/06/14 08:38:40, 2] lib/interface.c:interpret_interface(383) interpret_interface: Can't find address for # [2008/06/14 08:38:40, 2] lib/interface.c:add_interface(334) added interface eth0.3 ip=3ffe:ffff:100:f101:20a:5eff:fe4a:d8f0 bcast=3ffe:ffff:100:f101:ffff:ffff:ffff:ffff netmask=ffff:ffff:ffff:ffff:: [2008/06/14 08:38:40, 2] lib/interface.c:add_interface(334) added interface eth0.3 ip=fe80::20e:cff:fe5e:bd42%eth0.3 bcast=fe80::ffff:ffff:ffff:ffff%eth0.3 netmask=ffff:ffff:ffff:ffff:: [2008/06/14 08:38:40, 3] lib/interface.c:add_interface(303) add_interface: not adding duplicate interface 172.16.172.1 [2008/06/14 08:38:40, 5] lib/util.c:init_names(274) Netbios name list:- my_netbios_names[0]="TYGR" [2008/06/14 08:38:40, 3] smbd/server.c:main(1255) loaded services [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend ldapsam [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'ldapsam' [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend ldapsam_compat [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'ldapsam_compat' [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend NDS_ldapsam [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'NDS_ldapsam' [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend NDS_ldapsam_compat [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'NDS_ldapsam_compat' [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend smbpasswd [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'smbpasswd' [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:smb_register_passdb(63) Attempting to register passdb backend tdbsam [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:smb_register_passdb(76) Successfully added passdb backend 'tdbsam' [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:make_pdb_method_name(133) Attempting to find an passdb backend to match ldapsam:ldaps://ldap.zelva.cz/ (ldapsam) [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:make_pdb_method_name(154) Found pdb backend ldapsam [2008/06/14 08:38:40, 2] lib/smbldap_util.c:smbldap_search_domain_info(277) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SKUPINA))] [2008/06/14 08:38:40, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [dc=zelva,dc=cz], filter => [(&(objectClass=sambaDomain)(sambaDomainName=SKUPINA))], scope => [2] [2008/06/14 08:38:40, 5] lib/smbldap.c:smbldap_close(1086) The connection to the LDAP server was closed [2008/06/14 08:38:40, 10] lib/smbldap.c:smb_ldap_setup_conn(616) smb_ldap_setup_connection: ldaps://ldap.zelva.cz/ [2008/06/14 08:38:40, 2] lib/smbldap.c:smbldap_open_connection(772) smbldap_open_connection: connection opened [2008/06/14 08:38:40, 10] lib/smbldap.c:smbldap_connect_system(937) ldap_connect_system: Binding to ldap server ldaps://ldap.zelva.cz/ as "cn=Manager,dc=zelva,dc=cz" [2008/06/14 08:38:40, 3] lib/smbldap.c:smbldap_connect_system(983) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2008/06/14 08:38:40, 10] lib/events.c:event_add_timed(128) Added timed event "smbldap_idle_fn": 805e8030 [2008/06/14 08:38:40, 4] lib/smbldap.c:smbldap_open(1066) The LDAP server is successfully connected [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:make_pdb_method_name(165) pdb backend ldapsam:ldaps://ldap.zelva.cz/ has a valid init [2008/06/14 08:38:40, 5] lib/gencache.c:gencache_init(61) Opening cache file at /usr/local/samba/var/locks/gencache.tdb [2008/06/14 08:38:40, 5] libsmb/namecache.c:namecache_enable(59) namecache_enable: enabling netbios namecache, timeout 660 seconds [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_init(73) reghook_cache_init: new tree with default ops 0x805668c0 for key [] [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Print] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] with subkey [Printers] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x806070e0 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80606f90 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Ports] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80606308 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80606a78 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [NULL] [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [LanmanServer] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer] with subkey [Shares] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x806066c8 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x806066c8 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Eventlog] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x806061c8 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80605e08 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SOFTWARE\Samba\smbconf] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Samba] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Samba] with subkey [smbconf] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Samba\smbconf] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80605d98 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80605a10 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [NULL] [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SOFTWARE] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [009] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80606e48 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x806060e8 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F534F465457 [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [Monitors] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80605dd8 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80605dd8 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [ProductOptions] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80607000 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80607000 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Terminal Server] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server] with subkey [DefaultUserConfiguration] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80605d68 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80606c28 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Tcpip] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip] with subkey [Parameters] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80605d68 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80605dd8 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM] with subkey [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Netlogon] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon] with subkey [Parameters] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80606c48 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80606c48 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B4C4D2F5359535445 [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKU] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKU] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B5500 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80606930 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B5500 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B5500 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80606930 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B5500 [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKCR] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKCR] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B435200 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x805e8bd8 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B435200 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B435200 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x805e8bd8 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B435200 [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKPD] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKPD] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B504400 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x806057a0 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B504400 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B504400 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x806057a0 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B504400 [2008/06/14 08:38:40, 6] registry/reg_backend_db.c:init_registry_key_internal(98) init_registry_key: Adding [HKPT] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:init_registry_key_internal(153) init_registry_key: Storing key [HKPT] with subkey [NULL] [2008/06/14 08:38:40, 5] lib/util_tdb.c:tdb_wrap_log(886) tdb(/usr/local/samba/var/locks/registry.tdb): tdb_transaction_start: nesting 1 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B505400 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80606930 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B505400 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 484B505400 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80606930 [2008/06/14 08:38:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 484B505400 [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_fetch_values(868) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2008/06/14 08:38:40, 8] registry/reg_backend_db.c:regdb_unpack_values(815) specific: [Samba Printer Port], len: 2 [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_fetch_values(868) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2008/06/14 08:38:40, 8] registry/reg_backend_db.c:regdb_unpack_values(815) specific: [DefaultSpoolDirectory], len: 70 [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_fetch_values(868) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2008/06/14 08:38:40, 8] registry/reg_backend_db.c:regdb_unpack_values(815) specific: [DisplayName], len: 20 [2008/06/14 08:38:40, 8] registry/reg_backend_db.c:regdb_unpack_values(815) specific: [ErrorControl], len: 4 [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_fetch_values(868) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2008/06/14 08:38:40, 8] registry/reg_backend_db.c:regdb_unpack_values(815) specific: [DisplayName], len: 20 [2008/06/14 08:38:40, 8] registry/reg_backend_db.c:regdb_unpack_values(815) specific: [ErrorControl], len: 4 [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0x80566a40 for key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0x80566a40 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] to tree [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0x80566a40 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] to tree [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0x80566a80 for key [/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0x80566960 for key [/HKLM/SOFTWARE/Samba/smbconf] [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SOFTWARE/Samba/smbconf] to tree [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0x80566ac0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters] [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters] to tree [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0x80566b00 for key [/HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] to tree [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0x80566b40 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] to tree [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0x80566b80 for key [/HKPT] [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKPT] to tree [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0x80566bc0 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion] [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion] to tree [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_add(97) reghook_cache_add: Adding ops 0x80566c00 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib] [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(200) pathtree_add: Enter [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_add(267) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib] to tree [2008/06/14 08:38:40, 8] lib/adt_tree.c:pathtree_add(269) pathtree_add: Exit [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/06/14 08:38:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/06/14 08:38:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:40, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [dc=zelva,dc=cz], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2008/06/14 08:38:40, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1519) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:40, 5] passdb/pdb_interface.c:pdb_default_uid_to_sid(1199) pdb_default_uid_to_rid: Did not find user root (0) [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:40, 10] passdb/lookup_sid.c:legacy_uid_to_sid(1139) LEGACY: uid 0 -> sid S-1-22-1-0 [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:40, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2] [2008/06/14 08:38:40, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=0)) [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:40, 10] passdb/lookup_sid.c:legacy_gid_to_sid(1170) LEGACY: gid 0 -> sid S-1-22-2-0 [2008/06/14 08:38:40, 10] auth/token_util.c:create_local_nt_token(302) Create local NT token for S-1-22-1-0 [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:40, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2008/06/14 08:38:40, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:40, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-5-32-544 [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:40, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2008/06/14 08:38:40, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:40, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-5-32-545 [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:40, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-22-1-0)(sambaSIDList=S-1-5-32-544)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)))], scope => [2] [2008/06/14 08:38:40, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-22-1-0)(sambaSIDList=S-1-5-32-544)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)))], scope => [2] [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (1) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Spooler] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Spooler] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Security] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [NETLOGON] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [NETLOGON] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Security] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [RemoteRegistry] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [RemoteRegistry] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Security] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [WINS] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (2) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [WINS] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000008, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 8 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (8) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 7] registry/reg_api.c:regkey_open_onelevel(132) regkey_open_onelevel: name = [Security] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_open(391) regdb_open: incrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(125) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(352) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2008/06/14 08:38:40, 10] lib/adt_tree.c:pathtree_find(425) pathtree_find: Exit [2008/06/14 08:38:40, 10] registry/reg_cachehook.c:reghook_cache_find(130) reghook_cache_find: found ops 0x805668c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_get_secdesc(963) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2008/06/14 08:38:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = 9003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = 90026 [2008/06/14 08:38:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (f003f) granted. [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (4) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (3) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_store_values(908) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (2) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (1) [2008/06/14 08:38:40, 10] registry/reg_backend_db.c:regdb_close(425) regdb_close: decrementing refcount (0) [2008/06/14 08:38:40, 10] printing/nt_printing.c:traverse_counting_printers(706) traverse_counting_printers: printer = [PRINTERS/hp1020] printer_count = 1 [2008/06/14 08:38:40, 10] printing/nt_printing.c:update_c_setprinter(737) update_c_setprinter: c_setprinter = 1 [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:40, 6] passdb/pdb_interface.c:pdb_getsampwsid(273) pdb_getsampwsid: Building guest account [2008/06/14 08:38:40, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username nobody, was [2008/06/14 08:38:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name nobody, was [2008/06/14 08:38:40, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain SKUPINA, was [2008/06/14 08:38:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-1343109128-81525896-2839220711-501 [2008/06/14 08:38:40, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1343109128-81525896-2839220711-501 from rid 501 [2008/06/14 08:38:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:40, 10] lib/system_smbd.c:sys_getgrouplist(122) sys_getgrouplist: user [nobody] [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=99))], scope => [2] [2008/06/14 08:38:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=99)) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:legacy_gid_to_sid(1170) LEGACY: gid 99 -> sid S-1-22-2-99 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=98))], scope => [2] [2008/06/14 08:38:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=98)) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:legacy_gid_to_sid(1170) LEGACY: gid 98 -> sid S-1-22-2-98 [2008/06/14 08:38:41, 5] auth/auth_util.c:make_server_info_sam(569) make_server_info_sam: made server info for user nobody -> nobody [2008/06/14 08:38:41, 10] auth/token_util.c:create_local_nt_token(302) Create local NT token for S-1-5-21-1343109128-81525896-2839220711-501 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2008/06/14 08:38:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-5-32-544 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2008/06/14 08:38:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-5-32-545 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-1343109128-81525896-2839220711-501)(sambaSIDList=S-1-22-2-99)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)(sambaSIDList=S-1-22-2-98)))], scope => [2] [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-1343109128-81525896-2839220711-501)(sambaSIDList=S-1-22-2-99)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)(sambaSIDList=S-1-22-2-98)))], scope => [2] [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:sid_to_gid(1413) sid S-1-22-2-99 -> gid 99 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2008/06/14 08:38:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-1-0 [2008/06/14 08:38:41, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-1-0 to gid, ignoring it [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2008/06/14 08:38:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-5-2 [2008/06/14 08:38:41, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-5-2 to gid, ignoring it [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2008/06/14 08:38:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-5-32-546 [2008/06/14 08:38:41, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-5-32-546 to gid, ignoring it [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:sid_to_gid(1413) sid S-1-22-2-98 -> gid 98 [2008/06/14 08:38:41, 10] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-1343109128-81525896-2839220711-501 contains 6 SIDs SID[ 0]: S-1-5-21-1343109128-81525896-2839220711-501 SID[ 1]: S-1-22-2-99 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-2-98 SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 0 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 0 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 0 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 87380 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 16 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 16 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 16384 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2008/06/14 08:38:41, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2008/06/14 08:38:41, 3] smbd/oplock.c:init_oplocks(875) init_oplocks: initializing messages. [2008/06/14 08:38:41, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(285) Linux kernel oplocks enabled [2008/06/14 08:38:41, 10] lib/events.c:event_add_timed(128) Added timed event "idle_evt(keepalive)": 806361f0 [2008/06/14 08:38:41, 10] lib/events.c:event_add_timed(128) Added timed event "idle_evt(deadtime)": 806359b8 [2008/06/14 08:38:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 68 [2008/06/14 08:38:41, 6] smbd/process.c:process_smb(1548) got message type 0x81 of len 0x44 [2008/06/14 08:38:41, 3] smbd/process.c:process_smb(1551) Transaction 0 of length 72 (0 toread) [2008/06/14 08:38:41, 2] smbd/reply.c:reply_special(425) netbios connect: name1=TYGR name2=PC03VM [2008/06/14 08:38:41, 2] smbd/reply.c:reply_special(432) netbios connect: local=tygr remote=pc03vm, name type = 0 [2008/06/14 08:38:41, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sat Jun 14 08:38:22 2008 [2008/06/14 08:38:41, 5] smbd/reply.c:reply_special(472) init msg_type=0x81 msg_flags=0x0 [2008/06/14 08:38:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 133 [2008/06/14 08:38:41, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x85 [2008/06/14 08:38:41, 3] smbd/process.c:process_smb(1551) Transaction 0 of length 137 (0 toread) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [060] 32 00 2. [2008/06/14 08:38:41, 3] smbd/process.c:switch_message(1363) switch message SMBnegprot (pid 22757) conn 0x0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:41, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [PC NETWORK PROGRAM 1.0] [2008/06/14 08:38:41, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LANMAN1.0] [2008/06/14 08:38:41, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [Windows for Workgroups 3.1a] [2008/06/14 08:38:41, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LM1.2X002] [2008/06/14 08:38:41, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LANMAN2.1] [2008/06/14 08:38:41, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [NT LM 0.12] [2008/06/14 08:38:41, 10] lib/util.c:set_remote_arch(2201) set_remote_arch: Client arch is 'Win2K' [2008/06/14 08:38:41, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sat Jun 14 08:38:22 2008 [2008/06/14 08:38:41, 5] smbd/connection.c:claim_connection(142) claiming [] [2008/06/14 08:38:41, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key E5580000FFFFFFFF0000 [2008/06/14 08:38:41, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80624a80 [2008/06/14 08:38:41, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key E5580000FFFFFFFF0000 [2008/06/14 08:38:41, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sat Jun 14 08:38:22 2008 [2008/06/14 08:38:41, 3] smbd/negprot.c:reply_nt1(392) using SPNEGO [2008/06/14 08:38:41, 3] smbd/negprot.c:reply_negprot(673) Selected protocol NT LM 0.12 [2008/06/14 08:38:41, 5] smbd/negprot.c:reply_negprot(680) negprot index=5 [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=58624 (0xE500) smb_vwv[ 8]= 88 (0x58) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=42606 (0xA66E) smb_vwv[13]=59720 (0xE948) smb_vwv[14]=51405 (0xC8CD) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] 74 79 67 72 00 00 00 00 00 00 00 00 00 00 00 00 tygr.... ........ [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2008/06/14 08:38:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 236 [2008/06/14 08:38:41, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0xec [2008/06/14 08:38:41, 3] smbd/process.c:process_smb(1551) Transaction 1 of length 240 (0 toread) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=236 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 236 (0xEC) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=177 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... [030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 05 01 28 0A 00 00 00 0F 00 57 00 69 00 6E ....(... ...W.i.n [050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [060] 00 32 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .2. .S.e .r.v.i.c [070] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 .e. .P.a .c.k. .2 [080] 00 20 00 32 00 36 00 30 00 30 00 00 00 57 00 69 . .2.6.0 .0...W.i [090] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [0A0] 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 00 00 .0.2. .5 ...1.... [0B0] 00 . [2008/06/14 08:38:41, 3] smbd/process.c:switch_message(1363) switch message SMBsesssetupX (pid 22757) conn 0x0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409) wct=12 flg2=0xc807 [2008/06/14 08:38:41, 2] smbd/sesssetup.c:setup_new_vc_session(1363) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2008/06/14 08:38:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173) Doing spnego session setup [2008/06/14 08:38:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2008/06/14 08:38:41, 10] lib/util.c:set_remote_arch(2201) set_remote_arch: Client arch is 'WinXP' [2008/06/14 08:38:41, 10] smbd/password.c:register_initial_vuid(188) register_initial_vuid: allocated vuid = 100 [2008/06/14 08:38:41, 10] smbd/sesssetup.c:check_spnego_blob_complete(1121) check_spnego_blob_complete: needed_len = 74, pblob->length = 74 [2008/06/14 08:38:41, 5] smbd/sesssetup.c:parse_spnego_mechanisms(749) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2008/06/14 08:38:41, 3] smbd/sesssetup.c:reply_spnego_negotiate(800) reply_spnego_negotiate: Got secblob of size 40 [2008/06/14 08:38:41, 5] auth/auth.c:make_auth_context_subsystem(485) Making default auth method list for DC, security=user, encrypt passwords = yes [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend sam [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'sam' [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend sam_ignoredomain [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'sam_ignoredomain' [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend unix [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'unix' [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend winbind [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'winbind' [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend smbserver [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'smbserver' [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend trustdomain [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'trustdomain' [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend ntdomain [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'ntdomain' [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend guest [2008/06/14 08:38:41, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'guest' [2008/06/14 08:38:41, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match guest [2008/06/14 08:38:41, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method guest has a valid init [2008/06/14 08:38:41, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match sam [2008/06/14 08:38:41, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method sam has a valid init [2008/06/14 08:38:41, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2008/06/14 08:38:41, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match trustdomain [2008/06/14 08:38:41, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method trustdomain has a valid init [2008/06/14 08:38:41, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method winbind has a valid init [2008/06/14 08:38:41, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2008/06/14 08:38:41, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module guest did not want to specify a challenge [2008/06/14 08:38:41, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module sam did not want to specify a challenge [2008/06/14 08:38:41, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module winbind did not want to specify a challenge [2008/06/14 08:38:41, 5] auth/auth.c:get_ntlm_challenge(136) auth_context challenge created by random [2008/06/14 08:38:41, 5] auth/auth.c:get_ntlm_challenge(137) challenge is: [2008/06/14 08:38:41, 5] lib/util.c:dump_data(2226) [000] B9 B8 3F D5 57 DB DF E0 ..?.W... [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=240 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=64 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 141 (0x8D) smb_bcc=197 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] A1 81 8A 30 81 87 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 72 04 70 4E 54 4C .....7.. ..r.pNTL [020] 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 00 00 MSSP.... .....0.. [030] 00 15 82 89 E2 B9 B8 3F D5 57 DB DF E0 00 00 00 .......? .W...... [040] 00 00 00 00 00 32 00 32 00 3E 00 00 00 53 00 4B .....2.2 .>...S.K [050] 00 55 00 50 00 49 00 4E 00 41 00 02 00 0E 00 53 .U.P.I.N .A.....S [060] 00 4B 00 55 00 50 00 49 00 4E 00 41 00 01 00 08 .K.U.P.I .N.A.... [070] 00 54 00 59 00 47 00 52 00 04 00 00 00 03 00 08 .T.Y.G.R ........ [080] 00 74 00 79 00 67 00 72 00 00 00 00 00 55 00 6E .t.y.g.r .....U.n [090] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0A0] 00 20 00 33 00 2E 00 32 00 2E 00 30 00 72 00 63 . .3...2 ...0.r.c [0B0] 00 31 00 00 00 53 00 4B 00 55 00 50 00 49 00 4E .1...S.K .U.P.I.N [0C0] 00 41 00 00 00 .A... [2008/06/14 08:38:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 270 [2008/06/14 08:38:41, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x10e [2008/06/14 08:38:41, 3] smbd/process.c:process_smb(1551) Transaction 2 of length 274 (0 toread) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=270 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 270 (0x10E) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 109 (0x6D) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=211 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] A1 6B 30 69 A2 67 04 65 4E 54 4C 4D 53 53 50 00 .k0i.g.e NTLMSSP. [010] 03 00 00 00 01 00 01 00 54 00 00 00 00 00 00 00 ........ T....... [020] 55 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 U....... H....... [030] 48 00 00 00 0C 00 0C 00 48 00 00 00 10 00 10 00 H....... H....... [040] 55 00 00 00 15 8A 88 E2 05 01 28 0A 00 00 00 0F U....... ..(..... [050] 50 00 43 00 30 00 33 00 56 00 4D 00 00 25 E6 07 P.C.0.3. V.M..%.. [060] 3B F7 86 3D EB BD 2F 00 0C AC AA 9C 4B 57 00 69 ;..=../. ....KW.i [070] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [080] 00 30 00 32 00 20 00 53 00 65 00 72 00 76 00 69 .0.2. .S .e.r.v.i [090] 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 .c.e. .P .a.c.k. [0A0] 00 32 00 20 00 32 00 36 00 30 00 30 00 00 00 57 .2. .2.6 .0.0...W [0B0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 [0C0] 00 30 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 .0.0.2. .5...1.. [0D0] 00 00 00 ... [2008/06/14 08:38:41, 3] smbd/process.c:switch_message(1363) switch message SMBsesssetupX (pid 22757) conn 0x0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409) wct=12 flg2=0xc807 [2008/06/14 08:38:41, 2] smbd/sesssetup.c:setup_new_vc_session(1363) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2008/06/14 08:38:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173) Doing spnego session setup [2008/06/14 08:38:41, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2008/06/14 08:38:41, 10] smbd/sesssetup.c:check_spnego_blob_complete(1121) check_spnego_blob_complete: needed_len = 109, pblob->length = 109 [2008/06/14 08:38:41, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(745) Got user=[] domain=[] workstation=[PC03VM] len1=1 len2=0 [2008/06/14 08:38:41, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sat Jun 14 08:38:22 2008 [2008/06/14 08:38:41, 5] auth/auth_util.c:make_user_info_map(178) make_user_info_map: Mapping user []\[] from workstation [PC03VM] [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] auth/auth_util.c:is_trusted_domain(1968) is_trusted_domain: Checking for domain trust with [SKUPINA] [2008/06/14 08:38:41, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5821) ldapsam_get_trusteddom_pw called for domain SKUPINA [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [sambaDomainName=SKUPINA,sambaDomainName=SKUPINA,dc=zelva,dc=cz], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=SKUPINA))], scope => [2] [2008/06/14 08:38:41, 10] lib/smbldap.c:smbldap_search_ext(1247) Failed search for base: sambaDomainName=SKUPINA,sambaDomainName=SKUPINA,dc=zelva,dc=cz, error: 32 (No such object) () [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] lib/gencache.c:gencache_get(194) Cache entry with key = TDOM/SKUPINA couldn't be found [2008/06/14 08:38:41, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183) no entry for trusted domain SKUPINA found. [2008/06/14 08:38:41, 5] auth/auth_util.c:make_user_info(92) attempting to make a user_info for () [2008/06/14 08:38:41, 5] auth/auth_util.c:make_user_info(102) making strings for 's user_info struct [2008/06/14 08:38:41, 5] auth/auth_util.c:make_user_info(134) making blobs for 's user_info struct [2008/06/14 08:38:41, 10] auth/auth_util.c:make_user_info(152) made an encrypted user_info for () [2008/06/14 08:38:41, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user []\[]@[PC03VM] with the new password interface [2008/06/14 08:38:41, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [SKUPINA]\[]@[PC03VM] [2008/06/14 08:38:41, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by random [2008/06/14 08:38:41, 10] auth/auth.c:check_ntlm_password(234) challenge is: [2008/06/14 08:38:41, 5] lib/util.c:dump_data(2226) [000] B9 B8 3F D5 57 DB DF E0 ..?.W... [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=99))], scope => [2] [2008/06/14 08:38:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=99)) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 10] lib/gencache.c:gencache_get(208) Returning expired cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Jun 14 08:37:36 2008 [2008/06/14 08:38:41, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845) ldapsam_get_account_policy_from_ldap [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [sambaDomainName=SKUPINA,dc=zelva,dc=cz], filter => [(objectclass=*)], scope => [0] [2008/06/14 08:38:41, 10] lib/account_pol.c:cache_account_policy_set(395) cache_account_policy_set: updating account pol cache [2008/06/14 08:38:41, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = ACCT_POL/password history; value = 0 and timeout = Sat Jun 14 08:39:41 2008 (60 seconds ahead) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username nobody, was [2008/06/14 08:38:41, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain SKUPINA, was [2008/06/14 08:38:41, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username , was [2008/06/14 08:38:41, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name nobody, was [2008/06/14 08:38:41, 4] lib/substitute.c:automount_server(500) Home server: tygr [2008/06/14 08:38:41, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\tygr\nobody, was [2008/06/14 08:38:41, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive U:, was NULL [2008/06/14 08:38:41, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script logon.vbs, was [2008/06/14 08:38:41, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\tygr\profiles\nobody, was [2008/06/14 08:38:41, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Jun 14 08:39:41 2008 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-1343109128-81525896-2839220711-501 [2008/06/14 08:38:41, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1343109128-81525896-2839220711-501 from rid 501 [2008/06/14 08:38:41, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: guest authentication for user [] succeeded [2008/06/14 08:38:41, 5] auth/auth.c:check_ntlm_password(308) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2008/06/14 08:38:41, 5] auth/auth_util.c:free_user_info(1898) attempting to free (and zero) a user_info structure [2008/06/14 08:38:41, 10] auth/auth_util.c:free_user_info(1902) structure was created for [2008/06/14 08:38:41, 10] auth/token_util.c:create_local_nt_token(302) Create local NT token for S-1-5-21-1343109128-81525896-2839220711-501 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2008/06/14 08:38:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-5-32-544 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2008/06/14 08:38:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-5-32-545 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-1343109128-81525896-2839220711-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-1343109128-81525896-2839220711-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-1343109128-81525896-2839220711-501] [2008/06/14 08:38:41, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/14 08:38:41, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2008/06/14 08:38:41, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2008/06/14 08:38:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-1-0 [2008/06/14 08:38:41, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-1-0 to gid, ignoring it [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2008/06/14 08:38:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-5-2 [2008/06/14 08:38:41, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-5-2 to gid, ignoring it [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2008/06/14 08:38:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-5-32-546 [2008/06/14 08:38:41, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-5-32-546 to gid, ignoring it [2008/06/14 08:38:41, 10] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-1343109128-81525896-2839220711-501 contains 4 SIDs SID[ 0]: S-1-5-21-1343109128-81525896-2839220711-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/14 08:38:41, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2008/06/14 08:38:41, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144) Got LM session key of length 16 [2008/06/14 08:38:41, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(848) ntlmssp_server_auth: Using unmodified nt session key. [2008/06/14 08:38:41, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2008/06/14 08:38:41, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2008/06/14 08:38:41, 10] smbd/password.c:register_existing_vuid(310) register_existing_vuid: (99,99) nobody SKUPINA guest=1 [2008/06/14 08:38:41, 3] smbd/password.c:register_existing_vuid(314) register_existing_vuid: User name: nobody Real name: nobody [2008/06/14 08:38:41, 3] smbd/password.c:register_existing_vuid(326) register_existing_vuid: UNIX uid 99 is UNIX user nobody, and will be vuid 100 [2008/06/14 08:38:41, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sat Jun 14 08:38:22 2008 [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=108 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=65 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 32 00 2E 00 30 00 72 00 63 00 31 00 00 ...2...0 .r.c.1.. [030] 00 53 00 4B 00 55 00 50 00 49 00 4E 00 41 00 00 .S.K.U.P .I.N.A.. [040] 00 . [2008/06/14 08:38:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 74 [2008/06/14 08:38:41, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x4a [2008/06/14 08:38:41, 3] smbd/process.c:process_smb(1551) Transaction 3 of length 78 (0 toread) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=74 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 74 (0x4A) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=31 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 5C 00 54 00 59 00 47 00 52 00 5C 00 49 .\.\.T.Y .G.R.\.I [010] 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .P.C.$.. .?????. [2008/06/14 08:38:41, 3] smbd/process.c:switch_message(1363) switch message SMBtconX (pid 22757) conn 0x0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:41, 4] smbd/reply.c:reply_tcon_and_X(653) Client requested device type [?????] for share [IPC$] [2008/06/14 08:38:41, 5] smbd/service.c:make_connection(1374) making a connection to 'normal' service ipc$ [2008/06/14 08:38:41, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user nobody [2008/06/14 08:38:41, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is nobody [2008/06/14 08:38:41, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [nobody]! [2008/06/14 08:38:41, 10] smbd/service.c:set_conn_connectpath(157) set_conn_connectpath: service IPC$, connectpath = /tmp [2008/06/14 08:38:41, 3] smbd/service.c:make_connection_snum(936) Connect path is '/tmp' for service [IPC$] [2008/06/14 08:38:41, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/06/14 08:38:41, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000002, for NT token with 4 entries and first sid S-1-5-21-1343109128-81525896-2839220711-501. [2008/06/14 08:38:41, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:41, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1343109128-81525896-2839220711-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2008/06/14 08:38:41, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2008/06/14 08:38:41, 3] smbd/vfs.c:vfs_init_default(96) Initialising default vfs hooks [2008/06/14 08:38:41, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend '/[Default VFS]/' [2008/06/14 08:38:41, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for posixacl [2008/06/14 08:38:41, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend 'posixacl' [2008/06/14 08:38:41, 3] smbd/vfs.c:vfs_init_custom(130) Initialising custom vfs hooks from [/[Default VFS]/] [2008/06/14 08:38:41, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ [2008/06/14 08:38:41, 5] smbd/connection.c:claim_connection(142) claiming [IPC$] [2008/06/14 08:38:41, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key E5580000010000004950 [2008/06/14 08:38:41, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80625100 [2008/06/14 08:38:41, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key E5580000010000004950 [2008/06/14 08:38:41, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user nobody [2008/06/14 08:38:41, 10] smbd/share_access.c:is_share_read_only_for_token(273) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2008/06/14 08:38:41, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/06/14 08:38:41, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-1343109128-81525896-2839220711-501. [2008/06/14 08:38:41, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:41, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1343109128-81525896-2839220711-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2008/06/14 08:38:41, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (1) granted. [2008/06/14 08:38:41, 3] lib/util_sid.c:string_to_sid(228) string_to_sid: Sid @admins does not start with 'S-'. [2008/06/14 08:38:41, 5] smbd/password.c:user_in_netgroup(463) Unable to get default yp domain, let's try without specifying it [2008/06/14 08:38:41, 5] smbd/password.c:user_in_netgroup(467) looking for user nobody of domain (ANY) in netgroup admins [2008/06/14 08:38:41, 5] smbd/password.c:user_in_netgroup(483) looking for user nobody of domain (ANY) in netgroup admins [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:lookup_name(69) lookup_name: SKUPINA\admins => SKUPINA (domain), admins (name) [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:lookup_name(70) lookup_name: flags = 0x077 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=admins)(cn=admins)))], scope => [2] [2008/06/14 08:38:41, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=admins)(cn=admins))) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:lookup_name(69) lookup_name: Unix Group\admins => Unix Group (domain), admins (name) [2008/06/14 08:38:41, 10] passdb/lookup_sid.c:lookup_name(70) lookup_name: flags = 0x077 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-1343109128-81525896-2839220711-501 contains 4 SIDs SID[ 0]: S-1-5-21-1343109128-81525896-2839220711-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(99,99) gid=(0,99) [2008/06/14 08:38:41, 3] smbd/service.c:make_connection_snum(1188) pc03vm (172.17.0.3) connect to service IPC$ initially as user nobody (uid=99, gid=99) (pid 22757) [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:41, 3] smbd/reply.c:reply_tcon_and_X(727) tconX service=IPC$ [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] 49 50 43 00 00 00 00 IPC.... [2008/06/14 08:38:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 104 [2008/06/14 08:38:41, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x68 [2008/06/14 08:38:41, 3] smbd/process.c:process_smb(1551) Transaction 4 of length 108 (0 toread) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=676 smb_uid=100 smb_mid=256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [010] 00 4E 00 00 00 .N... [2008/06/14 08:38:41, 3] smbd/process.c:switch_message(1363) switch message SMBntcreateX (pid 22757) conn 0x8056c400 [2008/06/14 08:38:41, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-1343109128-81525896-2839220711-501 contains 4 SIDs SID[ 0]: S-1-5-21-1343109128-81525896-2839220711-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/14 08:38:41, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups [2008/06/14 08:38:41, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(99,99) gid=(0,99) [2008/06/14 08:38:41, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to /tmp [2008/06/14 08:38:41, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = NETLOGON [2008/06/14 08:38:41, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \NETLOGON. [2008/06/14 08:38:41, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe NETLOGON opening. [2008/06/14 08:38:41, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested NETLOGON (pipes_open=0) [2008/06/14 08:38:41, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested NETLOGON [2008/06/14 08:38:41, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe NETLOGON [2008/06/14 08:38:41, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON [2008/06/14 08:38:41, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe NETLOGON (pipes_open=0) [2008/06/14 08:38:41, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe NETLOGON with handle 7794 (pipes_open=1) [2008/06/14 08:38:41, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name NETLOGON pnum=7794 [2008/06/14 08:38:41, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 4E45544C4F474F4E2F32 [2008/06/14 08:38:41, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x8060abd0 [2008/06/14 08:38:41, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 4E45544C4F474F4E2F32 [2008/06/14 08:38:41, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \NETLOGON [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=676 smb_uid=100 smb_mid=256 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=37888 (0x9400) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/06/14 08:38:41, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x88 [2008/06/14 08:38:41, 3] smbd/process.c:process_smb(1551) Transaction 5 of length 140 (0 toread) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=320 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30612 (0x7794) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/06/14 08:38:41, 3] smbd/process.c:switch_message(1363) switch message SMBwriteX (pid 22757) conn 0x8056c400 [2008/06/14 08:38:41, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7794 [2008/06/14 08:38:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=1) [2008/06/14 08:38:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 7794 name: NETLOGON open: Yes len: 72 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/06/14 08:38:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/06/14 08:38:41, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/06/14 08:38:41, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/06/14 08:38:41, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/06/14 08:38:41, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/06/14 08:38:41, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345678 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 cf fb [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2008/06/14 08:38:41, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/06/14 08:38:41, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/06/14 08:38:41, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/06/14 08:38:41, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\NETLOGON checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/06/14 08:38:41, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/06/14 08:38:41, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000f [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\netlogon. [2008/06/14 08:38:41, 6] rpc_parse/parse_prs.c:prs_debug(88) 000019 smb_io_rpc_results [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001c num_results: 01 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0020 result : 0000 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0022 reason : 0000 [2008/06/14 08:38:41, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/06/14 08:38:41, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/06/14 08:38:41, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=7794 nwritten=72 [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=320 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/06/14 08:38:41, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x3b [2008/06/14 08:38:41, 3] smbd/process.c:process_smb(1551) Transaction 6 of length 63 (0 toread) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30612 (0x7794) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:41, 3] smbd/process.c:switch_message(1363) switch message SMBreadX (pid 22757) conn 0x8056c400 [2008/06/14 08:38:41, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7794 [2008/06/14 08:38:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=1) [2008/06/14 08:38:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 7794 name: NETLOGON len: 1024 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2008/06/14 08:38:41, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=7794 min=1024 max=1024 nread=72 [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=131 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 72 (0x48) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=72 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] 05 00 0C 03 10 00 00 00 48 00 00 00 01 00 00 00 ........ H....... [010] B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 00 netlogon ........ [030] 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........ [040] 2B 10 48 60 02 00 00 00 +.H`.... [2008/06/14 08:38:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 154 [2008/06/14 08:38:41, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x9a [2008/06/14 08:38:41, 3] smbd/process.c:process_smb(1551) Transaction 7 of length 158 (0 toread) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=154 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=448 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30612 (0x7794) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 90 (0x5A) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 90 (0x5A) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=91 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] EE 05 00 00 03 10 00 00 00 5A 00 00 00 01 00 00 ........ .Z...... [010] 00 42 00 00 00 00 00 04 00 E8 D2 0D 00 07 00 00 .B...... ........ [020] 00 00 00 00 00 07 00 00 00 5C 00 5C 00 54 00 59 ........ .\.\.T.Y [030] 00 47 00 52 00 00 00 88 8A 07 00 00 00 00 00 00 .G.R.... ........ [040] 00 07 00 00 00 50 00 43 00 30 00 33 00 56 00 4D .....P.C .0.3.V.M [050] 00 00 00 AF EE D7 A2 1F 99 13 E5 ........ ... [2008/06/14 08:38:41, 3] smbd/process.c:switch_message(1363) switch message SMBwriteX (pid 22757) conn 0x8056c400 [2008/06/14 08:38:41, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7794 [2008/06/14 08:38:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=1) [2008/06/14 08:38:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 7794 name: NETLOGON open: Yes len: 90 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 90 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 90 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 90, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 74 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 74 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 005a [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/06/14 08:38:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 74 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 74, incoming data = 74 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000042 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0004 [2008/06/14 08:38:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 73 [2008/06/14 08:38:41, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\NETLOGON [2008/06/14 08:38:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE [2008/06/14 08:38:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[4].fn == 0x801988f4 netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\TYGR' computer_name : 'PC03VM' credentials : * credentials: struct netr_Credential data : afeed7a21f9913e5 [2008/06/14 08:38:41, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) init_net_r_req_chal: 41 netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : 1ca56fc0bead58dd result : NT_STATUS_OK [2008/06/14 08:38:41, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called NETLOGON successfully [2008/06/14 08:38:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 74 [2008/06/14 08:38:41, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=7794 nwritten=90 [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=448 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 90 (0x5A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/06/14 08:38:41, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x3b [2008/06/14 08:38:41, 3] smbd/process.c:process_smb(1551) Transaction 8 of length 63 (0 toread) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=512 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30612 (0x7794) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:41, 3] smbd/process.c:switch_message(1363) switch message SMBreadX (pid 22757) conn 0x8056c400 [2008/06/14 08:38:41, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7794 [2008/06/14 08:38:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=1) [2008/06/14 08:38:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 7794 name: NETLOGON len: 1024 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0024 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000000c [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/06/14 08:38:41, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=7794 min=1024 max=1024 nread=36 [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=95 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=512 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 36 (0x24) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=36 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] 05 00 02 03 10 00 00 00 24 00 00 00 01 00 00 00 ........ $....... [010] 0C 00 00 00 00 00 00 00 1C A5 6F C0 BE AD 58 DD ........ ..o...X. [020] 00 00 00 00 .... [2008/06/14 08:38:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 192 [2008/06/14 08:38:41, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0xc0 [2008/06/14 08:38:41, 3] smbd/process.c:process_smb(1551) Transaction 9 of length 196 (0 toread) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=576 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30612 (0x7794) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] EE 05 00 00 03 10 00 00 00 80 00 00 00 02 00 00 ........ ........ [010] 00 68 00 00 00 00 00 1A 00 E8 D2 0D 00 07 00 00 .h...... ........ [020] 00 00 00 00 00 07 00 00 00 5C 00 5C 00 54 00 59 ........ .\.\.T.Y [030] 00 47 00 52 00 00 00 88 8A 08 00 00 00 00 00 00 .G.R.... ........ [040] 00 08 00 00 00 50 00 43 00 30 00 33 00 56 00 4D .....P.C .0.3.V.M [050] 00 24 00 00 00 02 00 1F 99 07 00 00 00 00 00 00 .$...... ........ [060] 00 07 00 00 00 50 00 43 00 30 00 33 00 56 00 4D .....P.C .0.3.V.M [070] 00 00 00 81 78 2D A3 C3 CB BE E9 0E 50 FF BF 0F ....x-.. ....P... [080] 60 ` [2008/06/14 08:38:41, 3] smbd/process.c:switch_message(1363) switch message SMBwriteX (pid 22757) conn 0x8056c400 [2008/06/14 08:38:41, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7794 [2008/06/14 08:38:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=1) [2008/06/14 08:38:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 7794 name: NETLOGON open: Yes len: 128 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 128 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 112 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0080 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/06/14 08:38:41, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 112 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 112, incoming data = 112 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000068 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 001a [2008/06/14 08:38:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/06/14 08:38:41, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\NETLOGON [2008/06/14 08:38:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: NETLOGON op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2008/06/14 08:38:41, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[26].fn == 0x801951c4 netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\TYGR' account_name : 'PC03VM$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : 'PC03VM' credentials : * credentials: struct netr_Credential data : 81782da3c3cbbee9 negotiate_flags : * negotiate_flags : 0x600fbfff (1611644927) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 0: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL [2008/06/14 08:38:41, 4] rpc_server/srv_pipe.c:api_rpcTNP(2339) api_rpcTNP: rng fault return [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 03 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 23 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0020 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000000 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_hdr_fault fault [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(807) 0018 status : DCERPC_FAULT_OP_RNG_ERROR [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_uint32(718) 001c reserved: 00000000 [2008/06/14 08:38:41, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 112 [2008/06/14 08:38:41, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=7794 nwritten=128 [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=576 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 128 (0x80) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/06/14 08:38:41, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x3b [2008/06/14 08:38:41, 3] smbd/process.c:process_smb(1551) Transaction 10 of length 63 (0 toread) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=640 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30612 (0x7794) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:41, 3] smbd/process.c:switch_message(1363) switch message SMBreadX (pid 22757) conn 0x8056c400 [2008/06/14 08:38:41, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7794 [2008/06/14 08:38:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=1) [2008/06/14 08:38:41, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 7794 name: NETLOGON len: 1024 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: NETLOGON: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2008/06/14 08:38:41, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=7794 min=1024 max=1024 nread=32 [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=91 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=640 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 32 (0x20) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=32 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 00 ...#.... ....... [010] 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 00 ........ ........ [2008/06/14 08:38:41, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 192 [2008/06/14 08:38:41, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0xc0 [2008/06/14 08:38:41, 3] smbd/process.c:process_smb(1551) Transaction 11 of length 196 (0 toread) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:41, 5] lib/util.c:show_msg(655) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=704 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30612 (0x7794) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2008/06/14 08:38:41, 10] lib/util.c:dump_data(2226) [000] EE 05 00 00 03 10 00 00 00 80 00 00 00 03 00 00 ........ ........ [010] 00 68 00 00 00 00 00 0F 00 E8 D2 0D 00 07 00 00 .h...... ........ [020] 00 00 00 00 00 07 00 00 00 5C 00 5C 00 54 00 59 ........ .\.\.T.Y [030] 00 47 00 52 00 00 00 88 8A 08 00 00 00 00 00 00 .G.R.... ........ [040] 00 08 00 00 00 50 00 43 00 30 00 33 00 56 00 4D .....P.C .0.3.V.M [050] 00 24 00 00 00 02 00 1F 99 07 00 00 00 00 00 00 .$...... ........ [060] 00 07 00 00 00 50 00 43 00 30 00 33 00 56 00 4D .....P.C .0.3.V.M [070] 00 00 00 81 78 2D A3 C3 CB BE E9 0E 50 FF BF 0F ....x-.. ....P... [080] 60 ` [2008/06/14 08:38:41, 3] smbd/process.c:switch_message(1363) switch message SMBwriteX (pid 22757) conn 0x8056c400 [2008/06/14 08:38:41, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:41, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7794 [2008/06/14 08:38:41, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=1) [2008/06/14 08:38:41, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 7794 name: NETLOGON open: Yes len: 128 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 128 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 112 [2008/06/14 08:38:41, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 [2008/06/14 08:38:41, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0080 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 112 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 112, incoming data = 112 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000068 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 000f [2008/06/14 08:38:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\NETLOGON [2008/06/14 08:38:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE2 [2008/06/14 08:38:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[15].fn == 0x80196c0a netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 in: struct netr_ServerAuthenticate2 server_name : * server_name : '\\TYGR' account_name : 'PC03VM$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : 'PC03VM' credentials : * credentials: struct netr_Credential data : 81782da3c3cbbee9 negotiate_flags : * negotiate_flags : 0x600fbfff (1611644927) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 0: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [dc=zelva,dc=cz], filter => [(&(uid=PC03VM$)(objectclass=sambaSamAccount))], scope => [2] [2008/06/14 08:38:42, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: pc03vm$ [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username pc03vm$, was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain SKUPINA, was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username pc03vm$, was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-1343109128-81525896-2839220711-11004 [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-1343109128-81525896-2839220711-11004 [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name VMware pc (172.17.0.3), was [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive U:, was NULL [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2008/06/14 08:38:42, 4] lib/substitute.c:automount_server(500) Home server: tygr [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\tygr\pc03vm_, was [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script logon.vbs, was [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\tygr\profiles\pc03vm_, was [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Jun 14 08:39:41 2008 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2008/06/14 08:38:42, 5] passdb/login_cache.c:login_cache_init(40) Opening cache file at /usr/local/samba/var/locks/login_cache.tdb [2008/06/14 08:38:42, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user pc03vm$ [2008/06/14 08:38:42, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2008/06/14 08:38:42, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 10] lib/gencache.c:gencache_get(208) Returning expired cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Sat Jun 14 08:38:28 2008 [2008/06/14 08:38:42, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845) ldapsam_get_account_policy_from_ldap [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [sambaDomainName=SKUPINA,dc=zelva,dc=cz], filter => [(objectclass=*)], scope => [0] [2008/06/14 08:38:42, 10] lib/account_pol.c:cache_account_policy_set(395) cache_account_policy_set: updating account pol cache [2008/06/14 08:38:42, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = ACCT_POL/maximum password age; value = 4294967295 and timeout = Sat Jun 14 08:39:42 2008 (60 seconds ahead) [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user pc03vm$ [2008/06/14 08:38:42, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is pc03vm$ [2008/06/14 08:38:42, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [pc03vm$]! [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=5010))], scope => [2] [2008/06/14 08:38:42, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 5010 [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2008/06/14 08:38:42, 10] passdb/lookup_sid.c:lookup_sid(950) lookup_sid called for SID 'S-1-5-21-1343109128-81525896-2839220711-515' [2008/06/14 08:38:42, 10] passdb/lookup_sid.c:check_dom_sid_to_level(705) Accepting SID S-1-5-21-1343109128-81525896-2839220711 in level 1 [2008/06/14 08:38:42, 10] passdb/lookup_sid.c:lookup_rids(468) lookup_rids called for domain sid 'S-1-5-21-1343109128-81525896-2839220711' [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1499) lookup_global_sam_rid: looking up RID 515. [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [dc=zelva,dc=cz], filter => [(&(sambaSID=S-1-5-21-1343109128-81525896-2839220711-515)(objectclass=sambaSamAccount))], scope => [2] [2008/06/14 08:38:42, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1613) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-1343109128-81525896-2839220711-515] count=0 [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-1343109128-81525896-2839220711-515))], scope => [2] [2008/06/14 08:38:42, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 5010 [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/06/14 08:38:42, 5] passdb/pdb_interface.c:pdb_default_lookup_rids(1621) lookup_rids: Domain Computers:5 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 10] passdb/lookup_sid.c:lookup_sid(985) Sid S-1-5-21-1343109128-81525896-2839220711-515 -> SKUPINA\Domain Computers(5) [2008/06/14 08:38:42, 3] passdb/pdb_get_set.c:pdb_get_group_sid(235) Primary group for user pc03vm$ is a Well-known Group and not a domain group [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Jun 14 08:39:41 2008 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username pc03vm$, was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain SKUPINA, was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username pc03vm$, was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name VMware pc (172.17.0.3), was [2008/06/14 08:38:42, 4] lib/substitute.c:automount_server(500) Home server: tygr [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\tygr\pc03vm_, was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive U:, was NULL [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script logon.vbs, was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\tygr\profiles\pc03vm_, was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Jun 14 08:39:41 2008 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-1343109128-81525896-2839220711-11004 [2008/06/14 08:38:42, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1343109128-81525896-2839220711-11004 from rid 11004 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 5] lib/util.c:dump_data(2226) [000] 1A 1B DA 5D 04 14 B5 80 47 61 6A D6 25 3B DD D1 ...].... Gaj.%;.. [2008/06/14 08:38:42, 10] libsmb/credentials.c:creds_server_init(185) creds_server_init: neg_flags : 600fbfff [2008/06/14 08:38:42, 10] libsmb/credentials.c:creds_server_init(186) creds_server_init: client chal : AFEED7A21F9913E5 [2008/06/14 08:38:42, 10] libsmb/credentials.c:creds_server_init(187) creds_server_init: server chal : 1CA56FC0BEAD58DD [2008/06/14 08:38:42, 5] libsmb/credentials.c:creds_init_64(120) creds_init_64 [2008/06/14 08:38:42, 5] libsmb/credentials.c:creds_init_64(121) clnt_chal_in: AFEED7A21F9913E5 [2008/06/14 08:38:42, 5] libsmb/credentials.c:creds_init_64(122) srv_chal_in : 1CA56FC0BEAD58DD [2008/06/14 08:38:42, 5] libsmb/credentials.c:creds_init_64(123) clnt+srv : CB934763DD466CC2 [2008/06/14 08:38:42, 5] libsmb/credentials.c:creds_init_64(124) sess_key_out : FFC488CBE55C3DF2 [2008/06/14 08:38:42, 10] libsmb/credentials.c:creds_server_init(205) creds_server_init: clnt : 81782DA3C3CBBEE9 [2008/06/14 08:38:42, 10] libsmb/credentials.c:creds_server_init(206) creds_server_init: server : 9995C17428014F68 [2008/06/14 08:38:42, 10] libsmb/credentials.c:creds_server_init(207) creds_server_init: seed : 81782DA3C3CBBEE9 [2008/06/14 08:38:42, 10] libsmb/credentials.c:netlogon_creds_server_check(227) netlogon_creds_server_check: credentials check OK. [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 3] passdb/secrets.c:secrets_store_schannel_session_info(1212) secrets_store_schannel_session_info: stored schannel info with key SECRETS/SCHANNEL/PC03VM [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 out: struct netr_ServerAuthenticate2 return_credentials : * return_credentials: struct netr_Credential data : 9995c17428014f68 negotiate_flags : * negotiate_flags : 0x400001ff (1073742335) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 0: NETLOGON_NEG_128BIT 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 0: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL result : NT_STATUS_OK [2008/06/14 08:38:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called NETLOGON successfully [2008/06/14 08:38:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 112 [2008/06/14 08:38:42, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=7794 nwritten=128 [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=704 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 128 (0x80) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x3b [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 12 of length 63 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=768 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30612 (0x7794) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBreadX (pid 22757) conn 0x8056c400 [2008/06/14 08:38:42, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7794 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=1) [2008/06/14 08:38:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 7794 name: NETLOGON len: 1024 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0028 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000010 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/06/14 08:38:42, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=7794 min=1024 max=1024 nread=40 [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=99 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=768 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 40 (0x28) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=40 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 00 ........ (....... [010] 10 00 00 00 00 00 00 00 99 95 C1 74 28 01 4F 68 ........ ...t(.Oh [020] FF 01 00 40 00 00 00 00 ...@.... [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 236 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0xec [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 13 of length 240 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=236 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=832 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 236 (0xEC) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=177 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... [030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 05 01 28 0A 00 00 00 0F 00 57 00 69 00 6E ....(... ...W.i.n [050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [060] 00 32 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .2. .S.e .r.v.i.c [070] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 .e. .P.a .c.k. .2 [080] 00 20 00 32 00 36 00 30 00 30 00 00 00 57 00 69 . .2.6.0 .0...W.i [090] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [0A0] 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 00 00 .0.2. .5 ...1.... [0B0] 00 . [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBsesssetupX (pid 22757) conn 0x0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409) wct=12 flg2=0xc807 [2008/06/14 08:38:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173) Doing spnego session setup [2008/06/14 08:38:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2008/06/14 08:38:42, 10] smbd/password.c:register_initial_vuid(188) register_initial_vuid: allocated vuid = 102 [2008/06/14 08:38:42, 10] smbd/sesssetup.c:check_spnego_blob_complete(1121) check_spnego_blob_complete: needed_len = 74, pblob->length = 74 [2008/06/14 08:38:42, 5] smbd/sesssetup.c:parse_spnego_mechanisms(749) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2008/06/14 08:38:42, 3] smbd/sesssetup.c:reply_spnego_negotiate(800) reply_spnego_negotiate: Got secblob of size 40 [2008/06/14 08:38:42, 5] auth/auth.c:make_auth_context_subsystem(485) Making default auth method list for DC, security=user, encrypt passwords = yes [2008/06/14 08:38:42, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match guest [2008/06/14 08:38:42, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method guest has a valid init [2008/06/14 08:38:42, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match sam [2008/06/14 08:38:42, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method sam has a valid init [2008/06/14 08:38:42, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2008/06/14 08:38:42, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match trustdomain [2008/06/14 08:38:42, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method trustdomain has a valid init [2008/06/14 08:38:42, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method winbind has a valid init [2008/06/14 08:38:42, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2008/06/14 08:38:42, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module guest did not want to specify a challenge [2008/06/14 08:38:42, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module sam did not want to specify a challenge [2008/06/14 08:38:42, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module winbind did not want to specify a challenge [2008/06/14 08:38:42, 5] auth/auth.c:get_ntlm_challenge(136) auth_context challenge created by random [2008/06/14 08:38:42, 5] auth/auth.c:get_ntlm_challenge(137) challenge is: [2008/06/14 08:38:42, 5] lib/util.c:dump_data(2226) [000] E8 7E DB 40 C7 82 9A 01 .~.@.... [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=240 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=832 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 141 (0x8D) smb_bcc=197 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] A1 81 8A 30 81 87 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 72 04 70 4E 54 4C .....7.. ..r.pNTL [020] 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 00 00 MSSP.... .....0.. [030] 00 15 82 89 E2 E8 7E DB 40 C7 82 9A 01 00 00 00 ......~. @....... [040] 00 00 00 00 00 32 00 32 00 3E 00 00 00 53 00 4B .....2.2 .>...S.K [050] 00 55 00 50 00 49 00 4E 00 41 00 02 00 0E 00 53 .U.P.I.N .A.....S [060] 00 4B 00 55 00 50 00 49 00 4E 00 41 00 01 00 08 .K.U.P.I .N.A.... [070] 00 54 00 59 00 47 00 52 00 04 00 00 00 03 00 08 .T.Y.G.R ........ [080] 00 74 00 79 00 67 00 72 00 00 00 00 00 55 00 6E .t.y.g.r .....U.n [090] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [0A0] 00 20 00 33 00 2E 00 32 00 2E 00 30 00 72 00 63 . .3...2 ...0.r.c [0B0] 00 31 00 00 00 53 00 4B 00 55 00 50 00 49 00 4E .1...S.K .U.P.I.N [0C0] 00 41 00 00 00 .A... [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 270 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x10e [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 14 of length 274 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=270 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=896 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 270 (0x10E) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 109 (0x6D) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=211 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] A1 6B 30 69 A2 67 04 65 4E 54 4C 4D 53 53 50 00 .k0i.g.e NTLMSSP. [010] 03 00 00 00 01 00 01 00 54 00 00 00 00 00 00 00 ........ T....... [020] 55 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 U....... H....... [030] 48 00 00 00 0C 00 0C 00 48 00 00 00 10 00 10 00 H....... H....... [040] 55 00 00 00 15 8A 88 E2 05 01 28 0A 00 00 00 0F U....... ..(..... [050] 50 00 43 00 30 00 33 00 56 00 4D 00 00 36 E0 C0 P.C.0.3. V.M..6.. [060] FA 0F B0 00 B2 5E 83 61 8D 20 71 AF 9A 57 00 69 .....^.a . q..W.i [070] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [080] 00 30 00 32 00 20 00 53 00 65 00 72 00 76 00 69 .0.2. .S .e.r.v.i [090] 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 .c.e. .P .a.c.k. [0A0] 00 32 00 20 00 32 00 36 00 30 00 30 00 00 00 57 .2. .2.6 .0.0...W [0B0] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 [0C0] 00 30 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 .0.0.2. .5...1.. [0D0] 00 00 00 ... [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBsesssetupX (pid 22757) conn 0x0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409) wct=12 flg2=0xc807 [2008/06/14 08:38:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173) Doing spnego session setup [2008/06/14 08:38:42, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2008/06/14 08:38:42, 10] smbd/sesssetup.c:check_spnego_blob_complete(1121) check_spnego_blob_complete: needed_len = 109, pblob->length = 109 [2008/06/14 08:38:42, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(745) Got user=[] domain=[] workstation=[PC03VM] len1=1 len2=0 [2008/06/14 08:38:42, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sat Jun 14 08:38:22 2008 [2008/06/14 08:38:42, 5] auth/auth_util.c:make_user_info_map(178) make_user_info_map: Mapping user []\[] from workstation [PC03VM] [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] auth/auth_util.c:is_trusted_domain(1968) is_trusted_domain: Checking for domain trust with [SKUPINA] [2008/06/14 08:38:42, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5821) ldapsam_get_trusteddom_pw called for domain SKUPINA [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [sambaDomainName=SKUPINA,sambaDomainName=SKUPINA,dc=zelva,dc=cz], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=SKUPINA))], scope => [2] [2008/06/14 08:38:42, 10] lib/smbldap.c:smbldap_search_ext(1247) Failed search for base: sambaDomainName=SKUPINA,sambaDomainName=SKUPINA,dc=zelva,dc=cz, error: 32 (No such object) () [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 10] lib/gencache.c:gencache_get(194) Cache entry with key = TDOM/SKUPINA couldn't be found [2008/06/14 08:38:42, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183) no entry for trusted domain SKUPINA found. [2008/06/14 08:38:42, 5] auth/auth_util.c:make_user_info(92) attempting to make a user_info for () [2008/06/14 08:38:42, 5] auth/auth_util.c:make_user_info(102) making strings for 's user_info struct [2008/06/14 08:38:42, 5] auth/auth_util.c:make_user_info(134) making blobs for 's user_info struct [2008/06/14 08:38:42, 10] auth/auth_util.c:make_user_info(152) made an encrypted user_info for () [2008/06/14 08:38:42, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user []\[]@[PC03VM] with the new password interface [2008/06/14 08:38:42, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [SKUPINA]\[]@[PC03VM] [2008/06/14 08:38:42, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by random [2008/06/14 08:38:42, 10] auth/auth.c:check_ntlm_password(234) challenge is: [2008/06/14 08:38:42, 5] lib/util.c:dump_data(2226) [000] E8 7E DB 40 C7 82 9A 01 .~.@.... [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Jun 14 08:39:41 2008 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username nobody, was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain SKUPINA, was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username , was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name nobody, was [2008/06/14 08:38:42, 4] lib/substitute.c:automount_server(500) Home server: tygr [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\tygr\nobody, was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive U:, was NULL [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script logon.vbs, was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\tygr\profiles\nobody, was [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Jun 14 08:39:41 2008 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-1343109128-81525896-2839220711-501 [2008/06/14 08:38:42, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1343109128-81525896-2839220711-501 from rid 501 [2008/06/14 08:38:42, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: guest authentication for user [] succeeded [2008/06/14 08:38:42, 5] auth/auth.c:check_ntlm_password(308) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2008/06/14 08:38:42, 5] auth/auth_util.c:free_user_info(1898) attempting to free (and zero) a user_info structure [2008/06/14 08:38:42, 10] auth/auth_util.c:free_user_info(1902) structure was created for [2008/06/14 08:38:42, 10] auth/token_util.c:create_local_nt_token(302) Create local NT token for S-1-5-21-1343109128-81525896-2839220711-501 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2008/06/14 08:38:42, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-5-32-544 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2008/06/14 08:38:42, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-5-32-545 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-1343109128-81525896-2839220711-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-1343109128-81525896-2839220711-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-1343109128-81525896-2839220711-501] [2008/06/14 08:38:42, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/14 08:38:42, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2008/06/14 08:38:42, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2008/06/14 08:38:42, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-1-0 [2008/06/14 08:38:42, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-1-0 to gid, ignoring it [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2008/06/14 08:38:42, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-5-2 [2008/06/14 08:38:42, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-5-2 to gid, ignoring it [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2008/06/14 08:38:42, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1244) LEGACY: mapping failed for sid S-1-5-32-546 [2008/06/14 08:38:42, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-5-32-546 to gid, ignoring it [2008/06/14 08:38:42, 10] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-1343109128-81525896-2839220711-501 contains 4 SIDs SID[ 0]: S-1-5-21-1343109128-81525896-2839220711-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/14 08:38:42, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2008/06/14 08:38:42, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144) Got LM session key of length 16 [2008/06/14 08:38:42, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(848) ntlmssp_server_auth: Using unmodified nt session key. [2008/06/14 08:38:42, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2008/06/14 08:38:42, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2008/06/14 08:38:42, 10] smbd/password.c:register_existing_vuid(310) register_existing_vuid: (99,99) nobody SKUPINA guest=1 [2008/06/14 08:38:42, 3] smbd/password.c:register_existing_vuid(314) register_existing_vuid: User name: nobody Real name: nobody [2008/06/14 08:38:42, 3] smbd/password.c:register_existing_vuid(326) register_existing_vuid: UNIX uid 99 is UNIX user nobody, and will be vuid 102 [2008/06/14 08:38:42, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /usr/local/samba/lib/smb.conf -> /usr/local/samba/lib/smb.conf last mod_time: Sat Jun 14 08:38:22 2008 [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=108 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=896 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=65 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 32 00 2E 00 30 00 72 00 63 00 31 00 00 ...2...0 .r.c.1.. [030] 00 53 00 4B 00 55 00 50 00 49 00 4E 00 41 00 00 .S.K.U.P .I.N.A.. [040] 00 . [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 74 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x4a [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 15 of length 78 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=74 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=960 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 74 (0x4A) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=31 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 5C 00 54 00 59 00 47 00 52 00 5C 00 49 .\.\.T.Y .G.R.\.I [010] 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .P.C.$.. .?????. [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBtconX (pid 22757) conn 0x0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:42, 4] smbd/reply.c:reply_tcon_and_X(653) Client requested device type [?????] for share [IPC$] [2008/06/14 08:38:42, 5] smbd/service.c:make_connection(1374) making a connection to 'normal' service ipc$ [2008/06/14 08:38:42, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user nobody [2008/06/14 08:38:42, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is nobody [2008/06/14 08:38:42, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [nobody]! [2008/06/14 08:38:42, 10] smbd/service.c:set_conn_connectpath(157) set_conn_connectpath: service IPC$, connectpath = /tmp [2008/06/14 08:38:42, 3] smbd/service.c:make_connection_snum(936) Connect path is '/tmp' for service [IPC$] [2008/06/14 08:38:42, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/06/14 08:38:42, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000002, for NT token with 4 entries and first sid S-1-5-21-1343109128-81525896-2839220711-501. [2008/06/14 08:38:42, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:42, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1343109128-81525896-2839220711-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2008/06/14 08:38:42, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2008/06/14 08:38:42, 3] smbd/vfs.c:vfs_init_default(96) Initialising default vfs hooks [2008/06/14 08:38:42, 3] smbd/vfs.c:vfs_init_custom(130) Initialising custom vfs hooks from [/[Default VFS]/] [2008/06/14 08:38:42, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ [2008/06/14 08:38:42, 5] smbd/connection.c:claim_connection(142) claiming [IPC$] [2008/06/14 08:38:42, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key E5580000020000004950 [2008/06/14 08:38:42, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80625040 [2008/06/14 08:38:42, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key E5580000020000004950 [2008/06/14 08:38:42, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user nobody [2008/06/14 08:38:42, 10] smbd/share_access.c:is_share_read_only_for_token(273) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2008/06/14 08:38:42, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/06/14 08:38:42, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-1343109128-81525896-2839220711-501. [2008/06/14 08:38:42, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:42, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1343109128-81525896-2839220711-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2008/06/14 08:38:42, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (1) granted. [2008/06/14 08:38:42, 3] lib/util_sid.c:string_to_sid(228) string_to_sid: Sid @admins does not start with 'S-'. [2008/06/14 08:38:42, 5] smbd/password.c:user_in_netgroup(463) Unable to get default yp domain, let's try without specifying it [2008/06/14 08:38:42, 5] smbd/password.c:user_in_netgroup(467) looking for user nobody of domain (ANY) in netgroup admins [2008/06/14 08:38:42, 5] smbd/password.c:user_in_netgroup(483) looking for user nobody of domain (ANY) in netgroup admins [2008/06/14 08:38:42, 10] passdb/lookup_sid.c:lookup_name(69) lookup_name: SKUPINA\admins => SKUPINA (domain), admins (name) [2008/06/14 08:38:42, 10] passdb/lookup_sid.c:lookup_name(70) lookup_name: flags = 0x077 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Group,dc=zelva,dc=cz], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=admins)(cn=admins)))], scope => [2] [2008/06/14 08:38:42, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=admins)(cn=admins))) [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 10] passdb/lookup_sid.c:lookup_name(69) lookup_name: Unix Group\admins => Unix Group (domain), admins (name) [2008/06/14 08:38:42, 10] passdb/lookup_sid.c:lookup_name(70) lookup_name: flags = 0x077 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-1343109128-81525896-2839220711-501 contains 4 SIDs SID[ 0]: S-1-5-21-1343109128-81525896-2839220711-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(99,99) gid=(0,99) [2008/06/14 08:38:42, 3] smbd/service.c:make_connection_snum(1188) pc03vm (172.17.0.3) connect to service IPC$ initially as user nobody (uid=99, gid=99) (pid 22757) [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:42, 3] smbd/reply.c:reply_tcon_and_X(727) tconX service=IPC$ [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=960 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] 49 50 43 00 00 00 00 IPC.... [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 100 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x64 [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 16 of length 104 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=676 smb_uid=102 smb_mid=1024 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBntcreateX (pid 22757) conn 0x80636808 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-1343109128-81525896-2839220711-501 contains 4 SIDs SID[ 0]: S-1-5-21-1343109128-81525896-2839220711-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(99,99) gid=(0,99) [2008/06/14 08:38:42, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc [2008/06/14 08:38:42, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \lsarpc. [2008/06/14 08:38:42, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe lsarpc opening. [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested lsarpc (pipes_open=1) [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(195) open_rpc_pipe_p: name NETLOGON pnum=7794 [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested lsarpc [2008/06/14 08:38:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2008/06/14 08:38:42, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe lsarpc (pipes_open=1) [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe lsarpc with handle 7795 (pipes_open=2) [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name lsarpc pnum=7795 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name NETLOGON pnum=7794 [2008/06/14 08:38:42, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F323237 [2008/06/14 08:38:42, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x805faf28 [2008/06/14 08:38:42, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F323237 [2008/06/14 08:38:42, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \lsarpc [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=676 smb_uid=102 smb_mid=1024 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=38144 (0x9500) smb_vwv[ 3]= 375 (0x177) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x88 [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 17 of length 140 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1088 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30613 (0x7795) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBwriteX (pid 22757) conn 0x80636808 [2008/06/14 08:38:42, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7795 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7795 (pipes_open=2) [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=2) [2008/06/14 08:38:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 7795 name: lsarpc open: Yes len: 72 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/06/14 08:38:42, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/06/14 08:38:42, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/06/14 08:38:42, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/06/14 08:38:42, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345778 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 89 ab [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000000 [2008/06/14 08:38:42, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/06/14 08:38:42, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/06/14 08:38:42, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\lsarpc checking \PIPE\lsarpc [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/06/14 08:38:42, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/06/14 08:38:42, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\lsarpc. [2008/06/14 08:38:42, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/06/14 08:38:42, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/06/14 08:38:42, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/06/14 08:38:42, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=7795 nwritten=72 [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1088 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x3b [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 18 of length 63 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1152 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30613 (0x7795) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBreadX (pid 22757) conn 0x80636808 [2008/06/14 08:38:42, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7795 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7795 (pipes_open=2) [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=2) [2008/06/14 08:38:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 7795 name: lsarpc len: 1024 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/06/14 08:38:42, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=7795 min=1024 max=1024 nread=68 [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1152 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 00 lsarpc.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 148 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x94 [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 19 of length 152 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=148 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1216 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30613 (0x7795) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 84 (0x54) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=85 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] EE 05 00 00 03 10 00 00 00 54 00 00 00 01 00 00 ........ .T...... [010] 00 3C 00 00 00 00 00 2C 00 10 5A 0D 00 07 00 00 .<....., ..Z..... [020] 00 00 00 00 00 07 00 00 00 5C 00 5C 00 54 00 59 ........ .\.\.T.Y [030] 00 47 00 52 00 00 00 88 8A 18 00 00 00 00 00 00 .G.R.... ........ [040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [050] 00 01 00 00 00 ..... [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBwriteX (pid 22757) conn 0x80636808 [2008/06/14 08:38:42, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7795 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7795 (pipes_open=2) [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=2) [2008/06/14 08:38:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 7795 name: lsarpc open: Yes len: 84 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 84 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 84 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 84, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 68 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 68 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0054 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 68 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 68, incoming data = 68 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000003c [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 002c [2008/06/14 08:38:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 71 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2008/06/14 08:38:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2008/06/14 08:38:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[44].fn == 0x80165910 lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : '\\TYGR' attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : NULL access_mask : 0x00000001 (1) 1: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2008/06/14 08:38:42, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-1343109128-81525896-2839220711-501. [2008/06/14 08:38:42, 3] lib/util_seaccess.c:se_access_check(249) [2008/06/14 08:38:42, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-1343109128-81525896-2839220711-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = 1 [2008/06/14 08:38:42, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (1) granted. [2008/06/14 08:38:42, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 53 48 72 67 ........ ....SHrg [010] E5 58 00 00 .X.. lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-5348-7267e5580000 result : NT_STATUS_OK [2008/06/14 08:38:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2008/06/14 08:38:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 820 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 68 [2008/06/14 08:38:42, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=7795 nwritten=84 [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1216 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 84 (0x54) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x3b [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 20 of length 63 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1281 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30613 (0x7795) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBreadX (pid 22757) conn 0x80636808 [2008/06/14 08:38:42, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7795 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7795 (pipes_open=2) [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=2) [2008/06/14 08:38:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 7795 name: lsarpc len: 1024 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/06/14 08:38:42, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=7795 min=1024 max=1024 nread=48 [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=107 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1281 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 48 (0x30) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=48 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 00 ........ 0....... [010] 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ........ ........ [020] 00 00 00 00 53 48 72 67 E5 58 00 00 00 00 00 00 ....SHrg .X...... [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 116 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x74 [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 21 of length 120 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=116 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1345 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30613 (0x7795) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 52 (0x34) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 52 (0x34) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=53 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] EE 05 00 00 03 10 00 00 00 34 00 00 00 02 00 00 ........ .4...... [010] 00 1C 00 00 00 00 00 0D 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 53 48 72 67 E5 58 00 00 00 00 00 .....SHr g.X..... [030] 00 FF FF FF FF ..... [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBwriteX (pid 22757) conn 0x80636808 [2008/06/14 08:38:42, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7795 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7795 (pipes_open=2) [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=2) [2008/06/14 08:38:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 7795 name: lsarpc open: Yes len: 52 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 52 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 36 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0034 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 36 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000001c [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 000d [2008/06/14 08:38:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2008/06/14 08:38:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0xd - api_rpcTNP: rpc command: LSA_ENUMTRUSTDOM [2008/06/14 08:38:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[13].fn == 0x8016a258 lsa_EnumTrustDom: struct lsa_EnumTrustDom in: struct lsa_EnumTrustDom handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-5348-7267e5580000 resume_handle : * resume_handle : 0x00000000 (0) max_size : 0xffffffff (4294967295) [2008/06/14 08:38:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 53 48 72 67 ........ ....SHrg [010] E5 58 00 00 .X.. [2008/06/14 08:38:42, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [sambaDomainName=SKUPINA,dc=zelva,dc=cz], filter => [(objectClass=sambaTrustedDomainPassword)], scope => [2] [2008/06/14 08:38:42, 0] lib/smbldap.c:smbldap_open(1005) smbldap_open: cannot access LDAP when not root.. lsa_EnumTrustDom: struct lsa_EnumTrustDom out: struct lsa_EnumTrustDom resume_handle : * resume_handle : 0x00000000 (0) domains : * domains: struct lsa_DomainList count : 0x00000000 (0) domains : NULL result : NT_STATUS_UNSUCCESSFUL [2008/06/14 08:38:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2008/06/14 08:38:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 36 [2008/06/14 08:38:42, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=7795 nwritten=52 [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1345 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 52 (0x34) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x3b [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 22 of length 63 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1409 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30613 (0x7795) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBreadX (pid 22757) conn 0x80636808 [2008/06/14 08:38:42, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7795 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7795 (pipes_open=2) [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=2) [2008/06/14 08:38:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 7795 name: lsarpc len: 1024 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0028 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000010 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/06/14 08:38:42, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=7795 min=1024 max=1024 nread=40 [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=99 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1409 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 40 (0x28) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=40 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] 05 00 02 03 10 00 00 00 28 00 00 00 02 00 00 00 ........ (....... [010] 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 01 00 00 C0 ........ [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 108 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x6c [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 23 of length 112 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=108 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1473 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30613 (0x7795) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 44 (0x2C) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 44 (0x2C) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=45 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] EE 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... [010] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 53 48 72 67 E5 58 00 00 .....SHr g.X.. [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBwriteX (pid 22757) conn 0x80636808 [2008/06/14 08:38:42, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7795 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7795 (pipes_open=2) [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=2) [2008/06/14 08:38:42, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 7795 name: lsarpc open: Yes len: 44 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 28 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002c [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 28 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000014 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0000 [2008/06/14 08:38:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2008/06/14 08:38:42, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2008/06/14 08:38:42, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[0].fn == 0x8016c133 lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-5348-7267e5580000 [2008/06/14 08:38:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 53 48 72 67 ........ ....SHrg [010] E5 58 00 00 .X.. [2008/06/14 08:38:42, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 53 48 72 67 ........ ....SHrg [010] E5 58 00 00 .X.. [2008/06/14 08:38:42, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2008/06/14 08:38:42, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2008/06/14 08:38:42, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 28 [2008/06/14 08:38:42, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=7795 nwritten=44 [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1473 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 44 (0x2C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x3b [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 24 of length 63 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1537 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30613 (0x7795) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBreadX (pid 22757) conn 0x80636808 [2008/06/14 08:38:42, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7795 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7795 (pipes_open=2) [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=2) [2008/06/14 08:38:42, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 7795 name: lsarpc len: 1024 [2008/06/14 08:38:42, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/06/14 08:38:42, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/06/14 08:38:42, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=7795 min=1024 max=1024 nread=48 [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=107 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1537 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 48 (0x30) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=48 [2008/06/14 08:38:42, 10] lib/util.c:dump_data(2226) [000] 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 00 ........ 0....... [010] 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x29 [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 25 of length 45 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1601 smt_wct=3 smb_vwv[ 0]=30613 (0x7795) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBclose (pid 22757) conn 0x80636808 [2008/06/14 08:38:42, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7795 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7795 (pipes_open=2) [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=2) [2008/06/14 08:38:42, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:7795 [2008/06/14 08:38:42, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe lsarpc [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name lsarpc pnum=7795 (pipes_open=1) [2008/06/14 08:38:42, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F323237 [2008/06/14 08:38:42, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x80629ed0 [2008/06/14 08:38:42, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F323237 [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1601 smt_wct=0 smb_bcc=0 [2008/06/14 08:38:42, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/06/14 08:38:42, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x29 [2008/06/14 08:38:42, 3] smbd/process.c:process_smb(1551) Transaction 26 of length 45 (0 toread) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1665 smt_wct=3 smb_vwv[ 0]=30612 (0x7794) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/06/14 08:38:42, 3] smbd/process.c:switch_message(1363) switch message SMBclose (pid 22757) conn 0x8056c400 [2008/06/14 08:38:42, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-1343109128-81525896-2839220711-501 contains 4 SIDs SID[ 0]: S-1-5-21-1343109128-81525896-2839220711-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/06/14 08:38:42, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups [2008/06/14 08:38:42, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(99,99) gid=(0,99) [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7794 [2008/06/14 08:38:42, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=7794 (pipes_open=1) [2008/06/14 08:38:42, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:7794 [2008/06/14 08:38:42, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe NETLOGON [2008/06/14 08:38:42, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name NETLOGON pnum=7794 (pipes_open=0) [2008/06/14 08:38:42, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 4E45544C4F474F4E2F32 [2008/06/14 08:38:42, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x805f95b8 [2008/06/14 08:38:42, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 4E45544C4F474F4E2F32 [2008/06/14 08:38:42, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:42, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1665 smt_wct=0 smb_bcc=0 [2008/06/14 08:38:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 39 [2008/06/14 08:38:54, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x27 [2008/06/14 08:38:54, 3] smbd/process.c:process_smb(1551) Transaction 27 of length 43 (0 toread) [2008/06/14 08:38:54, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:54, 5] lib/util.c:show_msg(655) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=1729 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:54, 3] smbd/process.c:switch_message(1363) switch message SMBulogoffX (pid 22757) conn 0x0 [2008/06/14 08:38:54, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:54, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:54, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:54, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:54, 3] smbd/reply.c:reply_ulogoffX(1910) ulogoffX vuid=102 [2008/06/14 08:38:54, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:54, 5] lib/util.c:show_msg(655) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=1729 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 35 [2008/06/14 08:38:54, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x23 [2008/06/14 08:38:54, 3] smbd/process.c:process_smb(1551) Transaction 28 of length 39 (0 toread) [2008/06/14 08:38:54, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:54, 5] lib/util.c:show_msg(655) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1793 smt_wct=0 smb_bcc=0 [2008/06/14 08:38:54, 3] smbd/process.c:switch_message(1363) switch message SMBtdis (pid 22757) conn 0x80636808 [2008/06/14 08:38:54, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:54, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:54, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:54, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:54, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:54, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:54, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:54, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:54, 3] smbd/service.c:close_cnum(1399) pc03vm (172.17.0.3) closed connection to service IPC$ [2008/06/14 08:38:54, 3] smbd/connection.c:yield_connection(31) Yielding connection to IPC$ [2008/06/14 08:38:54, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key E5580000020000004950 [2008/06/14 08:38:54, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x805886e0 [2008/06/14 08:38:54, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key E5580000020000004950 [2008/06/14 08:38:54, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to / [2008/06/14 08:38:54, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:54, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:54, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:54, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:54, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:54, 5] lib/util.c:show_msg(655) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1793 smt_wct=0 smb_bcc=0 [2008/06/14 08:38:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 39 [2008/06/14 08:38:54, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x27 [2008/06/14 08:38:54, 3] smbd/process.c:process_smb(1551) Transaction 29 of length 43 (0 toread) [2008/06/14 08:38:54, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:54, 5] lib/util.c:show_msg(655) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=1857 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:54, 3] smbd/process.c:switch_message(1363) switch message SMBulogoffX (pid 22757) conn 0x0 [2008/06/14 08:38:54, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:54, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:54, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:54, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:54, 3] smbd/reply.c:reply_ulogoffX(1910) ulogoffX vuid=100 [2008/06/14 08:38:54, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:54, 5] lib/util.c:show_msg(655) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=1857 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2008/06/14 08:38:54, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 35 [2008/06/14 08:38:54, 6] smbd/process.c:process_smb(1548) got message type 0x0 of len 0x23 [2008/06/14 08:38:54, 3] smbd/process.c:process_smb(1551) Transaction 30 of length 39 (0 toread) [2008/06/14 08:38:54, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:54, 5] lib/util.c:show_msg(655) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1921 smt_wct=0 smb_bcc=0 [2008/06/14 08:38:54, 3] smbd/process.c:switch_message(1363) switch message SMBtdis (pid 22757) conn 0x8056c400 [2008/06/14 08:38:54, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:54, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:54, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:54, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:54, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to /tmp [2008/06/14 08:38:54, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:54, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:54, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:54, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:54, 3] smbd/service.c:close_cnum(1399) pc03vm (172.17.0.3) closed connection to service IPC$ [2008/06/14 08:38:54, 3] smbd/connection.c:yield_connection(31) Yielding connection to IPC$ [2008/06/14 08:38:54, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key E5580000010000004950 [2008/06/14 08:38:54, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x805886e0 [2008/06/14 08:38:54, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key E5580000010000004950 [2008/06/14 08:38:54, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to / [2008/06/14 08:38:54, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:54, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:54, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:54, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:54, 5] lib/util.c:show_msg(645) [2008/06/14 08:38:54, 5] lib/util.c:show_msg(655) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1921 smt_wct=0 smb_bcc=0 [2008/06/14 08:38:54, 5] lib/util_sock.c:read_socket_with_timeout(928) read_socket_with_timeout: blocking read. EOF from client. [2008/06/14 08:38:54, 10] smbd/process.c:receive_smb_raw_talloc(278) receive_smb_raw: NT_STATUS_END_OF_FILE [2008/06/14 08:38:54, 3] smbd/process.c:smbd_process(2029) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2008/06/14 08:38:54, 5] lib/gencache.c:gencache_shutdown(93) Closing cache file [2008/06/14 08:38:54, 5] libsmb/namecache.c:namecache_shutdown(81) namecache_shutdown: netbios namecache closed successfully. [2008/06/14 08:38:54, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/06/14 08:38:54, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/06/14 08:38:54, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/06/14 08:38:54, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/06/14 08:38:54, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2008/06/14 08:38:54, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key E5580000FFFFFFFF0000 [2008/06/14 08:38:54, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x805886e0 [2008/06/14 08:38:54, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key E5580000FFFFFFFF0000 [2008/06/14 08:38:54, 3] smbd/server.c:exit_server_common(944) Server exit (normal exit)