Maximum core file size limits now 16777216(soft) -1(hard) get_current_groups: user is in 7 groups: 0, 1, 2, 3, 4, 6, 10 smbd version 3.0.31-1.1 started. Copyright Andrew Tridgell and the Samba Team 1992-2008 uid=0 gid=0 euid=0 egid=0 Build environment: Built by: root@test1.cis.ysu.edu Built on: Fri Jul 11 11:12:05 EDT 2008 Built using: gcc Build host: Linux test1.cis.ysu.edu 2.6.18-92.1.6.el5 #1 SMP Fri Jun 20 02:36:16 EDT 2008 i686 i686 i386 GNU/Linux SRCDIR: /usr/src/redhat/BUILD/samba-3.0.31/source BUILDDIR: /usr/src/redhat/BUILD/samba-3.0.31/source Paths: SBINDIR: /usr/sbin BINDIR: /usr/bin SWATDIR: /usr/share/swat CONFIGFILE: /etc/samba/smb.conf LOGFILEBASE: /var/log/samba LMHOSTSFILE: /etc/samba/lmhosts LIBDIR: /usr/lib/samba SHLIBEXT: so LOCKDIR: /var/cache/samba PIDDIR: /var/run SMB_PASSWD_FILE: /etc/samba/smbpasswd PRIVATE_DIR: /etc/samba System Headers: HAVE_SYS_ACL_H HAVE_SYS_CAPABILITY_H HAVE_SYS_CDEFS_H HAVE_SYS_FCNTL_H HAVE_SYS_IOCTL_H HAVE_SYS_IPC_H HAVE_SYS_MMAN_H HAVE_SYS_MOUNT_H HAVE_SYS_PARAM_H HAVE_SYS_PRCTL_H HAVE_SYS_QUOTA_H HAVE_SYS_RESOURCE_H HAVE_SYS_SELECT_H HAVE_SYS_SHM_H HAVE_SYS_SOCKET_H HAVE_SYS_STATFS_H HAVE_SYS_STATVFS_H HAVE_SYS_STAT_H HAVE_SYS_SYSCALL_H HAVE_SYS_SYSLOG_H HAVE_SYS_SYSMACROS_H HAVE_SYS_TIME_H HAVE_SYS_TYPES_H HAVE_SYS_UIO_H HAVE_SYS_UNISTD_H HAVE_SYS_UN_H HAVE_SYS_VFS_H HAVE_SYS_WAIT_H HAVE_SYS_XATTR_H Headers: HAVE_ACL_LIBACL_H HAVE_AIO_H HAVE_ALLOCA_H HAVE_ARPA_INET_H HAVE_ASM_TYPES_H HAVE_ASM_UNISTD_H HAVE_ATTR_XATTR_H HAVE_CTYPE_H HAVE_DIRENT_H HAVE_DLFCN_H HAVE_EXECINFO_H HAVE_FCNTL_H HAVE_FLOAT_H HAVE_FNMATCH_H HAVE_GLOB_H HAVE_GRP_H HAVE_GSSAPI_GSSAPI_GENERIC_H HAVE_GSSAPI_GSSAPI_H HAVE_GSSAPI_H HAVE_KRB5_H HAVE_KRB5_LOCATE_PLUGIN_H HAVE_LANGINFO_H HAVE_LASTLOG_H HAVE_LBER_H HAVE_LDAP_H HAVE_LIMITS_H HAVE_LINUX_INOTIFY_H HAVE_LOCALE_H HAVE_MEMORY_H HAVE_MNTENT_H HAVE_NETDB_H HAVE_NETINET_IN_H HAVE_NETINET_IN_SYSTM_H HAVE_NETINET_IP_H HAVE_NETINET_TCP_H HAVE_NET_IF_H HAVE_NSS_H HAVE_PWD_H HAVE_READLINE_HISTORY_H HAVE_READLINE_READLINE_H HAVE_RPCSVC_NIS_H HAVE_RPCSVC_YPCLNT_H HAVE_RPCSVC_YP_PROT_H HAVE_RPC_RPC_H HAVE_SECURITY_PAM_APPL_H HAVE_SECURITY_PAM_EXT_H HAVE_SECURITY_PAM_MODULES_H HAVE_SECURITY__PAM_MACROS_H HAVE_SETJMP_H HAVE_SHADOW_H HAVE_STDARG_H HAVE_STDBOOL_H HAVE_STDINT_H HAVE_STDIO_H HAVE_STDLIB_H HAVE_STRINGS_H HAVE_STRING_H HAVE_STROPTS_H HAVE_SYSCALL_H HAVE_SYSLOG_H HAVE_TERMIOS_H HAVE_TERMIO_H HAVE_TIME_H HAVE_UNISTD_H HAVE_UTIME_H HAVE_UUID_UUID_H HAVE_VALGRIND_MEMCHECK_H HAVE_VALGRIND_VALGRIND_H UTMP Options: HAVE_GETUTMPX HAVE_UTMPX_H HAVE_UTMP_H HAVE_UT_UT_ADDR HAVE_UT_UT_EXIT HAVE_UT_UT_HOST HAVE_UT_UT_ID HAVE_UT_UT_NAME HAVE_UT_UT_PID HAVE_UT_UT_TIME HAVE_UT_UT_TV HAVE_UT_UT_TYPE HAVE_UT_UT_USER PUTUTLINE_RETURNS_UTMP WITH_UTMP HAVE_* Defines: HAVE_ADDRTYPE_IN_KRB5_ADDRESS HAVE_AP_OPTS_USE_SUBKEY HAVE_ASPRINTF HAVE_ASPRINTF_DECL HAVE_ATEXIT HAVE_BACKTRACE_SYMBOLS HAVE_BER_SCANF HAVE_BOOL HAVE_BZERO HAVE_C99_VSNPRINTF HAVE_CAP_GET_PROC HAVE_CHMOD HAVE_CHOWN HAVE_CHROOT HAVE_COMPARISON_FN_T HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS HAVE_CONNECT HAVE_CREAT64 HAVE_CRYPT HAVE_CUPS HAVE_DECL_ASPRINTF HAVE_DECL_RL_EVENT_HOOK HAVE_DECL_SNPRINTF HAVE_DECL_VASPRINTF HAVE_DECL_VSNPRINTF HAVE_DEVICE_MAJOR_FN HAVE_DEVICE_MINOR_FN HAVE_DIRENT_D_OFF HAVE_DLCLOSE HAVE_DLERROR HAVE_DLOPEN HAVE_DLSYM HAVE_DUP2 HAVE_ENDMNTENT HAVE_ENDNETGRENT HAVE_ERRNO_DECL HAVE_EXECL HAVE_EXPLICIT_LARGEFILE_SUPPORT HAVE_FCHMOD HAVE_FCHOWN HAVE_FCNTL_LOCK HAVE_FCVT HAVE_FGETXATTR HAVE_FLISTXATTR HAVE_FOPEN64 HAVE_FREMOVEXATTR HAVE_FSEEKO64 HAVE_FSETXATTR HAVE_FSID_INT HAVE_FSTAT HAVE_FSTAT64 HAVE_FSYNC HAVE_FTELLO64 HAVE_FTRUNCATE HAVE_FTRUNCATE64 HAVE_FTRUNCATE_EXTEND HAVE_FUNCTION_MACRO HAVE_GETCWD HAVE_GETDIRENTRIES HAVE_GETGRENT HAVE_GETGRNAM HAVE_GETGROUPLIST HAVE_GETMNTENT HAVE_GETNETGRENT HAVE_GETPAGESIZE HAVE_GETPGRP HAVE_GETPWENT_R HAVE_GETRLIMIT HAVE_GETSPNAM HAVE_GETTIMEOFDAY_TZ HAVE_GETXATTR HAVE_GLOB HAVE_GRANTPT HAVE_GSSAPI HAVE_GSS_DISPLAY_STATUS HAVE_HISTORY_LIST HAVE_ICONV HAVE_IFACE_IFCONF HAVE_IMMEDIATE_STRUCTURES HAVE_INITGROUPS HAVE_INITIALIZE_KRB5_ERROR_TABLE HAVE_INNETGR HAVE_INOTIFY HAVE_INOTIFY_INIT HAVE_IPRINT HAVE_KERNEL_CHANGE_NOTIFY HAVE_KERNEL_OPLOCKS_LINUX HAVE_KERNEL_SHARE_MODES HAVE_KRB5 HAVE_KRB5_AUTH_CON_SETUSERUSERKEY HAVE_KRB5_C_ENCTYPE_COMPARE HAVE_KRB5_C_VERIFY_CHECKSUM HAVE_KRB5_ENCRYPT_BLOCK HAVE_KRB5_ENCRYPT_DATA HAVE_KRB5_FREE_DATA_CONTENTS HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS HAVE_KRB5_FREE_UNPARSED_NAME HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC HAVE_KRB5_GET_INIT_CREDS_OPT_FREE HAVE_KRB5_GET_PERMITTED_ENCTYPES HAVE_KRB5_GET_RENEWED_CREDS HAVE_KRB5_KEYBLOCK_IN_CREDS HAVE_KRB5_KEYTAB_ENTRY_KEY HAVE_KRB5_KEYUSAGE_APP_DATA_CKSUM HAVE_KRB5_KT_FREE_ENTRY HAVE_KRB5_LOCATE_KDC HAVE_KRB5_MK_REQ_EXTENDED HAVE_KRB5_PRINCIPAL2SALT HAVE_KRB5_PRINC_COMPONENT HAVE_KRB5_PRINC_REALM HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES HAVE_KRB5_SET_DEFAULT_TGS_KTYPES HAVE_KRB5_SET_REAL_TIME HAVE_KRB5_STRING_TO_KEY HAVE_KRB5_TKT_ENC_PART2 HAVE_KRB5_USE_ENCTYPE HAVE_KRB5_VERIFY_CHECKSUM HAVE_KV5M_KEYTAB HAVE_LBER_LOG_PRINT_FN HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SET_REBIND_PROC HAVE_LGETXATTR HAVE_LIBCOM_ERR HAVE_LIBGSSAPI_KRB5 HAVE_LIBK5CRYPTO HAVE_LIBKRB5 HAVE_LIBLBER HAVE_LIBLDAP HAVE_LIBPAM HAVE_LIBREADLINE HAVE_LIBRESOLV HAVE_LINK HAVE_LINUX_READAHEAD HAVE_LINUX_XFS_QUOTAS HAVE_LISTXATTR HAVE_LLISTXATTR HAVE_LLSEEK HAVE_LONGLONG HAVE_LONG_LONG HAVE_LREMOVEXATTR HAVE_LSEEK64 HAVE_LSETXATTR HAVE_LSTAT HAVE_LSTAT64 HAVE_MAGIC_IN_KRB5_ADDRESS HAVE_MAKEDEV HAVE_MEMALIGN HAVE_MEMCPY HAVE_MEMMOVE HAVE_MEMSET HAVE_MKDIR_MODE HAVE_MKDTEMP HAVE_MKNOD HAVE_MKTIME HAVE_MLOCK HAVE_MLOCKALL HAVE_MMAP HAVE_MUNLOCK HAVE_MUNLOCKALL HAVE_NANOSLEEP HAVE_NATIVE_ICONV HAVE_NEW_LIBREADLINE HAVE_NL_LANGINFO HAVE_NO_AIO HAVE_OPEN64 HAVE_PAM_GET_DATA HAVE_PAM_VSYSLOG HAVE_PATHCONF HAVE_PEERCRED HAVE_PIPE HAVE_POLL HAVE_POSIX_ACLS HAVE_POSIX_CAPABILITIES HAVE_POSIX_FADVISE HAVE_POSIX_MEMALIGN HAVE_PRCTL HAVE_PREAD HAVE_PREAD64 HAVE_PRINTF HAVE_PUTUTLINE HAVE_PUTUTXLINE HAVE_PWRITE HAVE_PWRITE64 HAVE_QUOTACTL_LINUX HAVE_RAND HAVE_RANDOM HAVE_READDIR64 HAVE_READLINK HAVE_REALPATH HAVE_REMOVEXATTR HAVE_RENAME HAVE_SECURE_MKSTEMP HAVE_SELECT HAVE_SENDFILE64 HAVE_SETBUFFER HAVE_SETEGID HAVE_SETENV HAVE_SETENV_DECL HAVE_SETEUID HAVE_SETGROUPS HAVE_SETLINEBUF HAVE_SETLOCALE HAVE_SETMNTENT HAVE_SETNETGRENT HAVE_SETPGID HAVE_SETRESGID HAVE_SETRESGID_DECL HAVE_SETRESUID HAVE_SETRESUID_DECL HAVE_SETSID HAVE_SETXATTR HAVE_SHMGET HAVE_SHORT_KRB5_MK_ERROR_INTERFACE HAVE_SIGACTION HAVE_SIGBLOCK HAVE_SIGPROCMASK HAVE_SIGSET HAVE_SIG_ATOMIC_T_TYPE HAVE_SNPRINTF HAVE_SNPRINTF_DECL HAVE_SOCKETPAIR HAVE_SOCKLEN_T_TYPE HAVE_SRAND HAVE_SRANDOM HAVE_STAT64 HAVE_STAT_HIRES_TIMESTAMPS HAVE_STAT_ST_ATIM HAVE_STAT_ST_BLKSIZE HAVE_STAT_ST_BLOCKS HAVE_STAT_ST_CTIM HAVE_STAT_ST_MTIM HAVE_STRCASECMP HAVE_STRCASESTR HAVE_STRCHR HAVE_STRDUP HAVE_STRERROR HAVE_STRFTIME HAVE_STRNDUP HAVE_STRNLEN HAVE_STRPBRK HAVE_STRSIGNAL HAVE_STRTOK_R HAVE_STRTOL HAVE_STRTOLL HAVE_STRTOQ HAVE_STRTOUL HAVE_STRTOULL HAVE_STRTOUQ HAVE_STRUCT_DIRENT64 HAVE_STRUCT_FLOCK64 HAVE_STRUCT_STAT_ST_RDEV HAVE_STRUCT_TIMESPEC HAVE_ST_RDEV HAVE_SYMLINK HAVE_SYSCONF HAVE_SYSLOG HAVE_SYS_QUOTAS HAVE_TICKET_POINTER_IN_KRB5_AP_REQ HAVE_TIMEGM HAVE_UNIXSOCKET HAVE_UNSETENV HAVE_UPDWTMP HAVE_UPDWTMPX HAVE_USLEEP HAVE_UTIMBUF HAVE_UTIME HAVE_UTIMES HAVE_VASPRINTF HAVE_VASPRINTF_DECL HAVE_VA_COPY HAVE_VOLATILE HAVE_VSNPRINTF HAVE_VSNPRINTF_DECL HAVE_VSYSLOG HAVE_WAITPID HAVE_WORKING_AF_LOCAL HAVE_WRFILE_KEYTAB HAVE_XFS_QUOTAS HAVE_YP_GET_DEFAULT_DOMAIN HAVE__Bool HAVE__ET_LIST HAVE__VA_ARGS__MACRO HAVE___CLOSE HAVE___DUP2 HAVE___FCNTL HAVE___FORK HAVE___FSTAT HAVE___FXSTAT HAVE___LSEEK HAVE___LSTAT HAVE___LXSTAT HAVE___NR_INOTIFY_INIT_DECL HAVE___OPEN HAVE___OPEN64 HAVE___PREAD64 HAVE___PWRITE64 HAVE___READ HAVE___STAT HAVE___WRITE HAVE___XSTAT --with Options: WITH_ADS WITH_AUTOMOUNT WITH_CIFSMOUNT WITH_DNS_UPDATES WITH_PAM WITH_PAM_MODULES WITH_QUOTAS WITH_SENDFILE WITH_SYSLOG WITH_UTMP WITH_WINBIND Build Options: COMPILER_SUPPORTS_LL CONFIG_H_IS_FROM_SAMBA DEFAULT_DISPLAY_CHARSET DEFAULT_DOS_CHARSET DEFAULT_UNIX_CHARSET KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT KRB5_TICKET_HAS_KEYINFO KRB5_VERIFY_CHECKSUM_ARGS LDAP_SET_REBIND_PROC_ARGS LINUX LINUX_SENDFILE_API PACKAGE_BUGREPORT PACKAGE_NAME PACKAGE_STRING PACKAGE_TARNAME PACKAGE_VERSION REALPATH_TAKES_NULL RETSIGTYPE SEEKDIR_RETURNS_VOID SHLIBEXT SIZEOF_CHAR SIZEOF_DEV_T SIZEOF_INO_T SIZEOF_INT SIZEOF_LONG_LONG SIZEOF_OFF_T SIZEOF_SHORT SIZEOF_SIZE_T SIZEOF_SSIZE_T STAT_STATVFS64 STAT_ST_BLOCKSIZE STDC_HEADERS STRING_STATIC_MODULES SYSCONF_SC_NGROUPS_MAX SYSCONF_SC_NPROCESSORS_ONLN SYSCONF_SC_PAGESIZE TIME_WITH_SYS_TIME USE_SETRESUID WITH_ADS WITH_AUTOMOUNT WITH_CIFSMOUNT WITH_DNS_UPDATES WITH_PAM WITH_PAM_MODULES WITH_QUOTAS WITH_SENDFILE WITH_SYSLOG WITH_WINBIND _FILE_OFFSET_BITS _GNU_SOURCE _LARGEFILE64_SOURCE _POSIX_C_SOURCE _POSIX_SOURCE _XOPEN_SOURCE_EXTENDED auth_script_init charset_CP437_init charset_CP850_init idmap_ad_init idmap_rid_init offset_t static_decl_auth static_decl_charset static_decl_idmap static_decl_nss_info static_decl_pdb static_decl_rpc static_decl_vfs static_init_auth static_init_charset static_init_idmap static_init_nss_info static_init_pdb static_init_rpc static_init_vfs uint_t vfs_audit_init vfs_cap_init vfs_default_quota_init vfs_expand_msdfs_init vfs_extd_audit_init vfs_fake_perms_init vfs_full_audit_init vfs_netatalk_init vfs_readahead_init vfs_readonly_init vfs_recycle_init vfs_shadow_copy_init Type sizes: sizeof(char): 1 sizeof(int): 4 sizeof(long): 4 sizeof(long long): 8 sizeof(uint8): 1 sizeof(uint16): 2 sizeof(uint32): 4 sizeof(short): 2 sizeof(void*): 4 sizeof(size_t): 4 sizeof(off_t): 8 sizeof(ino_t): 8 sizeof(dev_t): 8 Builtin modules: pdb_ldap pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_reg rpc_lsa_ds rpc_wkssvc rpc_svcctl rpc_ntsvcs rpc_net rpc_netdfs rpc_srv rpc_spoolss rpc_eventlog rpc_samr rpc_echo idmap_ldap idmap_tdb idmap_passdb idmap_nss nss_info_template auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin vfs_default vfs_posixacl lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter workgroup = ysu doing parameter server string = Campus Storage Server Project doing parameter netbios name = STORAGETEST handle_netbios_name: set global_myname to: STORAGETEST doing parameter socket options = doing parameter map acl inherit = yes doing parameter announce version = 5.0 doing parameter security = ads doing parameter passdb backend = tdbsam doing parameter realm = YSU.LOCAL doing parameter password server = * doing parameter wins server = 150.134.160.193 doing parameter idmap domains = YSU doing parameter idmap config YSU:backend = nss doing parameter idmap config YSU:readonly = yes doing parameter idmap config YSU:default = yes doing parameter cups options = raw Processing section "[homes]" add_a_service: Creating snum = 0 for homes hash_a_service: creating tdb servicehash hash_a_service: hashing index 0 for service name homes doing parameter comment = Home Directories doing parameter browseable = no doing parameter writeable = yes doing parameter root preexec = /etc/samba/root_preexec.sh %u %g doing parameter root preexec = /etc/samba/root_preexec.sh %D%w%U %D%w%G Processing section "[printers]" add_a_service: Creating snum = 1 for printers hash_a_service: hashing index 1 for service name printers doing parameter comment = All Printers doing parameter path = /var/spool/samba doing parameter browseable = no doing parameter printable = yes Processing section "[profiles$]" add_a_service: Creating snum = 2 for profiles$ hash_a_service: hashing index 2 for service name profiles$ doing parameter path = /home/profiles doing parameter browseable = yes doing parameter writeable = yes doing parameter hide unreadable = yes doing parameter root preexec = /etc/samba/root_preexec.sh %u %g Processing section "[testshare]" add_a_service: Creating snum = 3 for testshare hash_a_service: hashing index 3 for service name testshare doing parameter path = /home/testshare doing parameter browsable = yes doing parameter writeable = yes Processing section "[baja]" add_a_service: Creating snum = 4 for baja hash_a_service: hashing index 4 for service name baja doing parameter comment = Engineering Baja Car Project doing parameter path = /home/projects/baja doing parameter browsable = no doing parameter admin users = YSU\dmkitt doing parameter write list = @YSU+Students doing parameter public = no Processing section "[mech_private]" add_a_service: Creating snum = 5 for mech_private hash_a_service: hashing index 5 for service name mech_private doing parameter path = /home/departments/mech/private doing parameter browsable = no doing parameter public = no doing parameter write list = @ACADEMICS\sambatest Processing section "[mech_public]" add_a_service: Creating snum = 6 for mech_public hash_a_service: hashing index 6 for service name mech_public doing parameter comment = Mechanical Engineering Public Share doing parameter path = /home/departments/mech/public doing parameter write list = YSU\dmkitt doing parameter admin users = YSU\dmkitt doing parameter read only = yes Processing section "[ECS]" add_a_service: Creating snum = 7 for ECS hash_a_service: hashing index 7 for service name ECS doing parameter comment = ECS Admin Share doing parameter path = /home/special/ecs doing parameter write list = YSU\dmkitt, ACADEMICS\dmkadmin doing parameter admin users = YSU\dmkitt, ACADEMICS\dmkadmin doing parameter public = no doing parameter browsable = no pm_process() returned Yes add_a_service: Creating snum = 8 for IPC$ hash_a_service: hashing index 8 for service name IPC$ adding IPC service set_server_role: role = ROLE_DOMAIN_MEMBER Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF-16LE Registered charset UTF-16LE Attempting to register new charset UCS-2BE Registered charset UCS-2BE Attempting to register new charset UTF-16BE Registered charset UTF-16BE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset UTF-8 Registered charset UTF-8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE reloading printcap cache reloading cups printcap cache connecting to cups server /var/run/cups/cups.sock:631 reload status: ok reloading printcap cache reloading cups printcap cache connecting to cups server /var/run/cups/cups.sock:631 reload status: ok lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 29 11:15:52 2008 added interface ip=150.134.20.100 bcast=150.134.21.255 nmask=255.255.254.0 Netbios name list:- my_netbios_names[0]="STORAGETEST" loaded services fcntl_lock fd=6 op=13 offset=0 count=1 type=1 fcntl_lock: Lock call successful Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend 'NDS_ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to find an passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init Opening cache file at /var/cache/samba/gencache.tdb namecache_enable: enabling netbios namecache, timeout 660 seconds init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Print] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] with subkey [Printers] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] with subkey [NULL] init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Ports] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] with subkey [NULL] init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [NULL] init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [LanmanServer] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer] with subkey [Shares] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] with subkey [NULL] init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Eventlog] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] with subkey [NULL] init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [NULL] init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [009] init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] with subkey [NULL] init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [Monitors] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] with subkey [NULL] init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [ProductOptions] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] with subkey [NULL] init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Terminal Server] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server] with subkey [DefaultUserConfiguration] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] with subkey [NULL] init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [TcpIp] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp] with subkey [Parameters] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] with subkey [NULL] init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] init_registry_data: Storing key [HKLM] with subkey [SYSTEM] init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Netlogon] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon] with subkey [Parameters] init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] with subkey [NULL] init_registry_data: Adding [HKU] init_registry_data: Storing key [HKU] with subkey [NULL] init_registry_data: Adding [HKCR] init_registry_data: Storing key [HKCR] with subkey [NULL] init_registry_data: Adding [HKPD] init_registry_data: Storing key [HKPD] with subkey [NULL] init_registry_data: Adding [HKPT] init_registry_data: Storing key [HKPT] with subkey [NULL] regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] specific: [Samba Printer Port], len: 2 regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] specific: [DefaultSpoolDirectory], len: 70 regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] specific: [DisplayName], len: 20 specific: [ErrorControl], len: 4 regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] specific: [DisplayName], len: 20 specific: [ErrorControl], len: 4 reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree pathtree_add: Exit reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] to tree pathtree_add: Exit reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] to tree pathtree_add: Exit reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree pathtree_add: Exit uid 0 -> sid S-1-22-1-0 gid 0 -> sid S-1-22-2-0 Create local NT token for S-1-22-1-0 winbind failed to find a gid for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Trying to create builtin alias 544 Accepting SID S-1-5-32 in level 1 Sid S-1-5-32-544 -> BUILTIN\Administrators(4) pdb_create_builtin_alias: Could not get a gid out of winbind create_builtin_administrators: Failed to create Administrators create_local_nt_token: Failed to create BUILTIN\Administrators group! pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 winbind failed to find a gid for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Trying to create builtin alias 545 Accepting SID S-1-5-32 in level 1 Sid S-1-5-32-545 -> BUILTIN\Users(4) pdb_create_builtin_alias: Could not get a gid out of winbind create_builtin_users: Failed to create Users create_local_nt_token: Failed to create BUILTIN\Users group! pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 grant_privilege: S-1-1-0 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-548 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-549 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-550 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-551 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-544 original privilege mask: SE_PRIV 0xff0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0xff0 0x0 0x0 0x0 get_privileges: No privileges assigned to SID [S-1-22-1-0] get_privileges_for_sids: sid = S-1-5-32-544 Privilege set: SE_PRIV 0xff0 0x0 0x0 0x0 get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-11] regdb_open: incrementing refcount (1) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services] reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit registry_access_check: using root's token se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. regdb_open: incrementing refcount (2) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] pathtree_find: Exit registry_access_check: using root's token se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] regdb_close: decrementing refcount (2) regdb_open: incrementing refcount (2) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] pathtree_find: Exit registry_access_check: using root's token se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. 000000 sec_io_desc sec_desc 0000 revision : 0001 0002 type : 8004 0004 off_owner_sid: 00000000 0008 off_grp_sid : 00000000 000c off_sacl : 00000000 0010 off_dacl : 00000014 000014 sec_io_acl dacl 0014 revision: 0002 0018 num_aces : 00000004 00001c sec_io_ace ace_list[00]: 001c type : 00 001d flags: 00 0020 access_mask: 0002018d 000024 smb_io_dom_sid trustee 0024 sid_rev_num: 01 0025 num_auths : 01 0026 id_auth[0] : 00 0027 id_auth[1] : 00 0028 id_auth[2] : 00 0029 id_auth[3] : 00 002a id_auth[4] : 00 002b id_auth[5] : 01 002c sub_auths : 00000000 001e size : 0014 000030 sec_io_ace ace_list[01]: 0030 type : 00 0031 flags: 00 0034 access_mask: 000201fd 000038 smb_io_dom_sid trustee 0038 sid_rev_num: 01 0039 num_auths : 02 003a id_auth[0] : 00 003b id_auth[1] : 00 003c id_auth[2] : 00 003d id_auth[3] : 00 003e id_auth[4] : 00 003f id_auth[5] : 05 0040 sub_auths : 00000020 00000223 0032 size : 0018 000048 sec_io_ace ace_list[02]: 0048 type : 00 0049 flags: 00 004c access_mask: 000f01ff 000050 smb_io_dom_sid trustee 0050 sid_rev_num: 01 0051 num_auths : 02 0052 id_auth[0] : 00 0053 id_auth[1] : 00 0054 id_auth[2] : 00 0055 id_auth[3] : 00 0056 id_auth[4] : 00 0057 id_auth[5] : 05 0058 sub_auths : 00000020 00000225 004a size : 0018 000060 sec_io_ace ace_list[03]: 0060 type : 00 0061 flags: 00 0064 access_mask: 000f01ff 000068 smb_io_dom_sid trustee 0068 sid_rev_num: 01 0069 num_auths : 02 006a id_auth[0] : 00 006b id_auth[1] : 00 006c id_auth[2] : 00 006d id_auth[3] : 00 006e id_auth[4] : 00 006f id_auth[5] : 05 0070 sub_auths : 00000020 00000220 0062 size : 0018 0016 size : 0064 regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] regdb_close: decrementing refcount (2) regdb_open: incrementing refcount (2) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] pathtree_find: Exit registry_access_check: using root's token se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] regdb_close: decrementing refcount (2) regdb_open: incrementing refcount (2) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] pathtree_find: Exit registry_access_check: using root's token se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. 000000 sec_io_desc sec_desc 0000 revision : 0001 0002 type : 8004 0004 off_owner_sid: 00000000 0008 off_grp_sid : 00000000 000c off_sacl : 00000000 0010 off_dacl : 00000014 000014 sec_io_acl dacl 0014 revision: 0002 0018 num_aces : 00000004 00001c sec_io_ace ace_list[00]: 001c type : 00 001d flags: 00 0020 access_mask: 0002018d 000024 smb_io_dom_sid trustee 0024 sid_rev_num: 01 0025 num_auths : 01 0026 id_auth[0] : 00 0027 id_auth[1] : 00 0028 id_auth[2] : 00 0029 id_auth[3] : 00 002a id_auth[4] : 00 002b id_auth[5] : 01 002c sub_auths : 00000000 001e size : 0014 000030 sec_io_ace ace_list[01]: 0030 type : 00 0031 flags: 00 0034 access_mask: 000201fd 000038 smb_io_dom_sid trustee 0038 sid_rev_num: 01 0039 num_auths : 02 003a id_auth[0] : 00 003b id_auth[1] : 00 003c id_auth[2] : 00 003d id_auth[3] : 00 003e id_auth[4] : 00 003f id_auth[5] : 05 0040 sub_auths : 00000020 00000223 0032 size : 0018 000048 sec_io_ace ace_list[02]: 0048 type : 00 0049 flags: 00 004c access_mask: 000f01ff 000050 smb_io_dom_sid trustee 0050 sid_rev_num: 01 0051 num_auths : 02 0052 id_auth[0] : 00 0053 id_auth[1] : 00 0054 id_auth[2] : 00 0055 id_auth[3] : 00 0056 id_auth[4] : 00 0057 id_auth[5] : 05 0058 sub_auths : 00000020 00000225 004a size : 0018 000060 sec_io_ace ace_list[03]: 0060 type : 00 0061 flags: 00 0064 access_mask: 000f01ff 000068 smb_io_dom_sid trustee 0068 sid_rev_num: 01 0069 num_auths : 02 006a id_auth[0] : 00 006b id_auth[1] : 00 006c id_auth[2] : 00 006d id_auth[3] : 00 006e id_auth[4] : 00 006f id_auth[5] : 05 0070 sub_auths : 00000020 00000220 0062 size : 0018 0016 size : 0064 regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] regdb_close: decrementing refcount (2) regdb_open: incrementing refcount (2) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] pathtree_find: Exit registry_access_check: using root's token se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] regdb_close: decrementing refcount (2) regdb_open: incrementing refcount (2) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] pathtree_find: Exit registry_access_check: using root's token se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. 000000 sec_io_desc sec_desc 0000 revision : 0001 0002 type : 8004 0004 off_owner_sid: 00000000 0008 off_grp_sid : 00000000 000c off_sacl : 00000000 0010 off_dacl : 00000014 000014 sec_io_acl dacl 0014 revision: 0002 0018 num_aces : 00000004 00001c sec_io_ace ace_list[00]: 001c type : 00 001d flags: 00 0020 access_mask: 0002018d 000024 smb_io_dom_sid trustee 0024 sid_rev_num: 01 0025 num_auths : 01 0026 id_auth[0] : 00 0027 id_auth[1] : 00 0028 id_auth[2] : 00 0029 id_auth[3] : 00 002a id_auth[4] : 00 002b id_auth[5] : 01 002c sub_auths : 00000000 001e size : 0014 000030 sec_io_ace ace_list[01]: 0030 type : 00 0031 flags: 00 0034 access_mask: 000201fd 000038 smb_io_dom_sid trustee 0038 sid_rev_num: 01 0039 num_auths : 02 003a id_auth[0] : 00 003b id_auth[1] : 00 003c id_auth[2] : 00 003d id_auth[3] : 00 003e id_auth[4] : 00 003f id_auth[5] : 05 0040 sub_auths : 00000020 00000223 0032 size : 0018 000048 sec_io_ace ace_list[02]: 0048 type : 00 0049 flags: 00 004c access_mask: 000f01ff 000050 smb_io_dom_sid trustee 0050 sid_rev_num: 01 0051 num_auths : 02 0052 id_auth[0] : 00 0053 id_auth[1] : 00 0054 id_auth[2] : 00 0055 id_auth[3] : 00 0056 id_auth[4] : 00 0057 id_auth[5] : 05 0058 sub_auths : 00000020 00000225 004a size : 0018 000060 sec_io_ace ace_list[03]: 0060 type : 00 0061 flags: 00 0064 access_mask: 000f01ff 000068 smb_io_dom_sid trustee 0068 sid_rev_num: 01 0069 num_auths : 02 006a id_auth[0] : 00 006b id_auth[1] : 00 006c id_auth[2] : 00 006d id_auth[3] : 00 006e id_auth[4] : 00 006f id_auth[5] : 05 0070 sub_auths : 00000020 00000220 0062 size : 0018 0016 size : 0064 regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] regdb_close: decrementing refcount (2) regdb_open: incrementing refcount (2) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS] reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] pathtree_find: Exit registry_access_check: using root's token se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] regdb_close: decrementing refcount (2) regdb_open: incrementing refcount (2) regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] pathtree_find: Exit registry_access_check: using root's token se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 se_access_check: access (f003f) granted. 000000 sec_io_desc sec_desc 0000 revision : 0001 0002 type : 8004 0004 off_owner_sid: 00000000 0008 off_grp_sid : 00000000 000c off_sacl : 00000000 0010 off_dacl : 00000014 000014 sec_io_acl dacl 0014 revision: 0002 0018 num_aces : 00000004 00001c sec_io_ace ace_list[00]: 001c type : 00 001d flags: 00 0020 access_mask: 0002018d 000024 smb_io_dom_sid trustee 0024 sid_rev_num: 01 0025 num_auths : 01 0026 id_auth[0] : 00 0027 id_auth[1] : 00 0028 id_auth[2] : 00 0029 id_auth[3] : 00 002a id_auth[4] : 00 002b id_auth[5] : 01 002c sub_auths : 00000000 001e size : 0014 000030 sec_io_ace ace_list[01]: 0030 type : 00 0031 flags: 00 0034 access_mask: 000201fd 000038 smb_io_dom_sid trustee 0038 sid_rev_num: 01 0039 num_auths : 02 003a id_auth[0] : 00 003b id_auth[1] : 00 003c id_auth[2] : 00 003d id_auth[3] : 00 003e id_auth[4] : 00 003f id_auth[5] : 05 0040 sub_auths : 00000020 00000223 0032 size : 0018 000048 sec_io_ace ace_list[02]: 0048 type : 00 0049 flags: 00 004c access_mask: 000f01ff 000050 smb_io_dom_sid trustee 0050 sid_rev_num: 01 0051 num_auths : 02 0052 id_auth[0] : 00 0053 id_auth[1] : 00 0054 id_auth[2] : 00 0055 id_auth[3] : 00 0056 id_auth[4] : 00 0057 id_auth[5] : 05 0058 sub_auths : 00000020 00000225 004a size : 0018 000060 sec_io_ace ace_list[03]: 0060 type : 00 0061 flags: 00 0064 access_mask: 000f01ff 000068 smb_io_dom_sid trustee 0068 sid_rev_num: 01 0069 num_auths : 02 006a id_auth[0] : 00 006b id_auth[1] : 00 006c id_auth[2] : 00 006d id_auth[3] : 00 006e id_auth[4] : 00 006f id_auth[5] : 05 0070 sub_auths : 00000020 00000220 0062 size : 0018 0016 size : 0064 regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] regdb_close: decrementing refcount (2) regdb_close: decrementing refcount (1) regdb_close: decrementing refcount (0) update_c_setprinter: c_setprinter = 0 Returning valid cache entry: key = AD_SITENAME/DOMAIN/YSU.LOCAL, value = Default-First-Site-Name, timeout = Mon Jan 18 22:14:07 2038 sitename_fetch: Returning sitename for YSU.LOCAL: "Default-First-Site-Name" ads_find_dc: looking for realm 'YSU.LOCAL' get_sorted_dc_list: attempting lookup for name YSU.LOCAL (sitename Default-First-Site-Name) using [ads] Returning expired cache entry: key = SAF/DOMAIN/YSU.LOCAL, value = 150.134.10.25, timeout = Tue Jul 29 11:30:54 2008 saf_fetch: failed to find server for "YSU.LOCAL" domain get_dc_list: preferred server list: ", *" internal_resolve_name: looking up YSU.LOCAL#1c (sitename Default-First-Site-Name) Returning expired cache entry: key = NBT/YSU.LOCAL#1C, value = 150.134.10.25:389,150.134.10.26:389,150.134.10.31:389, timeout = Tue Jul 29 11:26:54 2008 no entry for YSU.LOCAL#1C found. resolve_ads: Attempting to resolve DC's for YSU.LOCAL using DNS ads_dns_lookup_srv: 3 records returned in the answer section. ads_dns_parse_rr_srv: Parsed ad02.ysu.local [0, 100, 389] ads_dns_parse_rr_srv: Parsed ad03.ysu.local [0, 100, 389] ads_dns_parse_rr_srv: Parsed ad01.ysu.local [0, 100, 389] remove_duplicate_addrs2: looking for duplicate address/port pairs namecache_store: storing 3 addresses for YSU.LOCAL#1c: 150.134.10.26:389,150.134.10.31:389,150.134.10.25:389 Adding cache entry with key = NBT/YSU.LOCAL#1C; value = 150.134.10.26:389,150.134.10.31:389,150.134.10.25:389 and timeout = Tue Jul 29 11:47:17 2008 (660 seconds ahead) internal_resolve_name: returning 3 addresses: 150.134.10.26:389 150.134.10.31:389 150.134.10.25:389 Adding 3 DC's from auto lookup remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 3 ip addresses in an ordered list get_dc_list: 150.134.10.26:389 150.134.10.31:389 150.134.10.25:389 ads_try_connect: sending CLDAP request to 150.134.10.26 (realm: YSU.LOCAL) sitename_store: realm = [YSU.LOCAL], sitename = [Default-First-Site-Name], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/YSU.LOCAL; value = Default-First-Site-Name and timeout = Mon Jan 18 22:14:07 2038 (930137870 seconds ahead) Connected to LDAP server 150.134.10.26 ads_closest_dc: ADS_CLOSEST flag set saf_store: domain = [YSU], server = [150.134.10.26], expire = [1217346677] Adding cache entry with key = SAF/DOMAIN/YSU; value = 150.134.10.26 and timeout = Tue Jul 29 11:51:17 2008 (900 seconds ahead) saf_store: domain = [YSU.LOCAL], server = [150.134.10.26], expire = [1217346677] Adding cache entry with key = SAF/DOMAIN/YSU.LOCAL; value = 150.134.10.26 and timeout = Tue Jul 29 11:51:17 2008 (900 seconds ahead) time offset is 0 seconds Found SASL mechanism GSS-SPNEGO ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 ads_sasl_spnego_bind: got server principal name = ad02$@YSU.LOCAL ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit kerberos_kinit_password: using [MEMORY:prtpub_cache] as ccache and config [(null)] ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache] expiration Tue, 29 Jul 2008 21:36:17 EDT ads_krb5_mk_req: Ticket (ad02$@YSU.LOCAL) in ccache (MEMORY:prtpub_cache) is valid until: (Tue, 29 Jul 2008 21:36:17 EDT - 1217381777) Got KRB5 session key of length 16 get_a_printer: [printers] level 2 get_a_printer_2_default: driver name set to [] pulling printers location connecting to cups server /var/run/cups/cups.sock:631 000000 sec_io_desc_buf nt_printing_getsec 0000 max_len: 000000c8 0004 ptr : 00000001 0008 len : 000000c8 00000c sec_io_desc sec 000c revision : 0001 000e type : 8004 0010 off_owner_sid: 000000a8 0014 off_grp_sid : 000000b8 0018 off_sacl : 00000000 001c off_dacl : 00000014 0000b4 smb_io_dom_sid owner_sid 00b4 sid_rev_num: 01 00b5 num_auths : 02 00b6 id_auth[0] : 00 00b7 id_auth[1] : 00 00b8 id_auth[2] : 00 00b9 id_auth[3] : 00 00ba id_auth[4] : 00 00bb id_auth[5] : 05 00bc sub_auths : 00000020 00000220 0000c4 smb_io_dom_sid group_sid 00c4 sid_rev_num: 01 00c5 num_auths : 02 00c6 id_auth[0] : 00 00c7 id_auth[1] : 00 00c8 id_auth[2] : 00 00c9 id_auth[3] : 00 00ca id_auth[4] : 00 00cb id_auth[5] : 05 00cc sub_auths : 00000020 00000220 000020 sec_io_acl dacl 0020 revision: 0002 0022 size : 0094 0024 num_aces : 00000005 000028 sec_io_ace ace_list[00]: 0028 type : 00 0029 flags: 02 002a size : 0014 002c access_mask: 20020008 000030 smb_io_dom_sid trustee 0030 sid_rev_num: 01 0031 num_auths : 01 0032 id_auth[0] : 00 0033 id_auth[1] : 00 0034 id_auth[2] : 00 0035 id_auth[3] : 00 0036 id_auth[4] : 00 0037 id_auth[5] : 01 0038 sub_auths : 00000000 00003c sec_io_ace ace_list[01]: 003c type : 00 003d flags: 09 003e size : 0024 0040 access_mask: 100f000c 000044 smb_io_dom_sid trustee 0044 sid_rev_num: 01 0045 num_auths : 05 0046 id_auth[0] : 00 0047 id_auth[1] : 00 0048 id_auth[2] : 00 0049 id_auth[3] : 00 004a id_auth[4] : 00 004b id_auth[5] : 05 004c sub_auths : 00000015 1694b259 a7fb8187 58e89093 000001f4 000060 sec_io_ace ace_list[02]: 0060 type : 00 0061 flags: 02 0062 size : 0024 0064 access_mask: 100f000c 000068 smb_io_dom_sid trustee 0068 sid_rev_num: 01 0069 num_auths : 05 006a id_auth[0] : 00 006b id_auth[1] : 00 006c id_auth[2] : 00 006d id_auth[3] : 00 006e id_auth[4] : 00 006f id_auth[5] : 05 0070 sub_auths : 00000015 1694b259 a7fb8187 58e89093 000001f4 000084 sec_io_ace ace_list[03]: 0084 type : 00 0085 flags: 09 0086 size : 0018 0088 access_mask: 100f000c 00008c smb_io_dom_sid trustee 008c sid_rev_num: 01 008d num_auths : 02 008e id_auth[0] : 00 008f id_auth[1] : 00 0090 id_auth[2] : 00 0091 id_auth[3] : 00 0092 id_auth[4] : 00 0093 id_auth[5] : 05 0094 sub_auths : 00000020 00000220 00009c sec_io_ace ace_list[04]: 009c type : 00 009d flags: 02 009e size : 0018 00a0 access_mask: 100f000c 0000a4 smb_io_dom_sid trustee 00a4 sid_rev_num: 01 00a5 num_auths : 02 00a6 id_auth[0] : 00 00a7 id_auth[1] : 00 00a8 id_auth[2] : 00 00a9 id_auth[3] : 00 00aa id_auth[4] : 00 00ab id_auth[5] : 05 00ac sub_auths : 00000020 00000220 secdesc_ctr for printers has 5 aces: S-1-1-0 0 2 0x20020008 S-1-5-21-378843737-2818277767-1491636371-500 0 9 0x100f000c S-1-5-21-378843737-2818277767-1491636371-500 0 2 0x100f000c S-1-5-32-544 0 9 0x100f000c S-1-5-32-544 0 2 0x100f000c push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_getsampwsid: Building guest account pdb_set_username: setting username nobody, was pdb_set_full_name: setting full name Nobody, was pdb_set_domain: setting domain STORAGETEST, was pdb_set_user_sid: setting user sid S-1-5-21-2175323533-1459150976-2085473786-501 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2175323533-1459150976-2085473786-501 from rid 501 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 Got nobody from pwnam_cache Got nobody from pwnam_cache sys_getgrouplist: user [nobody] gid 99 -> sid S-1-22-2-99 make_server_info_sam: made server info for user nobody -> nobody Create local NT token for S-1-5-21-2175323533-1459150976-2085473786-501 winbind failed to find a gid for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Trying to create builtin alias 544 Accepting SID S-1-5-32 in level 1 Sid S-1-5-32-544 -> BUILTIN\Administrators(4) pdb_create_builtin_alias: Could not get a gid out of winbind create_builtin_administrators: Failed to create Administrators create_local_nt_token: Failed to create BUILTIN\Administrators group! pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 winbind failed to find a gid for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Trying to create builtin alias 545 Accepting SID S-1-5-32 in level 1 Sid S-1-5-32-545 -> BUILTIN\Users(4) pdb_create_builtin_alias: Could not get a gid out of winbind create_builtin_users: Failed to create Users create_local_nt_token: Failed to create BUILTIN\Users group! pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_privileges: No privileges assigned to SID [S-1-5-21-2175323533-1459150976-2085473786-501] get_privileges: No privileges assigned to SID [S-1-22-2-99] get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-32-546] sid S-1-22-2-99 -> gid 99 winbind failed to find a gid for sid S-1-1-0 Could not convert SID S-1-1-0 to gid, ignoring it winbind failed to find a gid for sid S-1-5-2 Could not convert SID S-1-5-2 to gid, ignoring it winbind failed to find a gid for sid S-1-5-32-546 Could not convert SID S-1-5-32-546 to gid, ignoring it NT user token of user S-1-5-21-2175323533-1459150976-2085473786-501 contains 5 SIDs SID[ 0]: S-1-5-21-2175323533-1459150976-2085473786-501 SID[ 1]: S-1-22-2-99 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 claiming 0 bind succeeded on port 445 socket option SO_KEEPALIVE = 1 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 0 socket option TCP_KEEPCNT = 9 socket option TCP_KEEPIDLE = 7200 socket option TCP_KEEPINTVL = 75 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 87380 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 socket option SO_KEEPALIVE = 1 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 0 socket option TCP_KEEPCNT = 9 socket option TCP_KEEPIDLE = 7200 socket option TCP_KEEPINTVL = 75 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 87380 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 bind succeeded on port 139 socket option SO_KEEPALIVE = 1 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 0 socket option TCP_KEEPCNT = 9 socket option TCP_KEEPIDLE = 7200 socket option TCP_KEEPINTVL = 75 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 87380 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 socket option SO_KEEPALIVE = 1 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 0 socket option TCP_KEEPCNT = 9 socket option TCP_KEEPIDLE = 7200 socket option TCP_KEEPINTVL = 75 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 87380 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 waiting for a connection lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 29 11:15:52 2008 init_oplocks: initializing messages. Linux kernel oplocks enabled got smb length of 133 got message type 0x0 of len 0x85 Transaction 0 of length 137 size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [060] 32 00 2. switch message SMBnegprot (pid 28784) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Requested protocol [PC NETWORK PROGRAM 1.0] Requested protocol [LANMAN1.0] Requested protocol [Windows for Workgroups 3.1a] Requested protocol [LM1.2X002] Requested protocol [LANMAN2.1] Requested protocol [NT LM 0.12] set_remote_arch: Client arch is 'Win2K' lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 29 11:15:52 2008 claiming 0 lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 29 11:15:52 2008 name_to_fqdn: lookup for STORAGETEST -> test1.csis.ysu.edu. using SPNEGO Selected protocol NT LM 0.12 negprot index=5 size=178 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=28672 (0x7000) smb_vwv[ 8]= 112 (0x70) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=44409 (0xAD79) smb_vwv[13]=37084 (0x90DC) smb_vwv[14]=51441 (0xC8F1) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=109 [000] 73 74 6F 72 61 67 65 74 65 73 74 00 00 00 00 00 storaget est..... [010] 60 5B 06 06 2B 06 01 05 05 02 A0 51 30 4F A0 24 `[..+... ...Q0O.$ [020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* [030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... [040] 37 02 02 0A A3 27 30 25 A0 23 1B 21 63 69 66 73 7....'0% .#.!cifs [050] 2F 74 65 73 74 31 2E 63 73 69 73 2E 79 73 75 2E /test1.c sis.ysu. [060] 65 64 75 40 59 53 55 2E 4C 4F 43 41 4C edu@YSU. LOCAL got smb length of 236 got message type 0x0 of len 0xec Transaction 1 of length 240 size=236 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 236 (0xEC) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=177 [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 82 .(NTLMSS P....... [030] 08 A2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 05 01 28 0A 00 00 00 0F 00 57 00 69 00 6E ....(... ...W.i.n [050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [060] 00 32 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .2. .S.e .r.v.i.c [070] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 .e. .P.a .c.k. .3 [080] 00 20 00 32 00 36 00 30 00 30 00 00 00 57 00 69 . .2.6.0 .0...W.i [090] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [0A0] 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 00 00 .0.2. .5 ...1.... [0B0] 00 . switch message SMBsesssetupX (pid 28784) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] set_remote_arch: Client arch is 'WinXP' register_vuid: allocated vuid = 100 check_spnego_blob_complete: needed_len = 74, pblob->length = 74 parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 reply_spnego_negotiate: Got secblob of size 40 Making default auth method list for security=ADS Attempting to register auth backend sam Successfully added auth method 'sam' Attempting to register auth backend sam_ignoredomain Successfully added auth method 'sam_ignoredomain' Attempting to register auth backend unix Successfully added auth method 'unix' Attempting to register auth backend winbind Successfully added auth method 'winbind' Attempting to register auth backend smbserver Successfully added auth method 'smbserver' Attempting to register auth backend trustdomain Successfully added auth method 'trustdomain' Attempting to register auth backend ntdomain Successfully added auth method 'ntdomain' Attempting to register auth backend guest Successfully added auth method 'guest' load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init load_auth_module: Attempting to find an auth method to match winbind:ntdomain load_auth_module: Attempting to find an auth method to match ntdomain load_auth_module: auth method ntdomain has a valid init load_auth_module: auth method winbind has a valid init Got NTLMSSP neg_flags=0xa2088207 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_56 auth_get_challenge: module guest did not want to specify a challenge auth_get_challenge: module sam did not want to specify a challenge auth_get_challenge: module winbind did not want to specify a challenge auth_context challenge created by random challenge is: [000] E2 67 49 76 AE AA 44 8F .gIv..D. size=288 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=64 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 193 (0xC1) smb_bcc=245 [000] A1 81 BE 30 81 BB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 A5 04 81 A2 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 30 TLMSSP.. .......0 [030] 00 00 00 05 82 89 A2 E2 67 49 76 AE AA 44 8F 00 ........ gIv..D.. [040] 00 00 00 00 00 00 00 6C 00 6C 00 36 00 00 00 59 .......l .l.6...Y [050] 00 53 00 55 00 02 00 06 00 59 00 53 00 55 00 01 .S.U.... .Y.S.U.. [060] 00 16 00 53 00 54 00 4F 00 52 00 41 00 47 00 45 ...S.T.O .R.A.G.E [070] 00 54 00 45 00 53 00 54 00 04 00 18 00 63 00 73 .T.E.S.T .....c.s [080] 00 69 00 73 00 2E 00 79 00 73 00 75 00 2E 00 65 .i.s...y .s.u...e [090] 00 64 00 75 00 03 00 24 00 74 00 65 00 73 00 74 .d.u...$ .t.e.s.t [0A0] 00 31 00 2E 00 63 00 73 00 69 00 73 00 2E 00 79 .1...c.s .i.s...y [0B0] 00 73 00 75 00 2E 00 65 00 64 00 75 00 00 00 00 .s.u...e .d.u.... [0C0] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [0D0] 00 62 00 61 00 20 00 33 00 2E 00 30 00 2E 00 33 .b.a. .3 ...0...3 [0E0] 00 31 00 2D 00 31 00 2E 00 31 00 00 00 59 00 53 .1.-.1.. .1...Y.S [0F0] 00 55 00 00 00 .U... got smb length of 330 got message type 0x0 of len 0x14a Transaction 2 of length 334 size=330 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 330 (0x14A) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 168 (0xA8) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=271 [000] A1 81 A5 30 81 A2 A2 81 9F 04 81 9C 4E 54 4C 4D ...0.... ....NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 6C 00 00 00 SSP..... ....l... [020] 18 00 18 00 84 00 00 00 06 00 06 00 48 00 00 00 ........ ....H... [030] 12 00 12 00 4E 00 00 00 0C 00 0C 00 60 00 00 00 ....N... ....`... [040] 00 00 00 00 9C 00 00 00 05 82 88 A2 05 01 28 0A ........ ......(. [050] 00 00 00 0F 59 00 53 00 55 00 62 00 68 00 6E 00 ....Y.S. U.b.h.n. [060] 65 00 6C 00 73 00 6F 00 6E 00 61 00 50 00 49 00 e.l.s.o. n.a.P.I. [070] 43 00 41 00 52 00 44 00 98 10 18 D8 8C DA D7 A1 C.A.R.D. ........ [080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [090] 9E 1F 16 BC 30 35 27 97 9D E5 B6 80 09 92 BB 53 ....05'. .......S [0A0] 4A 7E B2 A7 72 43 EC D5 00 57 00 69 00 6E 00 64 J~..rC.. .W.i.n.d [0B0] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 32 .o.w.s. .2.0.0.2 [0C0] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e [0D0] 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 20 . .P.a.c .k. .3. [0E0] 00 32 00 36 00 30 00 30 00 00 00 57 00 69 00 6E .2.6.0.0 ...W.i.n [0F0] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [100] 00 32 00 20 00 35 00 2E 00 31 00 00 00 00 00 .2. .5.. .1..... switch message SMBsesssetupX (pid 28784) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] check_spnego_blob_complete: needed_len = 168, pblob->length = 168 Got user=[bhnelsona] domain=[YSU] workstation=[PICARD] len1=24 len2=24 auth_context challenge set by NTLMSSP callback (NTLM2) challenge is: [000] 01 B0 0F 3E E6 A9 DE 5E ...>...^ lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 29 11:15:52 2008 make_user_info_map: Mapping user [YSU]\[bhnelsona] from workstation [PICARD] attempting to make a user_info for bhnelsona (bhnelsona) making strings for bhnelsona's user_info struct making blobs for bhnelsona's user_info struct made an encrypted user_info for bhnelsona (bhnelsona) check_ntlm_password: Checking password for unmapped user [YSU]\[bhnelsona]@[PICARD] with the new password interface check_ntlm_password: mapped user is: [YSU]\[bhnelsona]@[PICARD] check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) challenge is: [000] 01 B0 0F 3E E6 A9 DE 5E ...>...^ check_ntlm_password: guest had nothing to say is_myname("YSU") returns 0 check_samstrict_security: YSU is not one of my local names (ROLE_DOMAIN_MEMBER) check_ntlm_password: sam had nothing to say push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 000000 net_io_user_info3 0000 ptr_user_info : 00020004 000004 smb_io_time logon time 0004 low : bcf12692 0008 high: 01c8f18e 00000c smb_io_time logoff time 000c low : ffffffff 0010 high: 7fffffff 000014 smb_io_time kickoff time 0014 low : ffffffff 0018 high: 7fffffff 00001c smb_io_time last set time 001c low : ac21603e 0020 high: 01c723bb 000024 smb_io_time can change time 0024 low : ac21603e 0028 high: 01c723bb 00002c smb_io_time must change time 002c low : ffffffff 0030 high: 7fffffff 000034 smb_io_unihdr hdr_user_name 0034 uni_str_len: 0012 0036 uni_max_len: 0014 0038 buffer : 00020008 00003c smb_io_unihdr hdr_full_name 003c uni_str_len: 0000 003e uni_max_len: 0000 0040 buffer : 00000000 000044 smb_io_unihdr hdr_logon_script 0044 uni_str_len: 0000 0046 uni_max_len: 0000 0048 buffer : 00000000 00004c smb_io_unihdr hdr_profile_path 004c uni_str_len: 0000 004e uni_max_len: 0000 0050 buffer : 00000000 000054 smb_io_unihdr hdr_home_dir 0054 uni_str_len: 0000 0056 uni_max_len: 0000 0058 buffer : 00000000 00005c smb_io_unihdr hdr_dir_drive 005c uni_str_len: 0000 005e uni_max_len: 0000 0060 buffer : 00000000 0064 logon_count : 008b 0066 bad_pw_count : 0000 0068 user_rid : 00021762 006c group_rid : 00000200 0070 num_groups : 00000003 0074 buffer_groups : 0002000c 0078 user_flgs : 00000120 dump_user_flgs account has LOGON_EXTRA_SIDS account has LOGON_NTLMV2_ENABLED 007c user_sess_key: 6b 8e b2 e5 78 0a 80 c2 55 77 ef 4a 0d 0f 92 b6 00008c smb_io_unihdr hdr_logon_srv 008c uni_str_len: 0008 008e uni_max_len: 000a 0090 buffer : 00020010 000094 smb_io_unihdr hdr_logon_dom 0094 uni_str_len: 0006 0096 uni_max_len: 0008 0098 buffer : 00020014 009c buffer_dom_id : 00020018 00a0 lm_sess_key: 87 39 9b 81 0f 24 14 9f 00a8 acct_flags : 00000210 dump_acct_flags account has ACB_NORMAL account has ACB_PWNOEXP 00ac unkown: 00000000 00b0 unkown: 00000000 00b4 unkown: 00000000 00b8 unkown: 00000000 00bc unkown: 00000000 00c0 unkown: 00000000 00c4 unkown: 00000000 00c8 num_other_sids: 00000000 00cc buffer_other_sids: 00000000 0000d0 smb_io_unistr2 uni_user_name 00d0 uni_max_len: 0000000a 00d4 offset : 00000000 00d8 uni_str_len: 00000009 00dc buffer : b.h.n.e.l.s.o.n.a. 0000ee smb_io_unistr2 - NULL uni_full_name 0000ee smb_io_unistr2 - NULL uni_logon_script 0000ee smb_io_unistr2 - NULL uni_profile_path 0000ee smb_io_unistr2 - NULL uni_home_dir 0000ee smb_io_unistr2 - NULL uni_dir_drive 00f0 num_groups2 : 00000003 0000f4 smb_io_gid 00f4 g_rid: 00000200 00f8 attr : 00000007 0000fc smb_io_gid 00fc g_rid: 00000201 0100 attr : 00000007 000104 smb_io_gid 0104 g_rid: 00000207 0108 attr : 00000007 00010c smb_io_unistr2 uni_logon_srv 010c uni_max_len: 00000005 0110 offset : 00000000 0114 uni_str_len: 00000004 0118 buffer : A.D.0.2. 000120 smb_io_unistr2 uni_logon_dom 0120 uni_max_len: 00000004 0124 offset : 00000000 0128 uni_str_len: 00000003 012c buffer : Y.S.U. 000132 smb_io_dom_sid2 0134 num_auths: 00000004 000138 smb_io_dom_sid sid 0138 sid_rev_num: 01 0139 num_auths : 04 013a id_auth[0] : 00 013b id_auth[1] : 00 013c id_auth[2] : 00 013d id_auth[3] : 00 013e id_auth[4] : 00 013f id_auth[5] : 05 0140 sub_auths : 00000015 1694b259 a7fb8187 58e89093 Finding user YSU\bhnelsona Trying _Get_Pwnam(), username as lowercase is ysu\bhnelsona Trying _Get_Pwnam(), username as given is YSU\bhnelsona Trying _Get_Pwnam(), username as uppercase is YSU\BHNELSONA Checking combinations of 0 uppercase letters in ysu\bhnelsona Get_Pwnam_internals didn't find user [YSU\bhnelsona]! Finding user bhnelsona Trying _Get_Pwnam(), username as lowercase is bhnelsona Get_Pwnam_internals did find user [bhnelsona]! fill_sam_account: located username was [bhnelsona] pdb_set_username: setting username bhnelsona, was pdb_set_full_name: setting full name , was pdb_set_domain: setting domain STORAGETEST, was Home server: storagetest pdb_set_profile_path: setting profile path \\storagetest\bhnelsona\profile, was Home server: storagetest pdb_set_homedir: setting home dir \\storagetest\bhnelsona, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was pdb_set_user_sid: setting user sid S-1-5-21-2175323533-1459150976-2085473786-161000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2175323533-1459150976-2085473786-161000 from rid 161000 pdb_set_nt_username: setting nt username bhnelsona, was pdb_set_username: setting username bhnelsona, was bhnelsona pdb_set_domain: setting domain YSU, was STORAGETEST pdb_set_user_sid: setting user sid S-1-5-21-378843737-2818277767-1491636371-137058 winbind failed to find a gid for sid S-1-5-21-378843737-2818277767-1491636371-512 pdb_set_group_sid: setting group sid S-1-5-21-2175323533-1459150976-2085473786-513 pdb_set_full_name: setting full name , was pdb_set_logon_script: setting logon script , was pdb_set_profile_path: setting profile path , was \\storagetest\bhnelsona\profile pdb_set_homedir: setting home dir , was \\storagetest\bhnelsona pdb_set_dir_drive: setting dir drive , was check_ntlm_password: winbind authentication for user [bhnelsona] succeeded push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: PAM Account for user [bhnelsona] succeeded check_ntlm_password: authentication for user [bhnelsona] -> [bhnelsona] -> [bhnelsona] succeeded attempting to free (and zero) a user_info structure structure was created for bhnelsona Create local NT token for S-1-5-21-378843737-2818277767-1491636371-137058 winbind failed to find a gid for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Trying to create builtin alias 544 Accepting SID S-1-5-32 in level 1 Sid S-1-5-32-544 -> BUILTIN\Administrators(4) pdb_create_builtin_alias: Could not get a gid out of winbind create_builtin_administrators: Failed to create Administrators create_local_nt_token: Failed to create BUILTIN\Administrators group! pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 winbind failed to find a gid for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Trying to create builtin alias 545 Accepting SID S-1-5-32 in level 1 Sid S-1-5-32-545 -> BUILTIN\Users(4) pdb_create_builtin_alias: Could not get a gid out of winbind create_builtin_users: Failed to create Users create_local_nt_token: Failed to create BUILTIN\Users group! pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_privileges: No privileges assigned to SID [S-1-5-21-378843737-2818277767-1491636371-137058] get_privileges: No privileges assigned to SID [S-1-5-21-378843737-2818277767-1491636371-512] get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-11] get_privileges: No privileges assigned to SID [S-1-5-21-378843737-2818277767-1491636371-513] get_privileges: No privileges assigned to SID [S-1-5-21-378843737-2818277767-1491636371-519] winbind failed to find a gid for sid S-1-5-21-378843737-2818277767-1491636371-512 Could not convert SID S-1-5-21-378843737-2818277767-1491636371-512 to gid, ignoring it winbind failed to find a gid for sid S-1-1-0 Could not convert SID S-1-1-0 to gid, ignoring it winbind failed to find a gid for sid S-1-5-2 Could not convert SID S-1-5-2 to gid, ignoring it winbind failed to find a gid for sid S-1-5-11 Could not convert SID S-1-5-11 to gid, ignoring it winbind failed to find a gid for sid S-1-5-21-378843737-2818277767-1491636371-513 Could not convert SID S-1-5-21-378843737-2818277767-1491636371-513 to gid, ignoring it winbind failed to find a gid for sid S-1-5-21-378843737-2818277767-1491636371-519 Could not convert SID S-1-5-21-378843737-2818277767-1491636371-519 to gid, ignoring it NT user token of user S-1-5-21-378843737-2818277767-1491636371-137058 contains 7 SIDs SID[ 0]: S-1-5-21-378843737-2818277767-1491636371-137058 SID[ 1]: S-1-5-21-378843737-2818277767-1491636371-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-378843737-2818277767-1491636371-513 SID[ 6]: S-1-5-21-378843737-2818277767-1491636371-519 SE_PRIV 0x0 0x0 0x0 0x0 Got NT session key of length 16 Got LM session key of length 8 ntlmssp_server_auth: Created NTLM2 session key. NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0xa2088205 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_56 register_vuid: allocated vuid = 101 Got bhnelsona from pwnam_cache register_vuid: (80000,80000) bhnelsona bhnelsona YSU guest=0 User name: bhnelsona Real name: UNIX uid 80000 is UNIX user bhnelsona, and will be vuid 101 lp_servicenumber: couldn't find bhnelsona Adding homes service for user 'bhnelsona' using home directory: '/home/bhnelsona' add_a_service: Creating snum = 9 for bhnelsona hash_a_service: hashing index 9 for service name bhnelsona adding home's share [bhnelsona] for user 'bhnelsona' at '/home/bhnelsona' lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 29 11:15:52 2008 size=104 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=61 [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 30 00 2E 00 33 00 31 00 2D 00 31 00 2E ...0...3 .1.-.1.. [030] 00 31 00 00 00 59 00 53 00 55 00 00 00 .1...Y.S .U... got smb length of 88 got message type 0x0 of len 0x58 Transaction 3 of length 92 size=88 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=45 [000] 00 5C 00 5C 00 53 00 54 00 4F 00 52 00 41 00 47 .\.\.S.T .O.R.A.G [010] 00 45 00 54 00 45 00 53 00 54 00 5C 00 49 00 50 .E.T.E.S .T.\.I.P [020] 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .C.$...? ????. switch message SMBtconX (pid 28784) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [IPC$] making a connection to 'normal' service ipc$ user_ok_token: share IPC$ is ok for unix user bhnelsona Finding user bhnelsona Trying _Get_Pwnam(), username as lowercase is bhnelsona Got bhnelsona from pwnam_cache Get_Pwnam_internals did find user [bhnelsona]! set_conn_connectpath: service IPC$, connectpath = /tmp Connect path is '/tmp' for service [IPC$] get_share_security: using default secdesc for IPC$ se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000002, for NT token with 7 entries and first sid S-1-5-21-378843737-2818277767-1491636371-137058. se_access_check: user sid is S-1-5-21-378843737-2818277767-1491636371-137058 se_access_check: also S-1-5-21-378843737-2818277767-1491636371-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-378843737-2818277767-1491636371-513 se_access_check: also S-1-5-21-378843737-2818277767-1491636371-519 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 se_access_check: access (2) granted. Initialising default vfs hooks Successfully added vfs backend '/[Default VFS]/' Successfully added vfs backend 'posixacl' Initialising custom vfs hooks from [/[Default VFS]/] Successfully loaded vfs module [/[Default VFS]/] with the new modules system Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ claiming IPC$ 0 user_ok_token: share IPC$ is ok for unix user bhnelsona is_share_read_only_for_user: share IPC$ is read-only for unix user bhnelsona get_share_security: using default secdesc for IPC$ se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_access_check: requested access 0x00000001, for NT token with 7 entries and first sid S-1-5-21-378843737-2818277767-1491636371-137058. se_access_check: user sid is S-1-5-21-378843737-2818277767-1491636371-137058 se_access_check: also S-1-5-21-378843737-2818277767-1491636371-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-378843737-2818277767-1491636371-513 se_access_check: also S-1-5-21-378843737-2818277767-1491636371-519 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 se_access_check: access (1) granted. setting sec ctx (80000, 80000) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-378843737-2818277767-1491636371-137058 contains 7 SIDs SID[ 0]: S-1-5-21-378843737-2818277767-1491636371-137058 SID[ 1]: S-1-5-21-378843737-2818277767-1491636371-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-378843737-2818277767-1491636371-513 SID[ 6]: S-1-5-21-378843737-2818277767-1491636371-519 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 80000 Primary group is 80000 and contains 0 supplementary groups change_to_user uid=(80000,80000) gid=(0,80000) picard (150.134.20.21) connect to service IPC$ initially as user bhnelsona (uid=80000, gid=80000) (pid 28784) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) tconX service=IPC$ size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=192 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [000] 49 50 43 00 00 00 00 IPC.... got smb length of 100 got message type 0x0 of len 0x64 Transaction 4 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . switch message SMBntcreateX (pid 28784) conn 0x8aabc68 setting sec ctx (80000, 80000) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-378843737-2818277767-1491636371-137058 contains 7 SIDs SID[ 0]: S-1-5-21-378843737-2818277767-1491636371-137058 SID[ 1]: S-1-5-21-378843737-2818277767-1491636371-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-378843737-2818277767-1491636371-513 SID[ 6]: S-1-5-21-378843737-2818277767-1491636371-519 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 80000 Primary group is 80000 and contains 0 supplementary groups change_to_user uid=(80000,80000) gid=(0,80000) vfs_ChDir to /tmp reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \srvsvc. nt_open_pipe: Known pipe srvsvc opening. Open pipe requested srvsvc (pipes_open=0) Create pipe requested srvsvc init_pipe_handles: created handle list for pipe srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc Created internal pipe srvsvc (pipes_open=0) Opened pipe srvsvc with handle 708a (pipes_open=1) open pipes: name srvsvc pnum=708a do_ntcreate_pipe_open: open pipe = \srvsvc size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=256 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=35328 (0x8A00) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 got smb length of 136 got message type 0x0 of len 0x88 Transaction 5 of length 140 size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28810 (0x708A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBwriteX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708a pipe name srvsvc pnum=708a (pipes_open=1) write_to_pipe: 708a name: srvsvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1523 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 1576 check_bind_req for \PIPE\srvsvc checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\ntsvcs. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 writeX-IPC pnum=708a nwritten=72 size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=320 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 got smb length of 59 got message type 0x0 of len 0x3b Transaction 6 of length 63 size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28810 (0x708A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 switch message SMBreadX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708a pipe name srvsvc pnum=708a (pipes_open=1) read_from_pipe: 708a name: srvsvc len: 1024 read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. readX-IPC pnum=708a min=1024 max=1024 nread=68 size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 00 ntsvcs.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... got smb length of 152 got message type 0x0 of len 0x98 Transaction 7 of length 156 size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=448 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28810 (0x708A) smb_bcc=85 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [020] 00 2C 00 00 00 00 00 15 00 00 00 02 00 0C 00 00 .,...... ........ [030] 00 00 00 00 00 0C 00 00 00 73 00 74 00 6F 00 72 ........ .s.t.o.r [040] 00 61 00 67 00 65 00 74 00 65 00 73 00 74 00 00 .a.g.e.t .e.s.t.. [050] 00 65 00 00 00 .e... switch message SMBtrans (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user trans <\PIPE\> data=68 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=708a pipe name srvsvc pnum=708a (pipes_open=1) Got API command 0x26 on pipe "srvsvc" (pnum 708a) api_fd_reply: p:0x82c5af8 max_trans_reply: 1024 write_to_pipe: 708a name: srvsvc open: Yes len: 68 write_to_pipe: data_left = 68 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 52 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 52 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 52, incoming data = 52 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000002c 0004 context_id: 0000 0006 opnum : 0015 free_pipe_context: destroying talloc pool of size 70 Requested \PIPE\srvsvc api_rpcTNP: srvsvc op 0x15 - api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO api_rpc_cmds[11].fn == 0x8688d0 000000 srv_io_q_net_srv_get_info 0000 ptr_srv_name : 00020000 000004 smb_io_unistr2 0004 uni_max_len: 0000000c 0008 offset : 00000000 000c uni_str_len: 0000000c 0010 buffer : s.t.o.r.a.g.e.t.e.s.t... 0028 switch_value : 00000065 srv_net_srv_get_info: 1184 init_srv_info_101 init_srv_r_net_srv_get_info srv_net_srv_get_info: 1229 000000 srv_io_r_net_srv_get_info 000000 srv_io_info_ctr ctr 0000 switch_value: 00000065 0004 ptr_srv_ctr : 00000001 000008 srv_io_info_101 sv101 0008 platform_id : 000001f4 000c ptr_name : 00000001 0010 ver_major : 00000005 0014 ver_minor : 00000000 0018 srv_type : 00809b03 001c ptr_comment : 00000001 000020 smb_io_unistr2 uni_name 0020 uni_max_len: 0000000c 0024 offset : 00000000 0028 uni_str_len: 0000000c 002c buffer : S.T.O.R.A.G.E.T.E.S.T... 000044 smb_io_unistr2 uni_comment 0044 uni_max_len: 0000001e 0048 offset : 00000000 004c uni_str_len: 0000001e 0050 buffer : C.a.m.p.u.s. .S.t.o.r.a.g.e. .S.e.r.v.e.r. .P.r.o.j.e.c.t... 008c status: WERR_OK api_rpcTNP: called srvsvc successfully free_pipe_context: destroying talloc pool of size 216 write_to_pipe: data_used = 52 read_from_pipe: 708a name: srvsvc len: 1024 read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 144. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a8 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000090 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..168] size=224 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=448 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 168 (0xA8) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=169 [000] 00 05 00 02 03 10 00 00 00 A8 00 00 00 01 00 00 ........ ........ [010] 00 90 00 00 00 00 00 00 00 65 00 00 00 01 00 00 ........ .e...... [020] 00 F4 01 00 00 01 00 00 00 05 00 00 00 00 00 00 ........ ........ [030] 00 03 9B 80 00 01 00 00 00 0C 00 00 00 00 00 00 ........ ........ [040] 00 0C 00 00 00 53 00 54 00 4F 00 52 00 41 00 47 .....S.T .O.R.A.G [050] 00 45 00 54 00 45 00 53 00 54 00 00 00 1E 00 00 .E.T.E.S .T...... [060] 00 00 00 00 00 1E 00 00 00 43 00 61 00 6D 00 70 ........ .C.a.m.p [070] 00 75 00 73 00 20 00 53 00 74 00 6F 00 72 00 61 .u.s. .S .t.o.r.a [080] 00 67 00 65 00 20 00 53 00 65 00 72 00 76 00 65 .g.e. .S .e.r.v.e [090] 00 72 00 20 00 50 00 72 00 6F 00 6A 00 65 00 63 .r. .P.r .o.j.e.c [0A0] 00 74 00 00 00 00 00 00 00 .t...... . got smb length of 41 got message type 0x0 of len 0x29 Transaction 8 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=512 smt_wct=3 smb_vwv[ 0]=28810 (0x708A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708a pipe name srvsvc pnum=708a (pipes_open=1) reply_pipe_close: pnum:708a close_policy_by_pipe: deleted handle list for pipe srvsvc closed pipe name srvsvc pnum=708a (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=512 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 9 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=576 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [010] 00 . switch message SMBntcreateX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \wkssvc. nt_open_pipe: Known pipe wkssvc opening. Open pipe requested wkssvc (pipes_open=0) Create pipe requested wkssvc init_pipe_handles: created handle list for pipe wkssvc init_pipe_handles: pipe_handles ref count = 1 for pipe wkssvc Created internal pipe wkssvc (pipes_open=0) Opened pipe wkssvc with handle 708b (pipes_open=1) open pipes: name wkssvc pnum=708b do_ntcreate_pipe_open: open pipe = \wkssvc size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=576 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=35584 (0x8B00) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 got smb length of 136 got message type 0x0 of len 0x88 Transaction 10 of length 140 size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=640 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28811 (0x708B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [030] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBwriteX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708b pipe name wkssvc pnum=708b (pipes_open=1) write_to_pipe: 708b name: wkssvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1523 api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 6bffd098 0014 data : a112 0016 data : 3610 0018 data : 98 33 001a data : 46 c3 f8 7e 34 5a 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 1576 check_bind_req for \PIPE\wkssvc checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc checking \PIPE\wkssvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\wkssvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 writeX-IPC pnum=708b nwritten=72 size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=640 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 got smb length of 59 got message type 0x0 of len 0x3b Transaction 11 of length 63 size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=704 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28811 (0x708B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 switch message SMBreadX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708b pipe name wkssvc pnum=708b (pipes_open=1) read_from_pipe: 708b name: wkssvc len: 1024 read_from_pipe: wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. readX-IPC pnum=708b min=1024 max=1024 nread=68 size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=704 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 00 wkssvc.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... got smb length of 152 got message type 0x0 of len 0x98 Transaction 12 of length 156 size=152 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=768 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28811 (0x708B) smb_bcc=85 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [020] 00 2C 00 00 00 00 00 00 00 00 00 02 00 0C 00 00 .,...... ........ [030] 00 00 00 00 00 0C 00 00 00 73 00 74 00 6F 00 72 ........ .s.t.o.r [040] 00 61 00 67 00 65 00 74 00 65 00 73 00 74 00 00 .a.g.e.t .e.s.t.. [050] 00 64 00 00 00 .d... switch message SMBtrans (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user trans <\PIPE\> data=68 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=708b pipe name wkssvc pnum=708b (pipes_open=1) Got API command 0x26 on pipe "wkssvc" (pnum 708b) api_fd_reply: p:0x82c5af8 max_trans_reply: 1024 write_to_pipe: 708b name: wkssvc open: Yes len: 68 write_to_pipe: data_left = 68 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 52 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 52 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 52, incoming data = 52 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000002c 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 70 Requested \PIPE\wkssvc api_rpcTNP: wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO api_rpc_cmds[0].fn == 0x85ad20 wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo in: struct wkssvc_NetWkstaGetInfo server_name : * server_name : 'storagetest' level : 0x00000064 (100) wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo out: struct wkssvc_NetWkstaGetInfo info : * info : union wkssvc_NetWkstaInfo(case 100) info100 : * info100: struct wkssvc_NetWkstaInfo100 platform_id : 0x01f4 (500) server_name : * server_name : 'STORAGETEST' domain_name : * domain_name : 'YSU' version_major : 0x00000005 (5) version_minor : 0x00000000 (0) result : WERR_OK api_rpcTNP: called wkssvc successfully free_pipe_context: destroying talloc pool of size 36 write_to_pipe: data_used = 52 read_from_pipe: 708b name: wkssvc len: 1024 read_from_pipe: wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 88. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0070 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000058 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..112] size=168 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=768 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 112 (0x70) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 112 (0x70) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=113 [000] 00 05 00 02 03 10 00 00 00 70 00 00 00 01 00 00 ........ .p...... [010] 00 58 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .X...... .d...... [020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 05 00 00 ........ ........ [030] 00 00 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 ........ ........ [040] 00 53 00 54 00 4F 00 52 00 41 00 47 00 45 00 54 .S.T.O.R .A.G.E.T [050] 00 45 00 53 00 54 00 00 00 04 00 00 00 00 00 00 .E.S.T.. ........ [060] 00 04 00 00 00 59 00 53 00 55 00 00 00 00 00 00 .....Y.S .U...... [070] 00 . got smb length of 41 got message type 0x0 of len 0x29 Transaction 13 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=832 smt_wct=3 smb_vwv[ 0]=28811 (0x708B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708b pipe name wkssvc pnum=708b (pipes_open=1) reply_pipe_close: pnum:708b close_policy_by_pipe: deleted handle list for pipe wkssvc closed pipe name wkssvc pnum=708b (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=832 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 14 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=896 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . switch message SMBntcreateX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \lsarpc. nt_open_pipe: Known pipe lsarpc opening. Open pipe requested lsarpc (pipes_open=0) Create pipe requested lsarpc init_pipe_handles: created handle list for pipe lsarpc init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc Created internal pipe lsarpc (pipes_open=0) Opened pipe lsarpc with handle 708c (pipes_open=1) open pipes: name lsarpc pnum=708c do_ntcreate_pipe_open: open pipe = \lsarpc size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=896 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=35840 (0x8C00) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 got smb length of 136 got message type 0x0 of len 0x88 Transaction 15 of length 140 size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=960 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28812 (0x708C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E .j(.9... .....O.. [030] F5 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBwriteX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708c pipe name lsarpc pnum=708c (pipes_open=1) write_to_pipe: 708c name: lsarpc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1523 api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 3919286a 0014 data : b10c 0016 data : 11d0 0018 data : 9b a8 001a data : 00 c0 4f d9 2e f5 0020 version: 00000000 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 1576 check_bind_req for \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\lsarpc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000c 000a str: \PIPE\lsass. 000016 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 writeX-IPC pnum=708c nwritten=72 size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=960 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 got smb length of 59 got message type 0x0 of len 0x3b Transaction 16 of length 63 size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1024 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28812 (0x708C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 switch message SMBreadX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708c pipe name lsarpc pnum=708c (pipes_open=1) read_from_pipe: 708c name: lsarpc len: 1024 read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. readX-IPC pnum=708c min=1024 max=1024 nread=68 size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1024 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0C 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 73 73 00 00 00 01 00 00 00 00 00 00 00 lsass... ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... got smb length of 110 got message type 0x0 of len 0x6e Transaction 17 of length 114 size=110 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1088 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28812 (0x708C) smb_bcc=43 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 1A 00 00 00 01 00 00 ........ ........ [020] 00 02 00 00 00 00 00 00 00 01 00 ........ ... switch message SMBtrans (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user trans <\PIPE\> data=26 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=708c pipe name lsarpc pnum=708c (pipes_open=1) Got API command 0x26 on pipe "lsarpc" (pnum 708c) api_fd_reply: p:0x82c5af8 max_trans_reply: 1024 write_to_pipe: 708c name: lsarpc open: Yes len: 26 write_to_pipe: data_left = 26 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 10 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 001a 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 10 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000002 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 70 Requested \PIPE\lsarpc api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: DS_GETPRIMDOMINFO api_rpc_cmds[1].fn == 0x857180 000000 ds_io_q_getprimdominfo 0000 level: 0001 fill_dsrole_dominfo_basic: enter 000000 ds_io_r_getprimdominfo 0000 ptr: 00000001 0004 level: 0001 0006 unknown0: 0000 0008 machine_role: 0003 000c flags: 00000000 0010 netbios_ptr: 00000001 0014 dnsname_ptr: 00000001 0018 forestname_ptr: 00000001 00001c smb_io_uuid domain_guid 001c data : 00000000 0020 data : 0000 0022 data : 0000 0024 data : 00 00 0026 data : 00 00 00 00 00 00 00002c smb_io_unistr2 netbios_domain 002c uni_max_len: 00000004 0030 offset : 00000000 0034 uni_str_len: 00000004 0038 buffer : Y.S.U... 000040 smb_io_unistr2 dns_domain 0040 uni_max_len: 0000000a 0044 offset : 00000000 0048 uni_str_len: 0000000a 004c buffer : y.s.u...l.o.c.a.l... 000060 smb_io_unistr2 forest_domain 0060 uni_max_len: 0000000a 0064 offset : 00000000 0068 uni_str_len: 0000000a 006c buffer : y.s.u...l.o.c.a.l... 0080 status: NT_STATUS_OK api_rpcTNP: called lsarpc successfully free_pipe_context: destroying talloc pool of size 132 write_to_pipe: data_used = 10 read_from_pipe: 708c name: lsarpc len: 1024 read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 132. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 009c 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000084 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..156] size=212 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1088 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 156 (0x9C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 156 (0x9C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=157 [000] 00 05 00 02 03 10 00 00 00 9C 00 00 00 01 00 00 ........ ........ [010] 00 84 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ [020] 00 03 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ [030] 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 00 00 04 00 00 00 00 00 00 00 04 00 00 ........ ........ [050] 00 59 00 53 00 55 00 00 00 0A 00 00 00 00 00 00 .Y.S.U.. ........ [060] 00 0A 00 00 00 79 00 73 00 75 00 2E 00 6C 00 6F .....y.s .u...l.o [070] 00 63 00 61 00 6C 00 00 00 0A 00 00 00 00 00 00 .c.a.l.. ........ [080] 00 0A 00 00 00 79 00 73 00 75 00 2E 00 6C 00 6F .....y.s .u...l.o [090] 00 63 00 61 00 6C 00 00 00 00 00 00 00 .c.a.l.. ..... got smb length of 41 got message type 0x0 of len 0x29 Transaction 18 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1152 smt_wct=3 smb_vwv[ 0]=28812 (0x708C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708c pipe name lsarpc pnum=708c (pipes_open=1) reply_pipe_close: pnum:708c close_policy_by_pipe: deleted handle list for pipe lsarpc closed pipe name lsarpc pnum=708c (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1152 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 19 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1216 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [000] 00 5C 00 6E 00 65 00 74 00 64 00 66 00 73 00 00 .\.n.e.t .d.f.s.. [010] 00 . switch message SMBntcreateX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \netdfs. nt_open_pipe: Known pipe netdfs opening. Open pipe requested netdfs (pipes_open=0) Create pipe requested netdfs init_pipe_handles: created handle list for pipe netdfs init_pipe_handles: pipe_handles ref count = 1 for pipe netdfs Created internal pipe netdfs (pipes_open=0) Opened pipe netdfs with handle 708d (pipes_open=1) open pipes: name netdfs pnum=708d do_ntcreate_pipe_open: open pipe = \netdfs size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1216 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=36096 (0x8D00) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 got smb length of 136 got message type 0x0 of len 0x88 Transaction 20 of length 140 size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1280 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28813 (0x708D) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 E0 42 C7 4F 10 4A CF 11 82 73 00 AA 00 4A E6 ..B.O.J. ..s...J. [030] 73 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 s.....]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBwriteX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708d pipe name netdfs pnum=708d (pipes_open=1) write_to_pipe: 708d name: netdfs open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1523 api_pipe_bind_req: \PIPE\netdfs -> \PIPE\netdfs 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4fc742e0 0014 data : 4a10 0016 data : 11cf 0018 data : 82 73 001a data : 00 aa 00 4a e6 73 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 1576 check_bind_req for \PIPE\netdfs checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc checking \PIPE\wkssvc checking \PIPE\winreg checking \PIPE\spoolss checking \PIPE\netdfs 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\netdfs. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 writeX-IPC pnum=708d nwritten=72 size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1280 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 got smb length of 59 got message type 0x0 of len 0x3b Transaction 21 of length 63 size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28813 (0x708D) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 switch message SMBreadX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708d pipe name netdfs pnum=708d (pipes_open=1) read_from_pipe: 708d name: netdfs len: 1024 read_from_pipe: netdfs: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. readX-IPC pnum=708d min=1024 max=1024 nread=68 size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 65 74 64 66 73 00 00 01 00 00 00 00 00 00 00 netdfs.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... got smb length of 108 got message type 0x0 of len 0x6c Transaction 22 of length 112 size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1408 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 24 (0x18) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28813 (0x708D) smb_bcc=41 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 18 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 ........ . switch message SMBtrans (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user trans <\PIPE\> data=24 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=708d pipe name netdfs pnum=708d (pipes_open=1) Got API command 0x26 on pipe "netdfs" (pnum 708d) api_fd_reply: p:0x82c5af8 max_trans_reply: 1024 write_to_pipe: 708d name: netdfs open: Yes len: 24 write_to_pipe: data_left = 24 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 24 fill_rpc_header: data_to_copy = 24, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 8 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 8 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0018 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 8 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 8, incoming data = 8 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000000 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 70 Requested \PIPE\netdfs api_rpcTNP: netdfs op 0x0 - api_rpcTNP: rpc command: DFS_GETMANAGERVERSION api_rpc_cmds[0].fn == 0x865dd0 000000 netdfs_io_q_dfs_GetManagerVersion 000000 netdfs_io_r_dfs_GetManagerVersion 0000 exist_flag: 00000000 api_rpcTNP: called netdfs successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 8 read_from_pipe: 708d name: netdfs len: 1024 read_from_pipe: netdfs: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 001c 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000004 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..28] size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1408 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 01 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... got smb length of 108 got message type 0x0 of len 0x6c Transaction 23 of length 112 size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1472 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 24 (0x18) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28813 (0x708D) smb_bcc=41 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 18 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 ........ . switch message SMBtrans (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user trans <\PIPE\> data=24 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=708d pipe name netdfs pnum=708d (pipes_open=1) Got API command 0x26 on pipe "netdfs" (pnum 708d) api_fd_reply: p:0x82c5af8 max_trans_reply: 1024 write_to_pipe: 708d name: netdfs open: Yes len: 24 write_to_pipe: data_left = 24 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 24 fill_rpc_header: data_to_copy = 24, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 8 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 8 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0018 000a auth_len : 0000 000c call_id : 00000002 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 8 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 8, incoming data = 8 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000000 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\netdfs api_rpcTNP: netdfs op 0x0 - api_rpcTNP: rpc command: DFS_GETMANAGERVERSION api_rpc_cmds[0].fn == 0x865dd0 000000 netdfs_io_q_dfs_GetManagerVersion 000000 netdfs_io_r_dfs_GetManagerVersion 0000 exist_flag: 00000000 api_rpcTNP: called netdfs successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 8 read_from_pipe: 708d name: netdfs len: 1024 read_from_pipe: netdfs: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 001c 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000004 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..28] size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1472 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 02 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... got smb length of 148 got message type 0x0 of len 0x94 Transaction 24 of length 152 size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1536 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28813 (0x708D) smb_bcc=81 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 40 00 00 00 03 00 00 ........ .@...... [020] 00 28 00 00 00 00 00 05 00 01 00 00 00 04 00 00 .(...... ........ [030] 00 00 00 02 00 01 00 00 00 01 00 00 00 04 00 02 ........ ........ [040] 00 00 00 00 00 00 00 00 00 08 00 02 00 00 00 00 ........ ........ [050] 00 . switch message SMBtrans (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user trans <\PIPE\> data=64 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=708d pipe name netdfs pnum=708d (pipes_open=1) Got API command 0x26 on pipe "netdfs" (pnum 708d) api_fd_reply: p:0x82c5af8 max_trans_reply: 1024 write_to_pipe: 708d name: netdfs open: Yes len: 64 write_to_pipe: data_left = 64 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 64 fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 48 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 48 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0040 000a auth_len : 0000 000c call_id : 00000003 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 48 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 48, incoming data = 48 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000028 0004 context_id: 0000 0006 opnum : 0005 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\netdfs api_rpcTNP: netdfs op 0x5 - api_rpcTNP: rpc command: DFS_ENUM api_rpc_cmds[5].fn == 0x866200 000000 netdfs_io_q_dfs_Enum 0000 level: 00000001 0004 bufsize: 00000004 0008 ptr0_info: 00020000 00000c netdfs_io_dfs_EnumStruct_p info 000c level: 00000001 0010 switch_value: 00000001 0014 ptr0_info1: 00020004 000018 netdfs_io_dfs_EnumStruct_d info 000018 netdfs_io_dfs_EnumArray1_p info1 0018 count: 00000000 001c ptr0_s: 00000000 000020 netdfs_io_dfs_EnumArray1_d info1 0020 ptr0_total: 00020008 0024 total: 00000000 push_sec_ctx(80000, 80000) : sec_ctx_stack_ndx = 1 push_conn_ctx(101) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (80000, 80000) - sec_ctx_stack_ndx = 0 _dfs_Enum: 0 junctions found in Dfs, doing level 1 000000 netdfs_io_r_dfs_Enum 0000 ptr0_info: 00020000 000004 netdfs_io_dfs_EnumStruct_p info 0004 level: 00000001 0008 switch_value: 00000001 000c ptr0_info1: 00020004 000010 netdfs_io_dfs_EnumStruct_d info 000010 netdfs_io_dfs_EnumArray1_p info1 0010 count: 00000000 0014 ptr0_s: 00000000 000018 netdfs_io_dfs_EnumArray1_d info1 0018 ptr0_total: 00020008 001c total: 00000000 0020 status: WERR_OK api_rpcTNP: called netdfs successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 48 read_from_pipe: 708d name: netdfs len: 1024 read_from_pipe: netdfs: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 003c 000a auth_len : 0000 000c call_id : 00000003 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000024 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..60] size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1536 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 03 00 00 ........ .<...... [010] 00 24 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .$...... ........ [020] 00 01 00 00 00 04 00 02 00 00 00 00 00 00 00 00 ........ ........ [030] 00 08 00 02 00 00 00 00 00 00 00 00 00 ........ ..... got smb length of 41 got message type 0x0 of len 0x29 Transaction 25 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1600 smt_wct=3 smb_vwv[ 0]=28813 (0x708D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708d pipe name netdfs pnum=708d (pipes_open=1) reply_pipe_close: pnum:708d close_policy_by_pipe: deleted handle list for pipe netdfs closed pipe name netdfs pnum=708d (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1600 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 26 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1664 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [000] 14 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [010] 00 . switch message SMBntcreateX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \srvsvc. nt_open_pipe: Known pipe srvsvc opening. Open pipe requested srvsvc (pipes_open=0) Create pipe requested srvsvc init_pipe_handles: created handle list for pipe srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe srvsvc Created internal pipe srvsvc (pipes_open=0) Opened pipe srvsvc with handle 708e (pipes_open=1) open pipes: name srvsvc pnum=708e do_ntcreate_pipe_open: open pipe = \srvsvc size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1664 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=36352 (0x8E00) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 got smb length of 136 got message type 0x0 of len 0x88 Transaction 27 of length 140 size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1728 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28814 (0x708E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [030] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBwriteX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708e pipe name srvsvc pnum=708e (pipes_open=1) write_to_pipe: 708e name: srvsvc open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1523 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 1576 check_bind_req for \PIPE\srvsvc checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\ntsvcs. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 writeX-IPC pnum=708e nwritten=72 size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1728 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 got smb length of 59 got message type 0x0 of len 0x3b Transaction 28 of length 63 size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1792 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28814 (0x708E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 switch message SMBreadX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708e pipe name srvsvc pnum=708e (pipes_open=1) read_from_pipe: 708e name: srvsvc len: 1024 read_from_pipe: srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. readX-IPC pnum=708e min=1024 max=1024 nread=68 size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1792 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 74 73 76 63 73 00 00 01 00 00 00 00 00 00 00 ntsvcs.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... got smb length of 180 got message type 0x0 of len 0xb4 Transaction 29 of length 184 size=180 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1856 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28814 (0x708E) smb_bcc=113 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 60 00 00 00 01 00 00 ........ .`...... [020] 00 48 00 00 00 00 00 0F 00 00 00 02 00 0C 00 00 .H...... ........ [030] 00 00 00 00 00 0C 00 00 00 73 00 74 00 6F 00 72 ........ .s.t.o.r [040] 00 61 00 67 00 65 00 74 00 65 00 73 00 74 00 00 .a.g.e.t .e.s.t.. [050] 00 01 00 00 00 01 00 00 00 04 00 02 00 00 00 00 ........ ........ [060] 00 00 00 00 00 FF FF FF FF 08 00 02 00 00 00 00 ........ ........ [070] 00 . switch message SMBtrans (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user trans <\PIPE\> data=96 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=708e pipe name srvsvc pnum=708e (pipes_open=1) Got API command 0x26 on pipe "srvsvc" (pnum 708e) api_fd_reply: p:0x82c5af8 max_trans_reply: 1024 write_to_pipe: 708e name: srvsvc open: Yes len: 96 write_to_pipe: data_left = 96 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 80 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0060 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 80 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 80, incoming data = 80 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000048 0004 context_id: 0000 0006 opnum : 000f free_pipe_context: destroying talloc pool of size 70 Requested \PIPE\srvsvc api_rpcTNP: srvsvc op 0xf - api_rpcTNP: rpc command: SRV_NET_SHARE_ENUM_ALL api_rpc_cmds[3].fn == 0x868e40 000000 srv_io_q_net_share_enum 0000 ptr_srv_name: 00020000 000004 smb_io_unistr2 0004 uni_max_len: 0000000c 0008 offset : 00000000 000c uni_str_len: 0000000c 0010 buffer : s.t.o.r.a.g.e.t.e.s.t... 000028 srv_io_srv_share_ctr share_ctr 0028 info_level: 00000001 002c switch_value: 00000001 0030 ptr_share_info: 00020004 0034 num_entries: 00000000 0038 ptr_entries: 00000000 003c preferred_len: ffffffff 000040 smb_io_enum_hnd enum_hnd 0040 ptr_hnd: 00020008 0044 handle : 00000000 _srv_net_share_enum: 1373 init_srv_r_net_share_enum: 691 init_srv_share_info_ctr push_sec_ctx(80000, 80000) : sec_ctx_stack_ndx = 1 push_conn_ctx(101) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (80000, 80000) - sec_ctx_stack_ndx = 0 init_srv_share_info1: profiles$ 0 init_srv_share_info1_str init_srv_share_info1: testshare 0 init_srv_share_info1_str init_srv_share_info1: mech_public 0 Mechanical Engineering Public Share init_srv_share_info1_str init_srv_share_info1: IPC$ 80000003 IPC Service (Campus Storage Server Project) init_srv_share_info1_str init_srv_share_info1: bhnelsona 0 Home Directories init_srv_share_info1_str smb_io_enum_hnd _srv_net_share_enum: 1385 000000 srv_io_r_net_share_enum 000000 srv_io_srv_share_ctr share_ctr 0000 info_level: 00000001 0004 switch_value: 00000001 0008 ptr_share_info: 00000001 000c num_entries: 00000005 0010 ptr_entries: 00000001 0014 num_entries2: 00000005 000018 srv_io_share_info1 0018 ptr_netname: 00000001 001c type : 00000000 0020 ptr_remark : 00000001 000024 srv_io_share_info1 0024 ptr_netname: 00000001 0028 type : 00000000 002c ptr_remark : 00000001 000030 srv_io_share_info1 0030 ptr_netname: 00000001 0034 type : 00000000 0038 ptr_remark : 00000001 00003c srv_io_share_info1 003c ptr_netname: 00000001 0040 type : 80000003 0044 ptr_remark : 00000001 000048 srv_io_share_info1 0048 ptr_netname: 00000001 004c type : 00000000 0050 ptr_remark : 00000001 000054 srv_io_share_info1_str 000054 smb_io_unistr2 0054 uni_max_len: 0000000a 0058 offset : 00000000 005c uni_str_len: 0000000a 0060 buffer : p.r.o.f.i.l.e.s.$... 000074 smb_io_unistr2 0074 uni_max_len: 00000001 0078 offset : 00000000 007c uni_str_len: 00000001 0080 buffer : .. 000082 srv_io_share_info1_str 000084 smb_io_unistr2 0084 uni_max_len: 0000000a 0088 offset : 00000000 008c uni_str_len: 0000000a 0090 buffer : t.e.s.t.s.h.a.r.e... 0000a4 smb_io_unistr2 00a4 uni_max_len: 00000001 00a8 offset : 00000000 00ac uni_str_len: 00000001 00b0 buffer : .. 0000b2 srv_io_share_info1_str 0000b4 smb_io_unistr2 00b4 uni_max_len: 0000000c 00b8 offset : 00000000 00bc uni_str_len: 0000000c 00c0 buffer : m.e.c.h._.p.u.b.l.i.c... 0000d8 smb_io_unistr2 00d8 uni_max_len: 00000024 00dc offset : 00000000 00e0 uni_str_len: 00000024 00e4 buffer : M.e.c.h.a.n.i.c.a.l. .E.n.g.i.n.e.e.r.i.n.g. .P.u.b.l.i.c. .S.h.a.r.e... 00012c srv_io_share_info1_str 00012c smb_io_unistr2 012c uni_max_len: 00000005 0130 offset : 00000000 0134 uni_str_len: 00000005 0138 buffer : I.P.C.$... 000144 smb_io_unistr2 0144 uni_max_len: 0000002c 0148 offset : 00000000 014c uni_str_len: 0000002c 0150 buffer : I.P.C. .S.e.r.v.i.c.e. .(.C.a.m.p.u.s. .S.t.o.r.a.g.e. .S.e.r.v.e.r. .P.r.o.j.e.c.t.)... 0001a8 srv_io_share_info1_str 0001a8 smb_io_unistr2 01a8 uni_max_len: 0000000a 01ac offset : 00000000 01b0 uni_str_len: 0000000a 01b4 buffer : b.h.n.e.l.s.o.n.a... 0001c8 smb_io_unistr2 01c8 uni_max_len: 00000011 01cc offset : 00000000 01d0 uni_str_len: 00000011 01d4 buffer : H.o.m.e. .D.i.r.e.c.t.o.r.i.e.s... 01f8 total_entries: 00000005 0001fc smb_io_enum_hnd enum_hnd 01fc ptr_hnd: 00000000 0200 status: WERR_OK api_rpcTNP: called srvsvc successfully free_pipe_context: destroying talloc pool of size 556 write_to_pipe: data_used = 80 read_from_pipe: 708e name: srvsvc len: 1024 read_from_pipe: srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 516. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 021c 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000204 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..540] size=596 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1856 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 540 (0x21C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 540 (0x21C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=541 [000] 00 05 00 02 03 10 00 00 00 1C 02 00 00 01 00 00 ........ ........ [010] 00 04 02 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ [020] 00 01 00 00 00 05 00 00 00 01 00 00 00 05 00 00 ........ ........ [030] 00 01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 ........ ........ [040] 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 ........ ........ [050] 00 01 00 00 00 01 00 00 00 03 00 00 80 01 00 00 ........ ........ [060] 00 01 00 00 00 00 00 00 00 01 00 00 00 0A 00 00 ........ ........ [070] 00 00 00 00 00 0A 00 00 00 70 00 72 00 6F 00 66 ........ .p.r.o.f [080] 00 69 00 6C 00 65 00 73 00 24 00 00 00 01 00 00 .i.l.e.s .$...... [090] 00 00 00 00 00 01 00 00 00 00 00 00 00 0A 00 00 ........ ........ [0A0] 00 00 00 00 00 0A 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t [0B0] 00 73 00 68 00 61 00 72 00 65 00 00 00 01 00 00 .s.h.a.r .e...... [0C0] 00 00 00 00 00 01 00 00 00 00 00 00 00 0C 00 00 ........ ........ [0D0] 00 00 00 00 00 0C 00 00 00 6D 00 65 00 63 00 68 ........ .m.e.c.h [0E0] 00 5F 00 70 00 75 00 62 00 6C 00 69 00 63 00 00 ._.p.u.b .l.i.c.. [0F0] 00 24 00 00 00 00 00 00 00 24 00 00 00 4D 00 65 .$...... .$...M.e [100] 00 63 00 68 00 61 00 6E 00 69 00 63 00 61 00 6C .c.h.a.n .i.c.a.l [110] 00 20 00 45 00 6E 00 67 00 69 00 6E 00 65 00 65 . .E.n.g .i.n.e.e [120] 00 72 00 69 00 6E 00 67 00 20 00 50 00 75 00 62 .r.i.n.g . .P.u.b [130] 00 6C 00 69 00 63 00 20 00 53 00 68 00 61 00 72 .l.i.c. .S.h.a.r [140] 00 65 00 00 00 05 00 00 00 00 00 00 00 05 00 00 .e...... ........ [150] 00 49 00 50 00 43 00 24 00 00 00 00 00 2C 00 00 .I.P.C.$ .....,.. [160] 00 00 00 00 00 2C 00 00 00 49 00 50 00 43 00 20 .....,.. .I.P.C. [170] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. [180] 00 28 00 43 00 61 00 6D 00 70 00 75 00 73 00 20 .(.C.a.m .p.u.s. [190] 00 53 00 74 00 6F 00 72 00 61 00 67 00 65 00 20 .S.t.o.r .a.g.e. [1A0] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 50 .S.e.r.v .e.r. .P [1B0] 00 72 00 6F 00 6A 00 65 00 63 00 74 00 29 00 00 .r.o.j.e .c.t.).. [1C0] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 62 00 68 ........ .....b.h [1D0] 00 6E 00 65 00 6C 00 73 00 6F 00 6E 00 61 00 00 .n.e.l.s .o.n.a.. [1E0] 00 11 00 00 00 00 00 00 00 11 00 00 00 48 00 6F ........ .....H.o [1F0] 00 6D 00 65 00 20 00 44 00 69 00 72 00 65 00 63 .m.e. .D .i.r.e.c got smb length of 41 got message type 0x0 of len 0x29 Transaction 30 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1920 smt_wct=3 smb_vwv[ 0]=28814 (0x708E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708e pipe name srvsvc pnum=708e (pipes_open=1) reply_pipe_close: pnum:708e close_policy_by_pipe: deleted handle list for pipe srvsvc closed pipe name srvsvc pnum=708e (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=1920 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 31 of length 104 size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1984 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [000] 00 5C 00 6E 00 65 00 74 00 64 00 66 00 73 00 00 .\.n.e.t .d.f.s.. [010] 00 . switch message SMBntcreateX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0 nt_open_pipe: Opening pipe \netdfs. nt_open_pipe: Known pipe netdfs opening. Open pipe requested netdfs (pipes_open=0) Create pipe requested netdfs init_pipe_handles: created handle list for pipe netdfs init_pipe_handles: pipe_handles ref count = 1 for pipe netdfs Created internal pipe netdfs (pipes_open=0) Opened pipe netdfs with handle 708f (pipes_open=1) open pipes: name netdfs pnum=708f do_ntcreate_pipe_open: open pipe = \netdfs size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=1984 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=36608 (0x8F00) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 got smb length of 136 got message type 0x0 of len 0x88 Transaction 32 of length 140 size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2048 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28815 (0x708F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 E0 42 C7 4F 10 4A CF 11 82 73 00 AA 00 4A E6 ..B.O.J. ..s...J. [030] 73 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 s.....]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBwriteX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708f pipe name netdfs pnum=708f (pipes_open=1) write_to_pipe: 708f name: netdfs open: Yes len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1523 api_pipe_bind_req: \PIPE\netdfs -> \PIPE\netdfs 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4fc742e0 0014 data : 4a10 0016 data : 11cf 0018 data : 82 73 001a data : 00 aa 00 4a e6 73 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: make response. 1576 check_bind_req for \PIPE\netdfs checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON checking \PIPE\srvsvc checking \PIPE\wkssvc checking \PIPE\winreg checking \PIPE\spoolss checking \PIPE\netdfs 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\netdfs. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 writeX-IPC pnum=708f nwritten=72 size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2048 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 got smb length of 59 got message type 0x0 of len 0x3b Transaction 33 of length 63 size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2112 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=28815 (0x708F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 switch message SMBreadX (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708f pipe name netdfs pnum=708f (pipes_open=1) read_from_pipe: 708f name: netdfs len: 1024 read_from_pipe: netdfs: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. readX-IPC pnum=708f min=1024 max=1024 nread=68 size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2112 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 65 74 64 66 73 00 00 01 00 00 00 00 00 00 00 netdfs.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... got smb length of 108 got message type 0x0 of len 0x6c Transaction 34 of length 112 size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=2176 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 24 (0x18) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28815 (0x708F) smb_bcc=41 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 18 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 ........ . switch message SMBtrans (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user trans <\PIPE\> data=24 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=708f pipe name netdfs pnum=708f (pipes_open=1) Got API command 0x26 on pipe "netdfs" (pnum 708f) api_fd_reply: p:0x8299418 max_trans_reply: 1024 write_to_pipe: 708f name: netdfs open: Yes len: 24 write_to_pipe: data_left = 24 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 24 fill_rpc_header: data_to_copy = 24, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 8 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 8 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0018 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 8 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 8, incoming data = 8 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000000 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 70 Requested \PIPE\netdfs api_rpcTNP: netdfs op 0x0 - api_rpcTNP: rpc command: DFS_GETMANAGERVERSION api_rpc_cmds[0].fn == 0x865dd0 000000 netdfs_io_q_dfs_GetManagerVersion 000000 netdfs_io_r_dfs_GetManagerVersion 0000 exist_flag: 00000000 api_rpcTNP: called netdfs successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 8 read_from_pipe: 708f name: netdfs len: 1024 read_from_pipe: netdfs: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 001c 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000004 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..28] size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=2176 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 01 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... got smb length of 268 got message type 0x0 of len 0x10c Transaction 35 of length 272 size=268 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=2240 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 184 (0xB8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 184 (0xB8) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28815 (0x708F) smb_bcc=201 [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [010] 00 05 00 00 03 10 00 00 00 B8 00 00 00 02 00 00 ........ ........ [020] 00 A0 00 00 00 00 00 0A 00 0C 00 00 00 00 00 00 ........ ........ [030] 00 0C 00 00 00 73 00 74 00 6F 00 72 00 61 00 67 .....s.t .o.r.a.g [040] 00 65 00 74 00 65 00 73 00 74 00 00 00 01 00 00 .e.t.e.s .t...... [050] 00 00 00 00 00 01 00 00 00 00 00 02 00 0A 00 00 ........ ........ [060] 00 00 00 00 00 0A 00 00 00 70 00 72 00 6F 00 66 ........ .p.r.o.f [070] 00 69 00 6C 00 65 00 73 00 24 00 00 00 0A 00 00 .i.l.e.s .$...... [080] 00 00 00 00 00 0A 00 00 00 70 00 72 00 6F 00 66 ........ .p.r.o.f [090] 00 69 00 6C 00 65 00 73 00 24 00 00 00 01 00 00 .i.l.e.s .$...... [0A0] 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 ........ ........ [0B0] 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C0] 00 00 00 02 00 00 00 00 00 ........ . switch message SMBtrans (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user trans <\PIPE\> data=184 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply search for pipe pnum=708f pipe name netdfs pnum=708f (pipes_open=1) Got API command 0x26 on pipe "netdfs" (pnum 708f) api_fd_reply: p:0x8299418 max_trans_reply: 1024 write_to_pipe: 708f name: netdfs open: Yes len: 184 write_to_pipe: data_left = 184 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 184 fill_rpc_header: data_to_copy = 184, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 168 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 168 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00b8 000a auth_len : 0000 000c call_id : 00000002 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 168 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 168, incoming data = 168 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 000000a0 0004 context_id: 0000 0006 opnum : 000a free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\netdfs api_rpcTNP: netdfs op 0xa - api_rpcTNP: rpc command: DFS_ADDFTROOT api_rpc_cmds[10].fn == 0x8665d0 000000 netdfs_io_q_dfs_AddFtRoot 000000 netdfs_io_r_dfs_AddFtRoot 0000 status: WERR_NOT_SUPPORTED api_rpcTNP: called netdfs successfully api_rpcTNP: rpc input buffer underflow (parse error?) 0000 : 0c 00 00 00 00 00 00 00 0c 00 00 00 73 00 74 00 6f 00 72 00 61 00 67 00 65 00 74 00 65 00 73 00 74 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 02 00 0a 00 00 00 00 00 00 00 0a 00 00 00 70 00 72 00 6f 00 66 00 69 00 6c 00 65 00 73 00 24 00 00 00 0a 00 00 00 00 00 00 00 0a 00 00 00 70 00 72 00 6f 00 66 00 69 00 6c 00 65 00 73 00 24 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 168 read_from_pipe: 708f name: netdfs len: 1024 read_from_pipe: netdfs: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 001c 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000004 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 copy_trans_params_and_data: params[0..0] data[0..28] size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8524 smb_uid=101 smb_mid=2240 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 02 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 32 00 00 00 ........ .2... got smb length of 41 got message type 0x0 of len 0x29 Transaction 36 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2304 smt_wct=3 smb_vwv[ 0]=28815 (0x708F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 28784) conn 0x8aabc68 change_to_user: Skipping user change - already user search for pipe pnum=708f pipe name netdfs pnum=708f (pipes_open=1) reply_pipe_close: pnum:708f close_policy_by_pipe: deleted handle list for pipe netdfs closed pipe name netdfs pnum=708f (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2304 smt_wct=0 smb_bcc=0 got smb length of 39 got message type 0x0 of len 0x27 Transaction 37 of length 43 size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=2368 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 switch message SMBulogoffX (pid 28784) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) ulogoffX vuid=101 size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=2368 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 got smb length of 35 got message type 0x0 of len 0x23 Transaction 38 of length 39 size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2432 smt_wct=0 smb_bcc=0 switch message SMBtdis (pid 28784) conn 0x8aabc68 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) picard (150.134.20.21) closed connection to service IPC$ Yielding connection to IPC$ vfs_ChDir to / setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=101 smb_mid=2432 smt_wct=0 smb_bcc=0 read_data: read of 4 returned 0. Error = Success receive_smb_raw: length < 0! timeout_processing: End of file from client (client has disconnected). Closing cache file namecache_shutdown: netbios namecache closed successfully. setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Yielding connection to Server exit (normal exit)