[2008/07/22 21:33:36, 5] lib/debug.c:debug_dump_status(395) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 doing parameter max log size = 0 [2008/07/22 21:33:36, 2] param/loadparm.c:do_section(7363) Processing section "[homes]" [2008/07/22 21:33:36, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 3 for homes [2008/07/22 21:33:36, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 3 for service name homes doing parameter comment = Home Directories doing parameter valid users = %S doing parameter read only = No doing parameter inherit acls = Yes doing parameter browseable = No [2008/07/22 21:33:36, 2] param/loadparm.c:do_section(7363) Processing section "[netlogon]" [2008/07/22 21:33:36, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 2 for netlogon [2008/07/22 21:33:36, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 2 for service name netlogon doing parameter comment = Network Logon Service doing parameter path = /var/lib/samba/netlogon doing parameter guest ok = Yes doing parameter browseable = No doing parameter share modes = No [2008/07/22 21:33:36, 2] param/loadparm.c:do_section(7363) Processing section "[profiles]" [2008/07/22 21:33:36, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 1 for profiles [2008/07/22 21:33:36, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 1 for service name profiles doing parameter comment = Network Profiles Service doing parameter path = /var/lib/samba/profiles doing parameter read only = No doing parameter create mask = 0600 doing parameter directory mask = 0700 doing parameter store dos attributes = Yes doing parameter browseable = No doing parameter available = No [2008/07/22 21:33:36, 4] param/loadparm.c:lp_load_ex(8724) pm_process() returned Yes [2008/07/22 21:33:36, 1] param/loadparm.c:service_ok(6501) NOTE: Service profiles is flagged unavailable. [2008/07/22 21:33:36, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 0 for IPC$ [2008/07/22 21:33:36, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 0 for service name IPC$ [2008/07/22 21:33:36, 3] param/loadparm.c:lp_add_ipc(5906) adding IPC service [2008/07/22 21:33:36, 10] param/loadparm.c:set_server_role(7905) set_server_role: role = ROLE_DOMAIN_PDC [2008/07/22 21:33:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:36, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:36, 7] param/loadparm.c:lp_servicenumber(8917) lp_servicenumber: couldn't find printers [2008/07/22 21:33:36, 3] printing/pcap.c:pcap_cache_reload(116) reloading printcap cache [2008/07/22 21:33:36, 3] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2008/07/22 21:33:36, 3] printing/pcap.c:pcap_cache_reload(116) reloading printcap cache [2008/07/22 21:33:36, 3] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2008/07/22 21:33:36, 7] param/loadparm.c:lp_servicenumber(8917) lp_servicenumber: couldn't find printers [2008/07/22 21:33:36, 2] lib/interface.c:add_interface(334) added interface eth0 ip=fe80::214:22ff:fe24:45be%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2008/07/22 21:33:36, 2] lib/interface.c:add_interface(334) added interface eth0 ip=192.168.10.23 bcast=192.168.11.255 netmask=255.255.254.0 [2008/07/22 21:33:36, 2] lib/interface.c:add_interface(334) added interface lo ip=::1 bcast=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff [2008/07/22 21:33:36, 2] lib/interface.c:add_interface(334) added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 0 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 0 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 87380 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 0 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 0 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 87380 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2008/07/22 21:33:36, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2008/07/22 21:33:36, 5] smbd/reply.c:reply_special(472) init msg_type=0x81 msg_flags=0x0 [2008/07/22 21:33:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 190 [2008/07/22 21:33:36, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xbe [2008/07/22 21:33:36, 3] smbd/process.c:process_smb(1549) Transaction 0 of length 194 (0 toread) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=0 smb_mid=2 smt_wct=0 smb_bcc=155 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2008/07/22 21:33:36, 3] smbd/process.c:switch_message(1361) switch message SMBnegprot (pid 6816) conn 0x0 [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:36, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:36, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [PC NETWORK PROGRAM 1.0] [2008/07/22 21:33:36, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [MICROSOFT NETWORKS 1.03] [2008/07/22 21:33:36, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [MICROSOFT NETWORKS 3.0] [2008/07/22 21:33:36, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LANMAN1.0] [2008/07/22 21:33:36, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LM1.2X002] [2008/07/22 21:33:36, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [DOS LANMAN2.1] [2008/07/22 21:33:36, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LANMAN2.1] [2008/07/22 21:33:36, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [Samba] [2008/07/22 21:33:36, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [NT LANMAN 1.0] [2008/07/22 21:33:36, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [NT LM 0.12] [2008/07/22 21:33:36, 10] lib/util.c:set_remote_arch(2201) set_remote_arch: Client arch is 'Samba' [2008/07/22 21:33:36, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/%m.conf -> /etc/samba/chpas-lansvcs.conf last mod_time: Tue Jul 22 21:32:54 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 22 21:32:59 2008 [2008/07/22 21:33:36, 5] smbd/connection.c:claim_connection(142) claiming [] [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key A01A0000FFFFFFFF0000 [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c8f380 [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key A01A0000FFFFFFFF0000 [2008/07/22 21:33:36, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/%m.conf -> /etc/samba/chpas-lansvcs.conf last mod_time: Tue Jul 22 21:32:54 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 22 21:32:59 2008 [2008/07/22 21:33:36, 3] smbd/negprot.c:reply_nt1(392) using SPNEGO [2008/07/22 21:33:36, 3] smbd/negprot.c:reply_negprot(673) Selected protocol NT LANMAN 1.0 [2008/07/22 21:33:36, 5] smbd/negprot.c:reply_negprot(680) negprot index=8 [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=40960 (0xA000) smb_vwv[ 8]= 26 (0x1A) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 8536 (0x2158) smb_vwv[13]=25632 (0x6420) smb_vwv[14]=51436 (0xC8EC) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=58 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 63 68 70 61 73 2D 6E 65 74 73 76 63 73 00 00 00 chpas-ne tsvcs... [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2008/07/22 21:33:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 88 [2008/07/22 21:33:36, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x58 [2008/07/22 21:33:36, 3] smbd/process.c:process_smb(1549) Transaction 1 of length 92 (0 toread) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=88 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=0 smb_mid=3 smt_wct=13 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 8292 (0x2064) smb_vwv[ 5]= 6816 (0x1AA0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=49244 (0xC05C) smb_vwv[12]= 0 (0x0) smb_bcc=27 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S [010] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... [2008/07/22 21:33:36, 3] smbd/process.c:switch_message(1361) switch message SMBsesssetupX (pid 6816) conn 0x0 [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:36, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:36, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409) wct=13 flg2=0xc801 [2008/07/22 21:33:36, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1608) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2008/07/22 21:33:36, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1624) sesssetupX:name=[]\[]@[chpas-lansvcs] [2008/07/22 21:33:36, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/%m.conf -> /etc/samba/chpas-lansvcs.conf last mod_time: Tue Jul 22 21:32:54 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 22 21:32:59 2008 [2008/07/22 21:33:36, 3] smbd/sesssetup.c:check_guest_password(159) Got anonymous request [2008/07/22 21:33:36, 5] auth/auth.c:make_auth_context_subsystem(485) Making default auth method list for DC, security=user, encrypt passwords = yes [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend sam [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'sam' [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend sam_ignoredomain [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'sam_ignoredomain' [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend unix [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'unix' [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend winbind [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'winbind' [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend smbserver [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'smbserver' [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend trustdomain [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'trustdomain' [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend ntdomain [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'ntdomain' [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend guest [2008/07/22 21:33:36, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'guest' [2008/07/22 21:33:36, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match guest [2008/07/22 21:33:36, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method guest has a valid init [2008/07/22 21:33:36, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match sam [2008/07/22 21:33:36, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method sam has a valid init [2008/07/22 21:33:36, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2008/07/22 21:33:36, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match trustdomain [2008/07/22 21:33:36, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method trustdomain has a valid init [2008/07/22 21:33:36, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method winbind has a valid init [2008/07/22 21:33:36, 5] auth/auth_util.c:make_user_info(92) attempting to make a user_info for () [2008/07/22 21:33:36, 5] auth/auth_util.c:make_user_info(102) making strings for 's user_info struct [2008/07/22 21:33:36, 5] auth/auth_util.c:make_user_info(134) making blobs for 's user_info struct [2008/07/22 21:33:36, 10] auth/auth_util.c:make_user_info(152) made an encrypted user_info for () [2008/07/22 21:33:36, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface [2008/07/22 21:33:36, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: []\[]@[] [2008/07/22 21:33:36, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by fixed [2008/07/22 21:33:36, 10] auth/auth.c:check_ntlm_password(234) challenge is: [2008/07/22 21:33:36, 5] lib/util.c:dump_data(2226) [000] 00 00 00 00 00 00 00 00 ........ [2008/07/22 21:33:36, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=65533))], scope => [2] [2008/07/22 21:33:36, 5] lib/smbldap.c:smbldap_close(1110) The connection to the LDAP server was closed [2008/07/22 21:33:36, 10] lib/smbldap.c:smb_ldap_setup_conn(616) smb_ldap_setup_connection: ldap://localhost [2008/07/22 21:33:36, 2] lib/smbldap.c:smbldap_open_connection(796) smbldap_open_connection: connection opened [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_connect_system(961) ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=arnoldtrans,dc=lcl" [2008/07/22 21:33:36, 3] lib/smbldap.c:smbldap_connect_system(1007) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2008/07/22 21:33:36, 10] lib/events.c:event_add_timed(128) Added timed event "smbldap_idle_fn": 555555c97190 [2008/07/22 21:33:36, 4] lib/smbldap.c:smbldap_open(1090) The LDAP server is successfully connected [2008/07/22 21:33:36, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65533)) [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:36, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:36, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username nobody, was [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username , was [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name nobody, was [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\nobody, was [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:36, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:36, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-501 [2008/07/22 21:33:36, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-399034208-633907489-3292321255-501 from rid 501 [2008/07/22 21:33:36, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: guest authentication for user [] succeeded [2008/07/22 21:33:36, 5] auth/auth.c:check_ntlm_password(308) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2008/07/22 21:33:36, 5] auth/auth_util.c:free_user_info(1951) attempting to free (and zero) a user_info structure [2008/07/22 21:33:36, 10] auth/auth_util.c:free_user_info(1955) structure was created for [2008/07/22 21:33:36, 5] auth/auth_util.c:free_user_info(1951) attempting to free (and zero) a user_info structure [2008/07/22 21:33:36, 10] auth/token_util.c:create_local_nt_token(302) Create local NT token for S-1-5-21-399034208-633907489-3292321255-501 [2008/07/22 21:33:36, 10] passdb/lookup_sid.c:sid_to_gid(1439) sid S-1-5-32-544 -> gid 10024 [2008/07/22 21:33:36, 10] passdb/lookup_sid.c:sid_to_gid(1439) sid S-1-5-32-545 -> gid 10025 [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:36, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:36, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-399034208-633907489-3292321255-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2008/07/22 21:33:36, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-399034208-633907489-3292321255-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:36, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-399034208-633907489-3292321255-501] [2008/07/22 21:33:36, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2008/07/22 21:33:36, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2008/07/22 21:33:36, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2008/07/22 21:33:36, 10] passdb/lookup_sid.c:sid_to_gid(1434) winbind failed to find a gid for sid S-1-1-0 [2008/07/22 21:33:36, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-1-0 to gid, ignoring it [2008/07/22 21:33:36, 10] passdb/lookup_sid.c:sid_to_gid(1434) winbind failed to find a gid for sid S-1-5-2 [2008/07/22 21:33:36, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-5-2 to gid, ignoring it [2008/07/22 21:33:36, 10] passdb/lookup_sid.c:sid_to_gid(1434) winbind failed to find a gid for sid S-1-5-32-546 [2008/07/22 21:33:36, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-5-32-546 to gid, ignoring it [2008/07/22 21:33:36, 10] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-399034208-633907489-3292321255-501 contains 4 SIDs SID[ 0]: S-1-5-21-399034208-633907489-3292321255-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/07/22 21:33:36, 10] smbd/password.c:register_initial_vuid(188) register_initial_vuid: allocated vuid = 100 [2008/07/22 21:33:36, 10] smbd/password.c:register_existing_vuid(310) register_existing_vuid: (65534,65533) nobody nobody ARNOLD guest=1 [2008/07/22 21:33:36, 3] smbd/password.c:register_existing_vuid(314) register_existing_vuid: User name: nobody Real name: nobody [2008/07/22 21:33:36, 3] smbd/password.c:register_existing_vuid(326) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2008/07/22 21:33:36, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/%m.conf -> /etc/samba/chpas-lansvcs.conf last mod_time: Tue Jul 22 21:32:54 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 22 21:32:59 2008 [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=124 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=100 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=83 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [010] 00 62 00 61 00 20 00 33 00 2E 00 32 00 2E 00 30 .b.a. .3 ...2...0 [020] 00 2D 00 31 00 37 00 39 00 35 00 2D 00 53 00 55 .-.1.7.9 .5.-.S.U [030] 00 53 00 45 00 2D 00 53 00 4C 00 45 00 53 00 31 .S.E.-.S .L.E.S.1 [040] 00 30 00 00 00 41 00 52 00 4E 00 4F 00 4C 00 44 .0...A.R .N.O.L.D [050] 00 00 00 ... [2008/07/22 21:33:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 90 [2008/07/22 21:33:36, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x5a [2008/07/22 21:33:36, 3] smbd/process.c:process_smb(1549) Transaction 2 of length 94 (0 toread) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=90 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=100 smb_mid=4 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=47 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 5C 00 43 00 48 00 50 00 41 00 53 00 2D .\.\.C.H .P.A.S.- [010] 00 4E 00 45 00 54 00 53 00 56 00 43 00 53 00 5C .N.E.T.S .V.C.S.\ [020] 00 49 00 50 00 43 00 24 00 00 00 49 50 43 00 .I.P.C.$ ...IPC. [2008/07/22 21:33:36, 3] smbd/process.c:switch_message(1361) switch message SMBtconX (pid 6816) conn 0x0 [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:36, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:36, 4] smbd/reply.c:reply_tcon_and_X(653) Client requested device type [IPC] for share [IPC$] [2008/07/22 21:33:36, 5] smbd/service.c:make_connection(1376) making a connection to 'normal' service ipc$ [2008/07/22 21:33:36, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user nobody [2008/07/22 21:33:36, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is nobody [2008/07/22 21:33:36, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [nobody]! [2008/07/22 21:33:36, 10] smbd/service.c:set_conn_connectpath(157) set_conn_connectpath: service IPC$, connectpath = /var/tmp [2008/07/22 21:33:36, 3] smbd/service.c:make_connection_snum(936) Connect path is '/var/tmp' for service [IPC$] [2008/07/22 21:33:36, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/07/22 21:33:36, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000002, for NT token with 4 entries and first sid S-1-5-21-399034208-633907489-3292321255-501. [2008/07/22 21:33:36, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/22 21:33:36, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-399034208-633907489-3292321255-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2008/07/22 21:33:36, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2008/07/22 21:33:36, 3] smbd/vfs.c:vfs_init_default(96) Initialising default vfs hooks [2008/07/22 21:33:36, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend '/[Default VFS]/' [2008/07/22 21:33:36, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for posixacl [2008/07/22 21:33:36, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend 'posixacl' [2008/07/22 21:33:36, 3] smbd/vfs.c:vfs_init_custom(130) Initialising custom vfs hooks from [/[Default VFS]/] [2008/07/22 21:33:36, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ [2008/07/22 21:33:36, 5] smbd/connection.c:claim_connection(142) claiming [IPC$] [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key A01A0000010000004950 [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c8f7c0 [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key A01A0000010000004950 [2008/07/22 21:33:36, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user nobody [2008/07/22 21:33:36, 10] smbd/share_access.c:is_share_read_only_for_token(273) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2008/07/22 21:33:36, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/07/22 21:33:36, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-399034208-633907489-3292321255-501. [2008/07/22 21:33:36, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/22 21:33:36, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-399034208-633907489-3292321255-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2008/07/22 21:33:36, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (1) granted. [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:36, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-399034208-633907489-3292321255-501 contains 4 SIDs SID[ 0]: S-1-5-21-399034208-633907489-3292321255-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/07/22 21:33:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups [2008/07/22 21:33:36, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(65534,65534) gid=(0,65533) [2008/07/22 21:33:36, 3] smbd/service.c:make_connection_snum(1190) chpas-lansvcs (192.168.10.33) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 6816) [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:36, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:36, 3] smbd/reply.c:reply_tcon_and_X(727) tconX service=IPC$ [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=4 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 49 50 43 00 00 00 00 IPC.... [2008/07/22 21:33:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 100 [2008/07/22 21:33:36, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x64 [2008/07/22 21:33:36, 3] smbd/process.c:process_smb(1549) Transaction 3 of length 104 (0 toread) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=5 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2008/07/22 21:33:36, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 6816) conn 0x555555cd0070 [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:36, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-399034208-633907489-3292321255-501 contains 4 SIDs SID[ 0]: S-1-5-21-399034208-633907489-3292321255-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/07/22 21:33:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups [2008/07/22 21:33:36, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(65534,65534) gid=(0,65533) [2008/07/22 21:33:36, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to /var/tmp [2008/07/22 21:33:36, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc [2008/07/22 21:33:36, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \lsarpc. [2008/07/22 21:33:36, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe lsarpc opening. [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested lsarpc (pipes_open=0) [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested lsarpc [2008/07/22 21:33:36, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2008/07/22 21:33:36, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe lsarpc (pipes_open=0) [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe lsarpc with handle 70d0 (pipes_open=1) [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name lsarpc pnum=70d0 [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F363831 [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c9a170 [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F363831 [2008/07/22 21:33:36, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \lsarpc [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=53248 (0xD000) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/07/22 21:33:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 154 [2008/07/22 21:33:36, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x9a [2008/07/22 21:33:36, 3] smbd/process.c:process_smb(1549) Transaction 4 of length 158 (0 toread) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28880 (0x70D0) smb_bcc=87 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/07/22 21:33:36, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6816) conn 0x555555cd0070 [2008/07/22 21:33:36, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:36, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=72 params=0 setup=2 [2008/07/22 21:33:36, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:36, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:36, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d0 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=70d0 (pipes_open=1) [2008/07/22 21:33:36, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 70d0) [2008/07/22 21:33:36, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c9d090 max_trans_reply: 4280 [2008/07/22 21:33:36, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d0 name: lsarpc open: Yes len: 72 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/22 21:33:36, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/22 21:33:36, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/22 21:33:36, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/22 21:33:36, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345778 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 89 ab [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000000 [2008/07/22 21:33:36, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/22 21:33:36, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/22 21:33:36, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\lsarpc checking \PIPE\lsarpc [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/22 21:33:36, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/22 21:33:36, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\lsarpc. [2008/07/22 21:33:36, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/07/22 21:33:36, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/07/22 21:33:36, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/22 21:33:36, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d0 name: lsarpc len: 4280 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/07/22 21:33:36, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] (align 0) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/07/22 21:33:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 142 [2008/07/22 21:33:36, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x8e [2008/07/22 21:33:36, 3] smbd/process.c:process_smb(1549) Transaction 5 of length 146 (0 toread) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=142 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28880 (0x70D0) smb_bcc=75 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 00 24 .......< .......$ [020] 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 00 02 ........ ... [2008/07/22 21:33:36, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6816) conn 0x555555cd0070 [2008/07/22 21:33:36, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:36, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=60 params=0 setup=2 [2008/07/22 21:33:36, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:36, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:36, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d0 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=70d0 (pipes_open=1) [2008/07/22 21:33:36, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 70d0) [2008/07/22 21:33:36, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c9d090 max_trans_reply: 4280 [2008/07/22 21:33:36, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d0 name: lsarpc open: Yes len: 60 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 60 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 003c [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000024 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0006 [2008/07/22 21:33:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 79 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2008/07/22 21:33:36, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2008/07/22 21:33:36, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[6].fn == 0x5555556e3f27 lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : NULL access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2008/07/22 21:33:36, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x02000000, for NT token with 4 entries and first sid S-1-5-21-399034208-633907489-3292321255-501. [2008/07/22 21:33:36, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/22 21:33:36, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-399034208-633907489-3292321255-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 [2008/07/22 21:33:36, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 86 48 70 8A ........ .....Hp. [010] A0 1A 00 00 .... lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-8648-708aa01a0000 result : NT_STATUS_OK [2008/07/22 21:33:36, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2008/07/22 21:33:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 852 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 44 [2008/07/22 21:33:36, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d0 name: lsarpc len: 4280 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:36, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 86 48 70 8A A0 1A 00 00 00 00 00 ......Hp ........ [030] 00 . [2008/07/22 21:33:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 128 [2008/07/22 21:33:36, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x80 [2008/07/22 21:33:36, 3] smbd/process.c:process_smb(1549) Transaction 6 of length 132 (0 toread) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28880 (0x70D0) smb_bcc=61 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 86 48 70 8A A0 1A 00 00 05 00 ....Hp.. ..... [2008/07/22 21:33:36, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6816) conn 0x555555cd0070 [2008/07/22 21:33:36, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:36, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=46 params=0 setup=2 [2008/07/22 21:33:36, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:36, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:36, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d0 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=70d0 (pipes_open=1) [2008/07/22 21:33:36, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 70d0) [2008/07/22 21:33:36, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c9d090 max_trans_reply: 4280 [2008/07/22 21:33:36, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d0 name: lsarpc open: Yes len: 46 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 46 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 30 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002e [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 30 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000016 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0007 [2008/07/22 21:33:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2008/07/22 21:33:36, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2008/07/22 21:33:36, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[7].fn == 0x5555556e3ce7 lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-8648-708aa01a0000 level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) [2008/07/22 21:33:36, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 86 48 70 8A ........ .....Hp. [010] A0 1A 00 00 .... lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 5) account_domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : * string : 'ARNOLD' sid : * sid : S-1-5-21-399034208-633907489-3292321255 result : NT_STATUS_OK [2008/07/22 21:33:36, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2008/07/22 21:33:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 72 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 30 [2008/07/22 21:33:36, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d0 name: lsarpc len: 4280 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0064 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000004c [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:36, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..100] (align 0) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 03 00 00 ........ .d...... [010] 00 4C 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .L...... ........ [020] 00 0C 00 0E 00 04 00 02 00 08 00 02 00 07 00 00 ........ ........ [030] 00 00 00 00 00 06 00 00 00 41 00 52 00 4E 00 4F ........ .A.R.N.O [040] 00 4C 00 44 00 04 00 00 00 01 04 00 00 00 00 00 .L.D.... ........ [050] 05 15 00 00 00 60 C7 C8 17 21 A9 C8 25 E7 D5 3C .....`.. .!..%..< [060] C4 00 00 00 00 ..... [2008/07/22 21:33:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 126 [2008/07/22 21:33:36, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x7e [2008/07/22 21:33:36, 3] smbd/process.c:process_smb(1549) Transaction 7 of length 130 (0 toread) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28880 (0x70D0) smb_bcc=59 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 00 14 ......., ........ [020] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 86 48 70 8A A0 1A 00 00 ....Hp.. ... [2008/07/22 21:33:36, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6816) conn 0x555555cd0070 [2008/07/22 21:33:36, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:36, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=44 params=0 setup=2 [2008/07/22 21:33:36, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:36, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:36, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d0 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=70d0 (pipes_open=1) [2008/07/22 21:33:36, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 70d0) [2008/07/22 21:33:36, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c9d090 max_trans_reply: 4280 [2008/07/22 21:33:36, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d0 name: lsarpc open: Yes len: 44 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 28 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002c [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000004 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 28 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000014 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0000 [2008/07/22 21:33:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2008/07/22 21:33:36, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2008/07/22 21:33:36, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[0].fn == 0x5555556e4bfa lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-8648-708aa01a0000 [2008/07/22 21:33:36, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 86 48 70 8A ........ .....Hp. [010] A0 1A 00 00 .... [2008/07/22 21:33:36, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 86 48 70 8A ........ .....Hp. [010] A0 1A 00 00 .... [2008/07/22 21:33:36, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2008/07/22 21:33:36, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2008/07/22 21:33:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 28 [2008/07/22 21:33:36, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d0 name: lsarpc len: 4280 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000004 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:36, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2008/07/22 21:33:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/22 21:33:36, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/22 21:33:36, 3] smbd/process.c:process_smb(1549) Transaction 8 of length 45 (0 toread) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=10 smt_wct=3 smb_vwv[ 0]=28880 (0x70D0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/22 21:33:36, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 6816) conn 0x555555cd0070 [2008/07/22 21:33:36, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d0 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=70d0 (pipes_open=1) [2008/07/22 21:33:36, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:70d0 [2008/07/22 21:33:36, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe lsarpc [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name lsarpc pnum=70d0 (pipes_open=0) [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F363831 [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c9bb10 [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F363831 [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=10 smt_wct=0 smb_bcc=0 [2008/07/22 21:33:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 104 [2008/07/22 21:33:36, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x68 [2008/07/22 21:33:36, 3] smbd/process.c:process_smb(1549) Transaction 9 of length 108 (0 toread) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=11 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=21 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [010] 00 4E 00 00 00 .N... [2008/07/22 21:33:36, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 6816) conn 0x555555cd0070 [2008/07/22 21:33:36, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:36, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = NETLOGON [2008/07/22 21:33:36, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \NETLOGON. [2008/07/22 21:33:36, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe NETLOGON opening. [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested NETLOGON (pipes_open=0) [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested NETLOGON [2008/07/22 21:33:36, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe NETLOGON [2008/07/22 21:33:36, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe NETLOGON (pipes_open=0) [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe NETLOGON with handle 70d1 (pipes_open=1) [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name NETLOGON pnum=70d1 [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c9c7e0 [2008/07/22 21:33:36, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:36, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \NETLOGON [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=11 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=53504 (0xD100) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/07/22 21:33:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 154 [2008/07/22 21:33:36, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x9a [2008/07/22 21:33:36, 3] smbd/process.c:process_smb(1549) Transaction 10 of length 158 (0 toread) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28881 (0x70D1) smb_bcc=87 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 05 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/07/22 21:33:36, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6816) conn 0x555555cd0070 [2008/07/22 21:33:36, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:36, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=72 params=0 setup=2 [2008/07/22 21:33:36, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:36, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:36, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d1 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d1 (pipes_open=1) [2008/07/22 21:33:36, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "NETLOGON" (pnum 70d1) [2008/07/22 21:33:36, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c2d490 max_trans_reply: 4280 [2008/07/22 21:33:36, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d1 name: NETLOGON open: Yes len: 72 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000005 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/22 21:33:36, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/22 21:33:36, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/22 21:33:36, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/22 21:33:36, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345678 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 cf fb [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2008/07/22 21:33:36, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/22 21:33:36, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/22 21:33:36, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\NETLOGON checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/22 21:33:36, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/22 21:33:36, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000f [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\netlogon. [2008/07/22 21:33:36, 6] rpc_parse/parse_prs.c:prs_debug(88) 000019 smb_io_rpc_results [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001c num_results: 01 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0020 result : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0022 reason : 0000 [2008/07/22 21:33:36, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/22 21:33:36, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000005 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/22 21:33:36, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d1 name: NETLOGON len: 4280 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2008/07/22 21:33:36, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..72] (align 0) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 05 00 0C 03 10 00 00 00 48 00 00 00 05 00 00 ........ .H...... [010] 00 B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 \netlogo n....... [030] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/07/22 21:33:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 202 [2008/07/22 21:33:36, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xca [2008/07/22 21:33:36, 3] smbd/process.c:process_smb(1549) Transaction 11 of length 206 (0 toread) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=202 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 120 (0x78) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28881 (0x70D1) smb_bcc=135 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 78 00 00 00 06 00 00 00 60 .......x .......` [020] 00 00 00 00 00 04 00 00 00 02 00 10 00 00 00 00 ........ ........ [030] 00 00 00 10 00 00 00 5C 00 5C 00 43 00 48 00 50 .......\ .\.C.H.P [040] 00 41 00 53 00 2D 00 4E 00 45 00 54 00 53 00 56 .A.S.-.N .E.T.S.V [050] 00 43 00 53 00 00 00 0E 00 00 00 00 00 00 00 0E .C.S.... ........ [060] 00 00 00 43 00 48 00 50 00 41 00 53 00 2D 00 4C ...C.H.P .A.S.-.L [070] 00 41 00 4E 00 53 00 56 00 43 00 53 00 00 00 A6 .A.N.S.V .C.S.... [080] 6B 75 04 60 58 3C 04 ku.`X<. [2008/07/22 21:33:36, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6816) conn 0x555555cd0070 [2008/07/22 21:33:36, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:36, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=120 params=0 setup=2 [2008/07/22 21:33:36, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:36, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:36, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d1 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d1 (pipes_open=1) [2008/07/22 21:33:36, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "NETLOGON" (pnum 70d1) [2008/07/22 21:33:36, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c2d490 max_trans_reply: 4280 [2008/07/22 21:33:36, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d1 name: NETLOGON open: Yes len: 120 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 120 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 120 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 120, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 104 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 104 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0078 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000006 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 104 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 104, incoming data = 104 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000060 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0004 [2008/07/22 21:33:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 81 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\NETLOGON [2008/07/22 21:33:36, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE [2008/07/22 21:33:36, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[4].fn == 0x55555570d92e netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\CHPAS-NETSVCS' computer_name : 'CHPAS-LANSVCS' credentials : * credentials: struct netr_Credential data : a66b750460583c04 [2008/07/22 21:33:36, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) init_net_r_req_chal: 41 netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : 42ef70494584fa68 result : NT_STATUS_OK [2008/07/22 21:33:36, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called NETLOGON successfully [2008/07/22 21:33:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 104 [2008/07/22 21:33:36, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d1 name: NETLOGON len: 4280 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0024 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000006 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000000c [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:36, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 06 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 42 EF 70 49 45 84 FA ........ .B.pIE.. [020] 68 00 00 00 00 h.... [2008/07/22 21:33:36, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 250 [2008/07/22 21:33:36, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xfa [2008/07/22 21:33:36, 3] smbd/process.c:process_smb(1549) Transaction 12 of length 254 (0 toread) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:36, 5] lib/util.c:show_msg(655) size=250 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 168 (0xA8) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28881 (0x70D1) smb_bcc=183 [2008/07/22 21:33:36, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 A8 00 00 00 07 00 00 00 90 ........ ........ [020] 00 00 00 00 00 0F 00 00 00 02 00 10 00 00 00 00 ........ ........ [030] 00 00 00 10 00 00 00 5C 00 5C 00 43 00 48 00 50 .......\ .\.C.H.P [040] 00 41 00 53 00 2D 00 4E 00 45 00 54 00 53 00 56 .A.S.-.N .E.T.S.V [050] 00 43 00 53 00 00 00 0F 00 00 00 00 00 00 00 0F .C.S.... ........ [060] 00 00 00 43 00 48 00 50 00 41 00 53 00 2D 00 4C ...C.H.P .A.S.-.L [070] 00 41 00 4E 00 53 00 56 00 43 00 53 00 24 00 00 .A.N.S.V .C.S.$.. [080] 00 06 00 0E 00 00 00 00 00 00 00 0E 00 00 00 43 ........ .......C [090] 00 48 00 50 00 41 00 53 00 2D 00 4C 00 41 00 4E .H.P.A.S .-.L.A.N [0A0] 00 53 00 56 00 43 00 53 00 00 00 0A B2 82 4B 94 .S.V.C.S ......K. [0B0] ED 72 51 FF FF 0F 60 .rQ...` [2008/07/22 21:33:36, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6816) conn 0x555555cd0070 [2008/07/22 21:33:36, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:36, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=168 params=0 setup=2 [2008/07/22 21:33:36, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:36, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:36, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:36, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d1 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d1 (pipes_open=1) [2008/07/22 21:33:36, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "NETLOGON" (pnum 70d1) [2008/07/22 21:33:36, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c2d490 max_trans_reply: 4280 [2008/07/22 21:33:36, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d1 name: NETLOGON open: Yes len: 168 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 168 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 168 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 168, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 152 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 152 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00a8 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000007 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 152 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 152, incoming data = 152 [2008/07/22 21:33:36, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000090 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:36, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 000f [2008/07/22 21:33:36, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:36, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\NETLOGON [2008/07/22 21:33:36, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE2 [2008/07/22 21:33:36, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[15].fn == 0x55555570beda netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 in: struct netr_ServerAuthenticate2 server_name : * server_name : '\\CHPAS-NETSVCS' account_name : 'CHPAS-LANSVCS$' secure_channel_type : SEC_CHAN_BDC (6) computer_name : 'CHPAS-LANSVCS' credentials : * credentials: struct netr_Credential data : 0ab2824b94ed7251 negotiate_flags : * negotiate_flags : 0x600fffff (1611661311) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:36, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:36, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [dc=arnoldtrans,dc=lcl], filter => [(&(uid=CHPAS-LANSVCS$)(objectclass=sambaSamAccount))], scope => [2] [2008/07/22 21:33:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: chpas-lansvcs$ [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdLastSet does not exist [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdCanChange does not exist [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdMustChange does not exist [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2008/07/22 21:33:36, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLMPassword does not exist [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:36, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:36, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPasswordHistory] = [] [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2008/07/22 21:33:36, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2008/07/22 21:33:36, 5] passdb/login_cache.c:login_cache_init(40) Opening cache file at /var/lib/samba/login_cache.tdb [2008/07/22 21:33:36, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user chpas-lansvcs$ [2008/07/22 21:33:36, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2008/07/22 21:33:36, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2008/07/22 21:33:36, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user chpas-lansvcs$ [2008/07/22 21:33:36, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is chpas-lansvcs$ [2008/07/22 21:33:36, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [chpas-lansvcs$]! [2008/07/22 21:33:36, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2008/07/22 21:33:36, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 515 [2008/07/22 21:33:36, 10] passdb/lookup_sid.c:lookup_sid(958) lookup_sid called for SID 'S-1-5-21-399034208-633907489-3292321255-515' [2008/07/22 21:33:36, 10] passdb/lookup_sid.c:check_dom_sid_to_level(713) Accepting SID S-1-5-21-399034208-633907489-3292321255 in level 1 [2008/07/22 21:33:36, 10] passdb/lookup_sid.c:lookup_rids(476) lookup_rids called for domain sid 'S-1-5-21-399034208-633907489-3292321255' [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:36, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:36, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:36, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:36, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:36, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Users,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-399034208-633907489-3292321255-515)))], scope => [2] [2008/07/22 21:33:37, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-399034208-633907489-3292321255-515)))], scope => [2] [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 10] passdb/lookup_sid.c:lookup_sid(993) Sid S-1-5-21-399034208-633907489-3292321255-515 -> ARNOLD\Domain Trust Accounts(2) [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:37, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:37, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:37, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:37, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:37, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:37, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:37, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:37, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:37, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 from rid 41377 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:37, 5] lib/util.c:dump_data(2226) [000] 62 3B C7 C6 CA 96 5F 66 3E 16 53 0D 04 A4 18 C3 b;...._f >.S..... [2008/07/22 21:33:37, 10] libsmb/credentials.c:creds_server_init(185) creds_server_init: neg_flags : 600fffff [2008/07/22 21:33:37, 10] libsmb/credentials.c:creds_server_init(186) creds_server_init: client chal : A66B750460583C04 [2008/07/22 21:33:37, 10] libsmb/credentials.c:creds_server_init(187) creds_server_init: server chal : 42EF70494584FA68 [2008/07/22 21:33:37, 5] libsmb/credentials.c:creds_init_128(70) creds_init_128 [2008/07/22 21:33:37, 5] libsmb/credentials.c:creds_init_128(71) clnt_chal_in: A66B750460583C04 [2008/07/22 21:33:37, 5] libsmb/credentials.c:creds_init_128(72) srv_chal_in : 42EF70494584FA68 [2008/07/22 21:33:37, 10] libsmb/credentials.c:creds_server_init(205) creds_server_init: clnt : D1896E518DDAA39B [2008/07/22 21:33:37, 10] libsmb/credentials.c:creds_server_init(206) creds_server_init: server : CC89B6DAF2B99046 [2008/07/22 21:33:37, 10] libsmb/credentials.c:creds_server_init(207) creds_server_init: seed : D1896E518DDAA39B [2008/07/22 21:33:37, 5] libsmb/credentials.c:netlogon_creds_server_check(221) netlogon_creds_server_check: challenge : 0AB2824B94ED7251 [2008/07/22 21:33:37, 5] libsmb/credentials.c:netlogon_creds_server_check(222) calculated: D1896E518DDAA39B [2008/07/22 21:33:37, 2] libsmb/credentials.c:netlogon_creds_server_check(223) netlogon_creds_server_check: credentials check failed. [2008/07/22 21:33:37, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client CHPAS-LANSVCS machine account CHPAS-LANSVCS$ netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 out: struct netr_ServerAuthenticate2 return_credentials : * return_credentials: struct netr_Credential data : 0000000000000000 negotiate_flags : * negotiate_flags : 0x600fffff (1611661311) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL result : NT_STATUS_ACCESS_DENIED [2008/07/22 21:33:37, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called NETLOGON successfully [2008/07/22 21:33:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 152 [2008/07/22 21:33:37, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d1 name: NETLOGON len: 4280 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0028 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000007 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000010 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:37, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..40] (align 0) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(655) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/07/22 21:33:37, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 07 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 FF FF 0F 60 22 00 00 C0 ....`".. . [2008/07/22 21:33:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 202 [2008/07/22 21:33:37, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xca [2008/07/22 21:33:37, 3] smbd/process.c:process_smb(1549) Transaction 13 of length 206 (0 toread) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(655) size=202 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 120 (0x78) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28881 (0x70D1) smb_bcc=135 [2008/07/22 21:33:37, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 78 00 00 00 08 00 00 00 60 .......x .......` [020] 00 00 00 00 00 04 00 00 00 02 00 10 00 00 00 00 ........ ........ [030] 00 00 00 10 00 00 00 5C 00 5C 00 43 00 48 00 50 .......\ .\.C.H.P [040] 00 41 00 53 00 2D 00 4E 00 45 00 54 00 53 00 56 .A.S.-.N .E.T.S.V [050] 00 43 00 53 00 00 00 0E 00 00 00 00 00 00 00 0E .C.S.... ........ [060] 00 00 00 43 00 48 00 50 00 41 00 53 00 2D 00 4C ...C.H.P .A.S.-.L [070] 00 41 00 4E 00 53 00 56 00 43 00 53 00 00 00 3C .A.N.S.V .C.S...< [080] 6C B8 6A 47 39 D0 13 l.jG9.. [2008/07/22 21:33:37, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6816) conn 0x555555cd0070 [2008/07/22 21:33:37, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:37, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=120 params=0 setup=2 [2008/07/22 21:33:37, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:37, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:37, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:37, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d1 [2008/07/22 21:33:37, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d1 (pipes_open=1) [2008/07/22 21:33:37, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "NETLOGON" (pnum 70d1) [2008/07/22 21:33:37, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c2d490 max_trans_reply: 4280 [2008/07/22 21:33:37, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d1 name: NETLOGON open: Yes len: 120 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 120 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 120 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 120, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 104 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 104 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0078 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2008/07/22 21:33:37, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 104 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 104, incoming data = 104 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000060 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0004 [2008/07/22 21:33:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:37, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\NETLOGON [2008/07/22 21:33:37, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE [2008/07/22 21:33:37, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[4].fn == 0x55555570d92e netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\CHPAS-NETSVCS' computer_name : 'CHPAS-LANSVCS' credentials : * credentials: struct netr_Credential data : 3c6cb86a4739d013 [2008/07/22 21:33:37, 10] rpc_server/srv_netlog_nt.c:_netr_ServerReqChallenge(385) _netr_ServerReqChallenge: new challenge requested. Clearing old state. [2008/07/22 21:33:37, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) init_net_r_req_chal: 41 netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : 448a97e6b64cd16e result : NT_STATUS_OK [2008/07/22 21:33:37, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called NETLOGON successfully [2008/07/22 21:33:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 104 [2008/07/22 21:33:37, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d1 name: NETLOGON len: 4280 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0024 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000000c [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:37, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(655) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/07/22 21:33:37, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 08 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 44 8A 97 E6 B6 4C D1 ........ .D....L. [020] 6E 00 00 00 00 n.... [2008/07/22 21:33:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 250 [2008/07/22 21:33:37, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xfa [2008/07/22 21:33:37, 3] smbd/process.c:process_smb(1549) Transaction 14 of length 254 (0 toread) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(655) size=250 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 168 (0xA8) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28881 (0x70D1) smb_bcc=183 [2008/07/22 21:33:37, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 A8 00 00 00 09 00 00 00 90 ........ ........ [020] 00 00 00 00 00 0F 00 00 00 02 00 10 00 00 00 00 ........ ........ [030] 00 00 00 10 00 00 00 5C 00 5C 00 43 00 48 00 50 .......\ .\.C.H.P [040] 00 41 00 53 00 2D 00 4E 00 45 00 54 00 53 00 56 .A.S.-.N .E.T.S.V [050] 00 43 00 53 00 00 00 0F 00 00 00 00 00 00 00 0F .C.S.... ........ [060] 00 00 00 43 00 48 00 50 00 41 00 53 00 2D 00 4C ...C.H.P .A.S.-.L [070] 00 41 00 4E 00 53 00 56 00 43 00 53 00 24 00 00 .A.N.S.V .C.S.$.. [080] 00 06 00 0E 00 00 00 00 00 00 00 0E 00 00 00 43 ........ .......C [090] 00 48 00 50 00 41 00 53 00 2D 00 4C 00 41 00 4E .H.P.A.S .-.L.A.N [0A0] 00 53 00 56 00 43 00 53 00 00 00 1A EE 86 1F 50 .S.V.C.S .......P [0B0] 8D 57 47 FF FF 0F 60 .WG...` [2008/07/22 21:33:37, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6816) conn 0x555555cd0070 [2008/07/22 21:33:37, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:37, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=168 params=0 setup=2 [2008/07/22 21:33:37, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:37, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:37, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:37, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d1 [2008/07/22 21:33:37, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d1 (pipes_open=1) [2008/07/22 21:33:37, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "NETLOGON" (pnum 70d1) [2008/07/22 21:33:37, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c2d490 max_trans_reply: 4280 [2008/07/22 21:33:37, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d1 name: NETLOGON open: Yes len: 168 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 168 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 168 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 168, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 152 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 152 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00a8 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000009 [2008/07/22 21:33:37, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 152 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 152, incoming data = 152 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000090 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 000f [2008/07/22 21:33:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:37, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\NETLOGON [2008/07/22 21:33:37, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE2 [2008/07/22 21:33:37, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[15].fn == 0x55555570beda netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 in: struct netr_ServerAuthenticate2 server_name : * server_name : '\\CHPAS-NETSVCS' account_name : 'CHPAS-LANSVCS$' secure_channel_type : SEC_CHAN_BDC (6) computer_name : 'CHPAS-LANSVCS' credentials : * credentials: struct netr_Credential data : 1aee861f508d5747 negotiate_flags : * negotiate_flags : 0x600fffff (1611661311) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:37, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:37, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [dc=arnoldtrans,dc=lcl], filter => [(&(uid=CHPAS-LANSVCS$)(objectclass=sambaSamAccount))], scope => [2] [2008/07/22 21:33:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: chpas-lansvcs$ [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdLastSet does not exist [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdCanChange does not exist [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdMustChange does not exist [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLMPassword does not exist [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:37, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:37, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:37, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:37, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPasswordHistory] = [] [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2008/07/22 21:33:37, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2008/07/22 21:33:37, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user chpas-lansvcs$ [2008/07/22 21:33:37, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2008/07/22 21:33:37, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2008/07/22 21:33:37, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user chpas-lansvcs$ [2008/07/22 21:33:37, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is chpas-lansvcs$ [2008/07/22 21:33:37, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [chpas-lansvcs$]! [2008/07/22 21:33:37, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2008/07/22 21:33:37, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 515 [2008/07/22 21:33:37, 10] passdb/lookup_sid.c:lookup_sid(958) lookup_sid called for SID 'S-1-5-21-399034208-633907489-3292321255-515' [2008/07/22 21:33:37, 10] passdb/lookup_sid.c:check_dom_sid_to_level(713) Accepting SID S-1-5-21-399034208-633907489-3292321255 in level 1 [2008/07/22 21:33:37, 10] passdb/lookup_sid.c:lookup_rids(476) lookup_rids called for domain sid 'S-1-5-21-399034208-633907489-3292321255' [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:37, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:37, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:37, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:37, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Users,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-399034208-633907489-3292321255-515)))], scope => [2] [2008/07/22 21:33:37, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-399034208-633907489-3292321255-515)))], scope => [2] [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 10] passdb/lookup_sid.c:lookup_sid(993) Sid S-1-5-21-399034208-633907489-3292321255-515 -> ARNOLD\Domain Trust Accounts(2) [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:37, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:37, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:37, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:37, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:37, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:37, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:37, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:37, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:37, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:37, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 from rid 41377 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:37, 5] lib/util.c:dump_data(2226) [000] 62 3B C7 C6 CA 96 5F 66 3E 16 53 0D 04 A4 18 C3 b;...._f >.S..... [2008/07/22 21:33:37, 10] libsmb/credentials.c:creds_server_init(185) creds_server_init: neg_flags : 600fffff [2008/07/22 21:33:37, 10] libsmb/credentials.c:creds_server_init(186) creds_server_init: client chal : 3C6CB86A4739D013 [2008/07/22 21:33:37, 10] libsmb/credentials.c:creds_server_init(187) creds_server_init: server chal : 448A97E6B64CD16E [2008/07/22 21:33:37, 5] libsmb/credentials.c:creds_init_128(70) creds_init_128 [2008/07/22 21:33:37, 5] libsmb/credentials.c:creds_init_128(71) clnt_chal_in: 3C6CB86A4739D013 [2008/07/22 21:33:37, 5] libsmb/credentials.c:creds_init_128(72) srv_chal_in : 448A97E6B64CD16E [2008/07/22 21:33:37, 10] libsmb/credentials.c:creds_server_init(205) creds_server_init: clnt : 9660060FC507F6AD [2008/07/22 21:33:37, 10] libsmb/credentials.c:creds_server_init(206) creds_server_init: server : A272B2CA45D0712C [2008/07/22 21:33:37, 10] libsmb/credentials.c:creds_server_init(207) creds_server_init: seed : 9660060FC507F6AD [2008/07/22 21:33:37, 5] libsmb/credentials.c:netlogon_creds_server_check(221) netlogon_creds_server_check: challenge : 1AEE861F508D5747 [2008/07/22 21:33:37, 5] libsmb/credentials.c:netlogon_creds_server_check(222) calculated: 9660060FC507F6AD [2008/07/22 21:33:37, 2] libsmb/credentials.c:netlogon_creds_server_check(223) netlogon_creds_server_check: credentials check failed. [2008/07/22 21:33:37, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client CHPAS-LANSVCS machine account CHPAS-LANSVCS$ netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 out: struct netr_ServerAuthenticate2 return_credentials : * return_credentials: struct netr_Credential data : 0000000000000000 negotiate_flags : * negotiate_flags : 0x600fffff (1611661311) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL result : NT_STATUS_ACCESS_DENIED [2008/07/22 21:33:37, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called NETLOGON successfully [2008/07/22 21:33:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 152 [2008/07/22 21:33:37, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d1 name: NETLOGON len: 4280 [2008/07/22 21:33:37, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0028 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000009 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000010 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:37, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:37, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..40] (align 0) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(655) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/07/22 21:33:37, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 09 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 FF FF 0F 60 22 00 00 C0 ....`".. . [2008/07/22 21:33:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/22 21:33:37, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/22 21:33:37, 3] smbd/process.c:process_smb(1549) Transaction 15 of length 45 (0 toread) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=17 smt_wct=3 smb_vwv[ 0]=28881 (0x70D1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/22 21:33:37, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 6816) conn 0x555555cd0070 [2008/07/22 21:33:37, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:37, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d1 [2008/07/22 21:33:37, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d1 (pipes_open=1) [2008/07/22 21:33:37, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:70d1 [2008/07/22 21:33:37, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe NETLOGON [2008/07/22 21:33:37, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name NETLOGON pnum=70d1 (pipes_open=0) [2008/07/22 21:33:37, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:37, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c8ad50 [2008/07/22 21:33:37, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:37, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=17 smt_wct=0 smb_bcc=0 [2008/07/22 21:33:37, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 35 [2008/07/22 21:33:37, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x23 [2008/07/22 21:33:37, 3] smbd/process.c:process_smb(1549) Transaction 16 of length 39 (0 toread) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(655) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=18 smt_wct=0 smb_bcc=0 [2008/07/22 21:33:37, 3] smbd/process.c:switch_message(1361) switch message SMBtdis (pid 6816) conn 0x555555cd0070 [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:37, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:37, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:37, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:37, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:37, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:37, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:37, 3] smbd/service.c:close_cnum(1401) chpas-lansvcs (192.168.10.33) closed connection to service IPC$ [2008/07/22 21:33:37, 3] smbd/connection.c:yield_connection(31) Yielding connection to IPC$ [2008/07/22 21:33:37, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key A01A0000010000004950 [2008/07/22 21:33:37, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555ccf860 [2008/07/22 21:33:37, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key A01A0000010000004950 [2008/07/22 21:33:37, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to / [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:37, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:37, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:37, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:37, 5] lib/util.c:show_msg(655) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=18 smt_wct=0 smb_bcc=0 [2008/07/22 21:33:37, 5] lib/util_sock.c:read_socket_with_timeout(928) read_socket_with_timeout: blocking read. EOF from client. [2008/07/22 21:33:37, 10] smbd/process.c:receive_smb_raw_talloc(276) receive_smb_raw: NT_STATUS_END_OF_FILE [2008/07/22 21:33:37, 3] smbd/process.c:smbd_process(2027) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2008/07/22 21:33:37, 5] lib/gencache.c:gencache_shutdown(93) Closing cache file [2008/07/22 21:33:37, 5] libsmb/namecache.c:namecache_shutdown(81) namecache_shutdown: netbios namecache closed successfully. [2008/07/22 21:33:37, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:37, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:37, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:37, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:37, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2008/07/22 21:33:37, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key A01A0000FFFFFFFF0000 [2008/07/22 21:33:37, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c88140 [2008/07/22 21:33:37, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key A01A0000FFFFFFFF0000 [2008/07/22 21:33:37, 3] smbd/server.c:exit_server_common(944) Server exit (normal exit) [2008/07/22 21:33:39, 5] lib/debug.c:debug_dump_status(395) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 doing parameter max log size = 0 [2008/07/22 21:33:39, 2] param/loadparm.c:do_section(7363) Processing section "[homes]" [2008/07/22 21:33:39, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 3 for homes [2008/07/22 21:33:39, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 3 for service name homes doing parameter comment = Home Directories doing parameter valid users = %S doing parameter read only = No doing parameter inherit acls = Yes doing parameter browseable = No [2008/07/22 21:33:39, 2] param/loadparm.c:do_section(7363) Processing section "[netlogon]" [2008/07/22 21:33:39, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 2 for netlogon [2008/07/22 21:33:39, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 2 for service name netlogon doing parameter comment = Network Logon Service doing parameter path = /var/lib/samba/netlogon doing parameter guest ok = Yes doing parameter browseable = No doing parameter share modes = No [2008/07/22 21:33:39, 2] param/loadparm.c:do_section(7363) Processing section "[profiles]" [2008/07/22 21:33:39, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 1 for profiles [2008/07/22 21:33:39, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 1 for service name profiles doing parameter comment = Network Profiles Service doing parameter path = /var/lib/samba/profiles doing parameter read only = No doing parameter create mask = 0600 doing parameter directory mask = 0700 doing parameter store dos attributes = Yes doing parameter browseable = No doing parameter available = No [2008/07/22 21:33:39, 4] param/loadparm.c:lp_load_ex(8724) pm_process() returned Yes [2008/07/22 21:33:39, 1] param/loadparm.c:service_ok(6501) NOTE: Service profiles is flagged unavailable. [2008/07/22 21:33:39, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 0 for IPC$ [2008/07/22 21:33:39, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 0 for service name IPC$ [2008/07/22 21:33:39, 3] param/loadparm.c:lp_add_ipc(5906) adding IPC service [2008/07/22 21:33:39, 10] param/loadparm.c:set_server_role(7905) set_server_role: role = ROLE_DOMAIN_PDC [2008/07/22 21:33:39, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:39, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:39, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:39, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:39, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:39, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:39, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:39, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:39, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:39, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:39, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:39, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:39, 7] param/loadparm.c:lp_servicenumber(8917) lp_servicenumber: couldn't find printers [2008/07/22 21:33:39, 3] printing/pcap.c:pcap_cache_reload(116) reloading printcap cache [2008/07/22 21:33:39, 3] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2008/07/22 21:33:39, 3] printing/pcap.c:pcap_cache_reload(116) reloading printcap cache [2008/07/22 21:33:39, 3] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2008/07/22 21:33:39, 7] param/loadparm.c:lp_servicenumber(8917) lp_servicenumber: couldn't find printers [2008/07/22 21:33:39, 2] lib/interface.c:add_interface(334) added interface eth0 ip=fe80::214:22ff:fe24:45be%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2008/07/22 21:33:39, 2] lib/interface.c:add_interface(334) added interface eth0 ip=192.168.10.23 bcast=192.168.11.255 netmask=255.255.254.0 [2008/07/22 21:33:39, 2] lib/interface.c:add_interface(334) added interface lo ip=::1 bcast=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff [2008/07/22 21:33:39, 2] lib/interface.c:add_interface(334) added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 0 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 0 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 87380 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 0 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 0 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 87380 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2008/07/22 21:33:39, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2008/07/22 21:33:39, 5] smbd/reply.c:reply_special(472) init msg_type=0x81 msg_flags=0x0 [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 190 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xbe [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 0 of length 194 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=0 smb_mid=2 smt_wct=0 smb_bcc=155 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBnegprot (pid 6817) conn 0x0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:39, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [PC NETWORK PROGRAM 1.0] [2008/07/22 21:33:39, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [MICROSOFT NETWORKS 1.03] [2008/07/22 21:33:39, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [MICROSOFT NETWORKS 3.0] [2008/07/22 21:33:39, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LANMAN1.0] [2008/07/22 21:33:39, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LM1.2X002] [2008/07/22 21:33:39, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [DOS LANMAN2.1] [2008/07/22 21:33:39, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LANMAN2.1] [2008/07/22 21:33:39, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [Samba] [2008/07/22 21:33:39, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [NT LANMAN 1.0] [2008/07/22 21:33:39, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [NT LM 0.12] [2008/07/22 21:33:39, 10] lib/util.c:set_remote_arch(2201) set_remote_arch: Client arch is 'Samba' [2008/07/22 21:33:39, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/%m.conf -> /etc/samba/chpas-lansvcs.conf last mod_time: Tue Jul 22 21:32:54 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 22 21:32:59 2008 [2008/07/22 21:33:39, 5] smbd/connection.c:claim_connection(142) claiming [] [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key A11A0000FFFFFFFF0000 [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c8f380 [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key A11A0000FFFFFFFF0000 [2008/07/22 21:33:39, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/%m.conf -> /etc/samba/chpas-lansvcs.conf last mod_time: Tue Jul 22 21:32:54 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 22 21:32:59 2008 [2008/07/22 21:33:39, 3] smbd/negprot.c:reply_nt1(392) using SPNEGO [2008/07/22 21:33:39, 3] smbd/negprot.c:reply_negprot(673) Selected protocol NT LANMAN 1.0 [2008/07/22 21:33:39, 5] smbd/negprot.c:reply_negprot(680) negprot index=8 [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=41216 (0xA100) smb_vwv[ 8]= 26 (0x1A) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=60187 (0xEB1B) smb_vwv[13]=25633 (0x6421) smb_vwv[14]=51436 (0xC8EC) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=58 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 63 68 70 61 73 2D 6E 65 74 73 76 63 73 00 00 00 chpas-ne tsvcs... [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 166 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xa6 [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 1 of length 170 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=166 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=0 smb_mid=3 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 85 (0x55) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=49244 (0xC05C) smb_vwv[11]=32768 (0x8000) smb_bcc=107 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 60 53 06 06 2B 06 01 05 05 02 A0 49 30 47 A0 0E `S..+... ...I0G.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 35 0...+... ..7....5 [020] 04 33 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 82 .3NTLMSS P....... [030] 08 60 06 00 06 00 20 00 00 00 0D 00 0D 00 26 00 .`.... . ......&. [040] 00 00 41 52 4E 4F 4C 44 43 48 50 41 53 2D 4C 41 ..ARNOLD CHPAS-LA [050] 4E 53 56 43 53 55 00 6E 00 69 00 78 00 00 00 53 NSVCSU.n .i.x...S [060] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBsesssetupX (pid 6817) conn 0x0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:39, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409) wct=12 flg2=0xc801 [2008/07/22 21:33:39, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173) Doing spnego session setup [2008/07/22 21:33:39, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2008/07/22 21:33:39, 10] smbd/password.c:register_initial_vuid(188) register_initial_vuid: allocated vuid = 100 [2008/07/22 21:33:39, 10] smbd/sesssetup.c:check_spnego_blob_complete(1121) check_spnego_blob_complete: needed_len = 85, pblob->length = 85 [2008/07/22 21:33:39, 5] smbd/sesssetup.c:parse_spnego_mechanisms(749) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2008/07/22 21:33:39, 3] smbd/sesssetup.c:reply_spnego_negotiate(800) reply_spnego_negotiate: Got secblob of size 51 [2008/07/22 21:33:39, 5] auth/auth.c:make_auth_context_subsystem(485) Making default auth method list for DC, security=user, encrypt passwords = yes [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend sam [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'sam' [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend sam_ignoredomain [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'sam_ignoredomain' [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend unix [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'unix' [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend winbind [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'winbind' [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend smbserver [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'smbserver' [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend trustdomain [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'trustdomain' [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend ntdomain [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'ntdomain' [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend guest [2008/07/22 21:33:39, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'guest' [2008/07/22 21:33:39, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match guest [2008/07/22 21:33:39, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method guest has a valid init [2008/07/22 21:33:39, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match sam [2008/07/22 21:33:39, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method sam has a valid init [2008/07/22 21:33:39, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2008/07/22 21:33:39, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match trustdomain [2008/07/22 21:33:39, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method trustdomain has a valid init [2008/07/22 21:33:39, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method winbind has a valid init [2008/07/22 21:33:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2008/07/22 21:33:39, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module guest did not want to specify a challenge [2008/07/22 21:33:39, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module sam did not want to specify a challenge [2008/07/22 21:33:39, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module winbind did not want to specify a challenge [2008/07/22 21:33:39, 5] auth/auth.c:get_ntlm_challenge(136) auth_context challenge created by random [2008/07/22 21:33:39, 5] auth/auth.c:get_ntlm_challenge(137) challenge is: [2008/07/22 21:33:39, 5] lib/util.c:dump_data(2226) [000] D1 57 EC 67 3F 08 6A 4F .W.g?.jO [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=362 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 237 (0xED) smb_bcc=319 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] A1 81 EA 30 81 E7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 D1 04 81 CE 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 0C 00 0C 00 30 TLMSSP.. .......0 [030] 00 00 00 15 82 89 60 D1 57 EC 67 3F 08 6A 4F 00 ......`. W.g?.jO. [040] 00 00 00 00 00 00 00 92 00 92 00 3C 00 00 00 41 ........ ...<...A [050] 00 52 00 4E 00 4F 00 4C 00 44 00 02 00 0C 00 41 .R.N.O.L .D.....A [060] 00 52 00 4E 00 4F 00 4C 00 44 00 01 00 1A 00 43 .R.N.O.L .D.....C [070] 00 48 00 50 00 41 00 53 00 2D 00 4E 00 45 00 54 .H.P.A.S .-.N.E.T [080] 00 53 00 56 00 43 00 53 00 04 00 1E 00 61 00 72 .S.V.C.S .....a.r [090] 00 6E 00 6F 00 6C 00 64 00 74 00 72 00 61 00 6E .n.o.l.d .t.r.a.n [0A0] 00 73 00 2E 00 6C 00 63 00 6C 00 03 00 3A 00 63 .s...l.c .l...:.c [0B0] 00 68 00 70 00 61 00 73 00 2D 00 6E 00 65 00 74 .h.p.a.s .-.n.e.t [0C0] 00 73 00 76 00 63 00 73 00 2E 00 61 00 72 00 6E .s.v.c.s ...a.r.n [0D0] 00 6F 00 6C 00 64 00 74 00 72 00 61 00 6E 00 73 .o.l.d.t .r.a.n.s [0E0] 00 2E 00 6C 00 63 00 6C 00 00 00 00 00 55 00 6E ...l.c.l .....U.n [0F0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [100] 00 20 00 33 00 2E 00 32 00 2E 00 30 00 2D 00 31 . .3...2 ...0.-.1 [110] 00 37 00 39 00 35 00 2D 00 53 00 55 00 53 00 45 .7.9.5.- .S.U.S.E [120] 00 2D 00 53 00 4C 00 45 00 53 00 31 00 30 00 00 .-.S.L.E .S.1.0.. [130] 00 41 00 52 00 4E 00 4F 00 4C 00 44 00 00 00 .A.R.N.O .L.D... [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 268 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x10c [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 2 of length 272 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=268 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=100 smb_mid=4 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 186 (0xBA) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=49244 (0xC05C) smb_vwv[11]=32768 (0x8000) smb_bcc=209 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] A1 81 B7 30 81 B4 A2 81 B1 04 81 AE 4E 54 4C 4D ...0.... ....NTLM [010] 53 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 SSP..... ....@... [020] 18 00 18 00 58 00 00 00 0C 00 0C 00 70 00 00 00 ....X... ....p... [030] 08 00 08 00 7C 00 00 00 1A 00 1A 00 84 00 00 00 ....|... ........ [040] 10 00 10 00 9E 00 00 00 15 82 08 60 B3 E6 33 B7 ........ ...`..3. [050] 60 62 3A 2A 00 00 00 00 00 00 00 00 00 00 00 00 `b:*.... ........ [060] 00 00 00 00 F4 14 A7 8A ED 06 96 BE 2C 69 DD 7C ........ ....,i.| [070] 96 EC AC A2 D1 D2 22 69 1D 60 0D 66 41 00 52 00 ......"i .`.fA.R. [080] 4E 00 4F 00 4C 00 44 00 72 00 6F 00 6F 00 74 00 N.O.L.D. r.o.o.t. [090] 43 00 48 00 50 00 41 00 53 00 2D 00 4C 00 41 00 C.H.P.A. S.-.L.A. [0A0] 4E 00 53 00 56 00 43 00 53 00 C0 E0 BA D5 13 1D N.S.V.C. S....... [0B0] 67 1E D8 71 07 6F B6 0F 15 17 00 55 00 6E 00 69 g..q.o.. ...U.n.i [0C0] 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 00 00 .x...S.a .m.b.a.. [0D0] 00 . [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBsesssetupX (pid 6817) conn 0x0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:39, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409) wct=12 flg2=0xc801 [2008/07/22 21:33:39, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173) Doing spnego session setup [2008/07/22 21:33:39, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2008/07/22 21:33:39, 10] smbd/sesssetup.c:check_spnego_blob_complete(1121) check_spnego_blob_complete: needed_len = 186, pblob->length = 186 [2008/07/22 21:33:39, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(745) Got user=[root] domain=[ARNOLD] workstation=[CHPAS-LANSVCS] len1=24 len2=24 [2008/07/22 21:33:39, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(68) auth_context challenge set by NTLMSSP callback (NTLM2) [2008/07/22 21:33:39, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(69) challenge is: [2008/07/22 21:33:39, 5] lib/util.c:dump_data(2226) [000] 67 C6 99 C6 B0 4E 6E D8 g....Nn. [2008/07/22 21:33:39, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/%m.conf -> /etc/samba/chpas-lansvcs.conf last mod_time: Tue Jul 22 21:32:54 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 22 21:32:59 2008 [2008/07/22 21:33:39, 4] smbd/map_username.c:map_username(145) Scanning username map /etc/samba/smbusers [2008/07/22 21:33:39, 10] smbd/password.c:user_in_list(504) user_in_list: checking user root in list [2008/07/22 21:33:39, 10] smbd/password.c:user_in_list(509) user_in_list: checking user |root| against |administrator| [2008/07/22 21:33:39, 5] auth/auth_util.c:make_user_info_map(178) make_user_info_map: Mapping user [ARNOLD]\[root] from workstation [CHPAS-LANSVCS] [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] auth/auth_util.c:is_trusted_domain(2021) is_trusted_domain: Checking for domain trust with [ARNOLD] [2008/07/22 21:33:39, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5821) ldapsam_get_trusteddom_pw called for domain ARNOLD [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [sambaDomainName=ARNOLD,sambaDomainName=ARNOLD,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=ARNOLD))], scope => [2] [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_close(1110) The connection to the LDAP server was closed [2008/07/22 21:33:39, 10] lib/smbldap.c:smb_ldap_setup_conn(616) smb_ldap_setup_connection: ldap://localhost [2008/07/22 21:33:39, 2] lib/smbldap.c:smbldap_open_connection(796) smbldap_open_connection: connection opened [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_connect_system(961) ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=arnoldtrans,dc=lcl" [2008/07/22 21:33:39, 3] lib/smbldap.c:smbldap_connect_system(1007) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2008/07/22 21:33:39, 10] lib/events.c:event_add_timed(128) Added timed event "smbldap_idle_fn": 555555c9d850 [2008/07/22 21:33:39, 4] lib/smbldap.c:smbldap_open(1090) The LDAP server is successfully connected [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_search_ext(1271) Failed search for base: sambaDomainName=ARNOLD,sambaDomainName=ARNOLD,dc=arnoldtrans,dc=lcl, error: 32 (No such object) () [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(194) Cache entry with key = TDOM/ARNOLD couldn't be found [2008/07/22 21:33:39, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183) no entry for trusted domain ARNOLD found. [2008/07/22 21:33:39, 5] auth/auth_util.c:make_user_info(92) attempting to make a user_info for root (root) [2008/07/22 21:33:39, 5] auth/auth_util.c:make_user_info(102) making strings for root's user_info struct [2008/07/22 21:33:39, 5] auth/auth_util.c:make_user_info(134) making blobs for root's user_info struct [2008/07/22 21:33:39, 10] auth/auth_util.c:make_user_info(152) made an encrypted user_info for root (root) [2008/07/22 21:33:39, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [ARNOLD]\[root]@[CHPAS-LANSVCS] with the new password interface [2008/07/22 21:33:39, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [ARNOLD]\[root]@[CHPAS-LANSVCS] [2008/07/22 21:33:39, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2008/07/22 21:33:39, 10] auth/auth.c:check_ntlm_password(234) challenge is: [2008/07/22 21:33:39, 5] lib/util.c:dump_data(2226) [000] 67 C6 99 C6 B0 4E 6E D8 g....Nn. [2008/07/22 21:33:39, 10] auth/auth.c:check_ntlm_password(260) check_ntlm_password: guest had nothing to say [2008/07/22 21:33:39, 8] lib/util.c:is_myname(2101) is_myname("ARNOLD") returns 0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [dc=arnoldtrans,dc=lcl], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2008/07/22 21:33:39, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: root [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username root, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username root, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-399034208-633907489-3292321255-2996 [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-2996 [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute displayName does not exist [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Samba Admin, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\chpas-lansvcs\root\documents, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\ch-ntadmin.bat, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-lansvcs\profiles\root, was [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLMPassword does not exist [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 5] passdb/login_cache.c:login_cache_init(40) Opening cache file at /var/lib/samba/login_cache.tdb [2008/07/22 21:33:39, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user root [2008/07/22 21:33:39, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2008/07/22 21:33:39, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning expired cache entry: key = ACCT_POL/maximum password age, value = 7776000 , timeout = Tue Jul 22 21:31:37 2008 [2008/07/22 21:33:39, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845) ldapsam_get_account_policy_from_ldap [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [sambaDomainName=ARNOLD,dc=arnoldtrans,dc=lcl], filter => [(objectclass=*)], scope => [0] [2008/07/22 21:33:39, 10] lib/account_pol.c:cache_account_policy_set(395) cache_account_policy_set: updating account pol cache [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = ACCT_POL/maximum password age; value = 7776000 and timeout = Tue Jul 22 21:34:39 2008 (60 seconds ahead) [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user root [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is root [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [root]! [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2] [2008/07/22 21:33:39, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=0)) [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username root, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username root, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Samba Admin, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\chpas-lansvcs\root\documents, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\ch-ntadmin.bat, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-lansvcs\profiles\root, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-2996 [2008/07/22 21:33:39, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-399034208-633907489-3292321255-2996 from rid 2996 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 9] passdb/passdb.c:pdb_update_autolock_flag(1417) pdb_update_autolock_flag: Account root not autolocked, no check needed [2008/07/22 21:33:39, 4] libsmb/ntlm_check.c:ntlm_password_check(328) ntlm_password_check: Checking NT MD4 password [2008/07/22 21:33:39, 4] auth/auth_sam.c:sam_account_ok(137) sam_account_ok: Checking SMB password for user root [2008/07/22 21:33:39, 5] auth/auth_sam.c:logon_hours_ok(119) logon_hours_ok: user root allowed to logon at this time (Wed Jul 23 01:33:39 2008 ) [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 7776000 , timeout = Tue Jul 22 21:34:39 2008 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaSamAccount)(uid=root))], scope => [2] [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=posixGroup)(|(memberUid=root)(gidNumber=512)))], scope => [2] [2008/07/22 21:33:39, 5] auth/auth_util.c:make_server_info_sam(622) make_server_info_sam: made server info for user root -> root [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: sam authentication for user [root] succeeded [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 5] auth/auth.c:check_ntlm_password(295) check_ntlm_password: PAM Account for user [root] succeeded [2008/07/22 21:33:39, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2008/07/22 21:33:39, 5] auth/auth_util.c:free_user_info(1951) attempting to free (and zero) a user_info structure [2008/07/22 21:33:39, 10] auth/auth_util.c:free_user_info(1955) structure was created for root [2008/07/22 21:33:39, 10] auth/token_util.c:create_local_nt_token(302) Create local NT token for S-1-5-21-399034208-633907489-3292321255-2996 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:sid_to_gid(1439) sid S-1-5-32-544 -> gid 10024 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:sid_to_gid(1439) sid S-1-5-32-545 -> gid 10025 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-399034208-633907489-3292321255-2996)(sambaSIDList=S-1-5-21-399034208-633907489-3292321255-512)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-5-21-399034208-633907489-3292321255-3075)(sambaSIDList=S-1-22-2-512)(sambaSIDList=S-1-22-2-1037)))], scope => [2] [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-399034208-633907489-3292321255-2996)(sambaSIDList=S-1-5-21-399034208-633907489-3292321255-512)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-5-21-399034208-633907489-3292321255-3075)(sambaSIDList=S-1-22-2-512)(sambaSIDList=S-1-22-2-1037)))], scope => [2] [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-5-21-399034208-633907489-3292321255-2996 Privilege set: SE_PRIV 0xff0 0x0 0x0 0x0 [2008/07/22 21:33:39, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-5-21-399034208-633907489-3292321255-512 Privilege set: SE_PRIV 0xff0 0x0 0x0 0x0 [2008/07/22 21:33:39, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2008/07/22 21:33:39, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2008/07/22 21:33:39, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-11] [2008/07/22 21:33:39, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-399034208-633907489-3292321255-3075] [2008/07/22 21:33:39, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-22-2-512] [2008/07/22 21:33:39, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-22-2-1037] [2008/07/22 21:33:39, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-5-32-544 Privilege set: SE_PRIV 0xff0 0x0 0x0 0x0 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:sid_to_gid(1439) sid S-1-5-21-399034208-633907489-3292321255-512 -> gid 512 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:sid_to_gid(1434) winbind failed to find a gid for sid S-1-1-0 [2008/07/22 21:33:39, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-1-0 to gid, ignoring it [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:sid_to_gid(1434) winbind failed to find a gid for sid S-1-5-2 [2008/07/22 21:33:39, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-5-2 to gid, ignoring it [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:sid_to_gid(1434) winbind failed to find a gid for sid S-1-5-11 [2008/07/22 21:33:39, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-5-11 to gid, ignoring it [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:sid_to_gid(1439) sid S-1-5-21-399034208-633907489-3292321255-3075 -> gid 1037 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:sid_to_gid(1421) sid S-1-22-2-512 -> gid 512 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:sid_to_gid(1421) sid S-1-22-2-1037 -> gid 1037 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:sid_to_gid(1439) sid S-1-5-32-544 -> gid 10024 [2008/07/22 21:33:39, 10] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-399034208-633907489-3292321255-2996 contains 9 SIDs SID[ 0]: S-1-5-21-399034208-633907489-3292321255-2996 SID[ 1]: S-1-5-21-399034208-633907489-3292321255-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-399034208-633907489-3292321255-3075 SID[ 6]: S-1-22-2-512 SID[ 7]: S-1-22-2-1037 SID[ 8]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2008/07/22 21:33:39, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2008/07/22 21:33:39, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(811) ntlmssp_server_auth: Created NTLM2 session key. [2008/07/22 21:33:39, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2008/07/22 21:33:39, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2008/07/22 21:33:39, 10] smbd/password.c:register_existing_vuid(310) register_existing_vuid: (0,0) root root ARNOLD guest=0 [2008/07/22 21:33:39, 3] smbd/password.c:register_existing_vuid(314) register_existing_vuid: User name: root Real name: Samba Admin [2008/07/22 21:33:39, 3] smbd/password.c:register_existing_vuid(326) register_existing_vuid: UNIX uid 0 is UNIX user root, and will be vuid 100 [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 49442F363831372F3130 [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c8abc0 [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 49442F363831372F3130 [2008/07/22 21:33:39, 7] param/loadparm.c:lp_servicenumber(8917) lp_servicenumber: couldn't find root [2008/07/22 21:33:39, 3] smbd/password.c:register_existing_vuid(350) Adding homes service for user 'root' using home directory: '/root' [2008/07/22 21:33:39, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 4 for root [2008/07/22 21:33:39, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 4 for service name root [2008/07/22 21:33:39, 3] param/loadparm.c:lp_add_home(5858) adding home's share [root] for user 'root' at '/root' [2008/07/22 21:33:39, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/%m.conf -> /etc/samba/chpas-lansvcs.conf last mod_time: Tue Jul 22 21:32:54 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 22 21:32:59 2008 [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=134 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=100 smb_mid=4 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=91 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 32 00 2E 00 30 00 2D 00 31 00 37 00 39 ...2...0 .-.1.7.9 [030] 00 35 00 2D 00 53 00 55 00 53 00 45 00 2D 00 53 .5.-.S.U .S.E.-.S [040] 00 4C 00 45 00 53 00 31 00 30 00 00 00 41 00 52 .L.E.S.1 .0...A.R [050] 00 4E 00 4F 00 4C 00 44 00 00 00 .N.O.L.D ... [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 90 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x5a [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 3 of length 94 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=90 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=100 smb_mid=5 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=47 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 5C 00 43 00 48 00 50 00 41 00 53 00 2D .\.\.C.H .P.A.S.- [010] 00 4E 00 45 00 54 00 53 00 56 00 43 00 53 00 5C .N.E.T.S .V.C.S.\ [020] 00 49 00 50 00 43 00 24 00 00 00 49 50 43 00 .I.P.C.$ ...IPC. [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBtconX (pid 6817) conn 0x0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:39, 4] smbd/reply.c:reply_tcon_and_X(653) Client requested device type [IPC] for share [IPC$] [2008/07/22 21:33:39, 5] smbd/service.c:make_connection(1376) making a connection to 'normal' service ipc$ [2008/07/22 21:33:39, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user root [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user root [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is root [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [root]! [2008/07/22 21:33:39, 10] smbd/service.c:set_conn_connectpath(157) set_conn_connectpath: service IPC$, connectpath = /var/tmp [2008/07/22 21:33:39, 3] smbd/service.c:make_connection_snum(936) Connect path is '/var/tmp' for service [IPC$] [2008/07/22 21:33:39, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/07/22 21:33:39, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000002, for NT token with 9 entries and first sid S-1-5-21-399034208-633907489-3292321255-2996. [2008/07/22 21:33:39, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/22 21:33:39, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-399034208-633907489-3292321255-2996 se_access_check: also S-1-5-21-399034208-633907489-3292321255-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-399034208-633907489-3292321255-3075 se_access_check: also S-1-22-2-512 se_access_check: also S-1-22-2-1037 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2008/07/22 21:33:39, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2008/07/22 21:33:39, 3] smbd/vfs.c:vfs_init_default(96) Initialising default vfs hooks [2008/07/22 21:33:39, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend '/[Default VFS]/' [2008/07/22 21:33:39, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for posixacl [2008/07/22 21:33:39, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend 'posixacl' [2008/07/22 21:33:39, 3] smbd/vfs.c:vfs_init_custom(130) Initialising custom vfs hooks from [/[Default VFS]/] [2008/07/22 21:33:39, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ [2008/07/22 21:33:39, 5] smbd/connection.c:claim_connection(142) claiming [IPC$] [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key A11A0000010000004950 [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c8f970 [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key A11A0000010000004950 [2008/07/22 21:33:39, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user root [2008/07/22 21:33:39, 10] smbd/share_access.c:is_share_read_only_for_token(273) is_share_read_only_for_user: share IPC$ is read-only for unix user root [2008/07/22 21:33:39, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/07/22 21:33:39, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000001, for NT token with 9 entries and first sid S-1-5-21-399034208-633907489-3292321255-2996. [2008/07/22 21:33:39, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/22 21:33:39, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-399034208-633907489-3292321255-2996 se_access_check: also S-1-5-21-399034208-633907489-3292321255-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-399034208-633907489-3292321255-3075 se_access_check: also S-1-22-2-512 se_access_check: also S-1-22-2-1037 se_access_check: also S-1-5-32-544 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2008/07/22 21:33:39, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (1) granted. [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-399034208-633907489-3292321255-2996 contains 9 SIDs SID[ 0]: S-1-5-21-399034208-633907489-3292321255-2996 SID[ 1]: S-1-5-21-399034208-633907489-3292321255-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-399034208-633907489-3292321255-3075 SID[ 6]: S-1-22-2-512 SID[ 7]: S-1-22-2-1037 SID[ 8]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 3 supplementary groups Group[ 0]: 512 Group[ 1]: 1037 Group[ 2]: 10024 [2008/07/22 21:33:39, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(0,0) gid=(0,0) [2008/07/22 21:33:39, 3] smbd/service.c:make_connection_snum(1190) chpas-lansvcs (192.168.10.33) connect to service IPC$ initially as user root (uid=0, gid=0) (pid 6817) [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:39, 3] smbd/reply.c:reply_tcon_and_X(727) tconX service=IPC$ [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=5 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 49 50 43 00 00 00 00 IPC.... [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 100 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x64 [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 4 of length 104 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=6 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-399034208-633907489-3292321255-2996 contains 9 SIDs SID[ 0]: S-1-5-21-399034208-633907489-3292321255-2996 SID[ 1]: S-1-5-21-399034208-633907489-3292321255-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-399034208-633907489-3292321255-3075 SID[ 6]: S-1-22-2-512 SID[ 7]: S-1-22-2-1037 SID[ 8]: S-1-5-32-544 SE_PRIV 0xff0 0x0 0x0 0x0 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 3 supplementary groups Group[ 0]: 512 Group[ 1]: 1037 Group[ 2]: 10024 [2008/07/22 21:33:39, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(0,0) gid=(0,0) [2008/07/22 21:33:39, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to /var/tmp [2008/07/22 21:33:39, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc [2008/07/22 21:33:39, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \lsarpc. [2008/07/22 21:33:39, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe lsarpc opening. [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested lsarpc (pipes_open=0) [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested lsarpc [2008/07/22 21:33:39, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2008/07/22 21:33:39, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe lsarpc (pipes_open=0) [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe lsarpc with handle 70d2 (pipes_open=1) [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name lsarpc pnum=70d2 [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F363831 [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c87fc0 [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F363831 [2008/07/22 21:33:39, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \lsarpc [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=6 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=53760 (0xD200) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 154 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x9a [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 5 of length 158 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28882 (0x70D2) smb_bcc=87 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 0A 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:39, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:39, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=72 params=0 setup=2 [2008/07/22 21:33:39, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:39, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:39, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d2 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=70d2 (pipes_open=1) [2008/07/22 21:33:39, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 70d2) [2008/07/22 21:33:39, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555cd0cb0 max_trans_reply: 4280 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d2 name: lsarpc open: Yes len: 72 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000a [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/22 21:33:39, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/22 21:33:39, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/22 21:33:39, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/22 21:33:39, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345778 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 89 ab [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000000 [2008/07/22 21:33:39, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/22 21:33:39, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/22 21:33:39, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\lsarpc checking \PIPE\lsarpc [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/22 21:33:39, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/22 21:33:39, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\lsarpc. [2008/07/22 21:33:39, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/07/22 21:33:39, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/07/22 21:33:39, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000a [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d2 name: lsarpc len: 4280 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/07/22 21:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] (align 0) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0A 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 150 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x96 [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 6 of length 154 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28882 (0x70D2) smb_bcc=83 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 0B 00 00 00 2C .......D ......., [020] 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:39, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:39, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=68 params=0 setup=2 [2008/07/22 21:33:39, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:39, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:39, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d2 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=70d2 (pipes_open=1) [2008/07/22 21:33:39, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 70d2) [2008/07/22 21:33:39, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555cd0cb0 max_trans_reply: 4280 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d2 name: lsarpc open: Yes len: 68 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 68 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 52 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 52 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 52, incoming data = 52 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000002c [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0006 [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 79 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2008/07/22 21:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2008/07/22 21:33:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[6].fn == 0x5555556e3f27 lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2008/07/22 21:33:39, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x02000000, for NT token with 9 entries and first sid S-1-5-21-399034208-633907489-3292321255-2996. [2008/07/22 21:33:39, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/22 21:33:39, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-399034208-633907489-3292321255-2996 se_access_check: also S-1-5-21-399034208-633907489-3292321255-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-399034208-633907489-3292321255-3075 se_access_check: also S-1-22-2-512 se_access_check: also S-1-22-2-1037 se_access_check: also S-1-5-32-544 [2008/07/22 21:33:39, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-8648-738aa11a0000 result : NT_STATUS_OK [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 852 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 52 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d2 name: lsarpc len: 4280 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 86 48 73 8A A1 1A 00 00 00 00 00 ......Hs ........ [030] 00 . [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 128 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x80 [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 7 of length 132 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28882 (0x70D2) smb_bcc=61 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 0C 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 86 48 73 8A A1 1A 00 00 05 00 ....Hs.. ..... [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:39, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:39, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=46 params=0 setup=2 [2008/07/22 21:33:39, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:39, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:39, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d2 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=70d2 (pipes_open=1) [2008/07/22 21:33:39, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 70d2) [2008/07/22 21:33:39, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555cd0cb0 max_trans_reply: 4280 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d2 name: lsarpc open: Yes len: 46 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 46 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 30 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002e [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000c [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 30 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000016 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0007 [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2008/07/22 21:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2008/07/22 21:33:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[7].fn == 0x5555556e3ce7 lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-8648-738aa11a0000 level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) [2008/07/22 21:33:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 5) account_domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : * string : 'ARNOLD' sid : * sid : S-1-5-21-399034208-633907489-3292321255 result : NT_STATUS_OK [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 72 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 30 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d2 name: lsarpc len: 4280 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0064 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000c [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000004c [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..100] (align 0) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 0C 00 00 ........ .d...... [010] 00 4C 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .L...... ........ [020] 00 0C 00 0E 00 04 00 02 00 08 00 02 00 07 00 00 ........ ........ [030] 00 00 00 00 00 06 00 00 00 41 00 52 00 4E 00 4F ........ .A.R.N.O [040] 00 4C 00 44 00 04 00 00 00 01 04 00 00 00 00 00 .L.D.... ........ [050] 05 15 00 00 00 60 C7 C8 17 21 A9 C8 25 E7 D5 3C .....`.. .!..%..< [060] C4 00 00 00 00 ..... [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 126 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x7e [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 8 of length 130 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28882 (0x70D2) smb_bcc=59 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 0D 00 00 00 14 ......., ........ [020] 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 86 48 73 8A A1 1A 00 00 ....Hs.. ... [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:39, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:39, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=44 params=0 setup=2 [2008/07/22 21:33:39, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:39, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:39, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d2 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=70d2 (pipes_open=1) [2008/07/22 21:33:39, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 70d2) [2008/07/22 21:33:39, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555cd0cb0 max_trans_reply: 4280 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d2 name: lsarpc open: Yes len: 44 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 28 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002c [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000d [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 28 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000014 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0000 [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2008/07/22 21:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2008/07/22 21:33:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[0].fn == 0x5555556e4bfa lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-8648-738aa11a0000 [2008/07/22 21:33:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... [2008/07/22 21:33:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... [2008/07/22 21:33:39, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 28 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d2 name: lsarpc len: 4280 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000d [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 9 of length 45 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=11 smt_wct=3 smb_vwv[ 0]=28882 (0x70D2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:39, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d2 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=70d2 (pipes_open=1) [2008/07/22 21:33:39, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:70d2 [2008/07/22 21:33:39, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe lsarpc [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name lsarpc pnum=70d2 (pipes_open=0) [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F363831 [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555cd0480 [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F363831 [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=11 smt_wct=0 smb_bcc=0 [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 96 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x60 [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 10 of length 100 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=12 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=13 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:39, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:39, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = samr [2008/07/22 21:33:39, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \samr. [2008/07/22 21:33:39, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe samr opening. [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested samr (pipes_open=0) [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested samr [2008/07/22 21:33:39, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe samr [2008/07/22 21:33:39, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe samr [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe samr (pipes_open=0) [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe samr with handle 70d3 (pipes_open=1) [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name samr pnum=70d3 [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 73616D722F363831372F [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555cd0cb0 [2008/07/22 21:33:39, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 73616D722F363831372F [2008/07/22 21:33:39, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \samr [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=12 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=54016 (0xD300) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 154 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x9a [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 11 of length 158 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28883 (0x70D3) smb_bcc=87 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 0E 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:39, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:39, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=72 params=0 setup=2 [2008/07/22 21:33:39, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:39, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:39, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d3 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=70d3 (pipes_open=1) [2008/07/22 21:33:39, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 70d3) [2008/07/22 21:33:39, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c97190 max_trans_reply: 4280 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d3 name: samr open: Yes len: 72 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000e [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/22 21:33:39, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\samr -> \PIPE\samr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/22 21:33:39, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/22 21:33:39, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/22 21:33:39, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345778 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 89 ac [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2008/07/22 21:33:39, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/22 21:33:39, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/22 21:33:39, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\samr checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/22 21:33:39, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/22 21:33:39, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000b [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\samr. [2008/07/22 21:33:39, 6] rpc_parse/parse_prs.c:prs_debug(88) 000015 smb_io_rpc_results [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/07/22 21:33:39, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/07/22 21:33:39, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000e [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d3 name: samr len: 4280 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/07/22 21:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] (align 0) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 0E 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [040] 60 02 00 00 00 `.... [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 154 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x9a [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 12 of length 158 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28883 (0x70D3) smb_bcc=87 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 48 00 00 00 0F 00 00 00 30 .......H .......0 [020] 00 00 00 00 00 39 00 00 00 02 00 0E 00 00 00 00 .....9.. ........ [030] 00 00 00 0E 00 00 00 43 00 48 00 50 00 41 00 53 .......C .H.P.A.S [040] 00 2D 00 4E 00 45 00 54 00 53 00 56 00 43 00 53 .-.N.E.T .S.V.C.S [050] 00 00 00 00 00 00 02 ....... [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:39, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:39, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=72 params=0 setup=2 [2008/07/22 21:33:39, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:39, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:39, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d3 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=70d3 (pipes_open=1) [2008/07/22 21:33:39, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 70d3) [2008/07/22 21:33:39, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c97190 max_trans_reply: 4280 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d3 name: samr open: Yes len: 72 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000f [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000030 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0039 [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 77 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\samr [2008/07/22 21:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: samr op 0x39 - api_rpcTNP: rpc command: SAMR_CONNECT2 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[57].fn == 0x55555574efbc samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'CHPAS-NETSVCS' access_mask : 0x02000000 (33554432) 0: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 0: SAMR_ACCESS_ENUM_DOMAINS 0: SAMR_ACCESS_OPEN_DOMAIN [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:_samr_Connect2(3311) _samr_Connect2: 3311 [2008/07/22 21:33:39, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x02000000, for NT token with 9 entries and first sid S-1-5-21-399034208-633907489-3292321255-2996. [2008/07/22 21:33:39, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/22 21:33:39, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-399034208-633907489-3292321255-2996 se_access_check: also S-1-5-21-399034208-633907489-3292321255-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-399034208-633907489-3292321255-3075 se_access_check: also S-1-22-2-512 se_access_check: also S-1-22-2-1037 se_access_check: also S-1-5-32-544 [2008/07/22 21:33:39, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(215) _samr_Connect2: access GRANTED (requested: 0x02000000, granted: 0x000f003f) [2008/07/22 21:33:39, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(331) get_samr_info_by_sid: created new info for sid (NULL) [2008/07/22 21:33:39, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(336) get_samr_info_by_sid: created new info for NULL sid. [2008/07/22 21:33:39, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[1] [000] 00 00 00 00 02 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:_samr_Connect2(3340) _samr_Connect2: 3340 samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-8648-738aa11a0000 result : NT_STATUS_OK [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called samr successfully [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 1016 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d3 name: samr len: 4280 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000f [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0F 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 86 48 73 8A A1 1A 00 00 00 00 00 ......Hs ........ [030] 00 . [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 158 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x9e [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 13 of length 162 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=158 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=15 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28883 (0x70D3) smb_bcc=91 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 4C 00 00 00 10 00 00 00 34 .......L .......4 [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ [030] 00 00 00 86 48 73 8A A1 1A 00 00 00 00 00 02 04 ....Hs.. ........ [040] 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 60 ........ .......` [050] C7 C8 17 21 A9 C8 25 E7 D5 3C C4 ...!..%. .<. [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:39, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:39, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=76 params=0 setup=2 [2008/07/22 21:33:39, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:39, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:39, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d3 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=70d3 (pipes_open=1) [2008/07/22 21:33:39, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 70d3) [2008/07/22 21:33:39, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c97190 max_trans_reply: 4280 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d3 name: samr open: Yes len: 76 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 76 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 60 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 004c [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000010 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 60 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000034 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0007 [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\samr [2008/07/22 21:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPENDOMAIN [2008/07/22 21:33:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[7].fn == 0x555555755f67 samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-8648-738aa11a0000 access_mask : 0x02000000 (33554432) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 0: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-399034208-633907489-3292321255 [2008/07/22 21:33:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(227) _samr_OpenDomain: access check ((granted: 0x000f003f; required: 0x00000020) [2008/07/22 21:33:39, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) access_check_samr_object: user rights access mask [0xd047a] [2008/07/22 21:33:39, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x02000000, for NT token with 9 entries and first sid S-1-5-21-399034208-633907489-3292321255-2996. [2008/07/22 21:33:39, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/22 21:33:39, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-399034208-633907489-3292321255-2996 se_access_check: also S-1-5-21-399034208-633907489-3292321255-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-399034208-633907489-3292321255-3075 se_access_check: also S-1-22-2-512 se_access_check: also S-1-22-2-1037 se_access_check: also S-1-5-32-544 [2008/07/22 21:33:39, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(215) _samr_OpenDomain: access GRANTED (requested: 0x02000000, granted: 0x000f07ff) [2008/07/22 21:33:39, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(331) get_samr_info_by_sid: created new info for sid S-1-5-21-399034208-633907489-3292321255 [2008/07/22 21:33:39, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:_samr_OpenDomain(617) _samr_OpenDomain: 617 samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-8648-738aa11a0000 result : NT_STATUS_OK [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called samr successfully [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 1016 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 60 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d3 name: samr len: 4280 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000010 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=15 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 10 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ [020] 00 00 00 00 00 86 48 73 8A A1 1A 00 00 00 00 00 ......Hs ........ [030] 00 . [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 182 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xb6 [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 14 of length 186 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=182 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=16 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28883 (0x70D3) smb_bcc=115 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 64 00 00 00 11 00 00 00 4C .......d .......L [020] 00 00 00 00 00 32 00 00 00 00 00 03 00 00 00 00 .....2.. ........ [030] 00 00 00 86 48 73 8A A1 1A 00 00 1C 00 1C 00 00 ....Hs.. ........ [040] 00 02 00 0E 00 00 00 00 00 00 00 0E 00 00 00 63 ........ .......c [050] 00 68 00 70 00 61 00 73 00 2D 00 6C 00 61 00 6E .h.p.a.s .-.l.a.n [060] 00 73 00 76 00 63 00 73 00 24 00 00 01 00 00 B0 .s.v.c.s .$...... [070] 00 05 E0 ... [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:39, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:39, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=100 params=0 setup=2 [2008/07/22 21:33:39, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:39, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:39, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d3 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=70d3 (pipes_open=1) [2008/07/22 21:33:39, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 70d3) [2008/07/22 21:33:39, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c97190 max_trans_reply: 4280 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d3 name: samr open: Yes len: 100 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 100 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 84 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0064 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000011 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 84 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000004c [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0032 [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\samr [2008/07/22 21:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: samr op 0x32 - api_rpcTNP: rpc command: SAMR_CREATEUSER2 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[50].fn == 0x55555574fef6 samr_CreateUser2: struct samr_CreateUser2 in: struct samr_CreateUser2 domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-8648-738aa11a0000 account_name : * account_name: struct lsa_String length : 0x001c (28) size : 0x001c (28) string : * string : 'chpas-lansvcs$' acct_flags : 0x00000100 (256) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 0: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 1: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_NO_AUTH_DATA_REQD access_mask : 0xe00500b0 (3758424240) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 1: SAMR_USER_ACCESS_GET_ATTRIBUTES 1: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 1: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP [2008/07/22 21:33:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(227) _samr_CreateUser2: access check ((granted: 0x000f07ff; required: 0x00000010) [2008/07/22 21:33:39, 10] rpc_server/srv_samr_nt.c:can_create(3085) Checking whether [chpas-lansvcs$] can be created [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:lookup_name(69) lookup_name: chpas-lansvcs$ => (domain), chpas-lansvcs$ (name) [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:lookup_name(70) lookup_name: flags = 0x071 [2008/07/22 21:33:39, 10] passdb/util_wellknown.c:lookup_wellknown_name(151) map_name_to_wellknown_sid: looking up chpas-lansvcs$ [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [dc=arnoldtrans,dc=lcl], filter => [(&(uid=chpas-lansvcs$)(objectclass=sambaSamAccount))], scope => [2] [2008/07/22 21:33:39, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: chpas-lansvcs$ [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdLastSet does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdCanChange does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdMustChange does not exist [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLMPassword does not exist [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPasswordHistory] = [] [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2008/07/22 21:33:39, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user chpas-lansvcs$ [2008/07/22 21:33:39, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2008/07/22 21:33:39, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user chpas-lansvcs$ [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is chpas-lansvcs$ [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [chpas-lansvcs$]! [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2008/07/22 21:33:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 515 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:lookup_sid(958) lookup_sid called for SID 'S-1-5-21-399034208-633907489-3292321255-515' [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:check_dom_sid_to_level(713) Accepting SID S-1-5-21-399034208-633907489-3292321255 in level 1 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:lookup_rids(476) lookup_rids called for domain sid 'S-1-5-21-399034208-633907489-3292321255' [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Users,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-399034208-633907489-3292321255-515)))], scope => [2] [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-399034208-633907489-3292321255-515)))], scope => [2] [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:lookup_sid(993) Sid S-1-5-21-399034208-633907489-3292321255-515 -> ARNOLD\Domain Trust Accounts(2) [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:39, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 from rid 41377 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:can_create(3100) trying to create chpas-lansvcs$, exists as User samr_CreateUser2: struct samr_CreateUser2 out: struct samr_CreateUser2 user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 access_granted : * access_granted : 0x00000000 (0) rid : * rid : 0x00000000 (0) result : NT_STATUS_USER_EXISTS [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called samr successfully [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 84 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d3 name: samr len: 4280 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 32. [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0038 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000011 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000020 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..56] (align 0) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=16 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 38 00 00 00 11 00 00 ........ .8...... [010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 00 00 00 00 63 00 00 C0 .....c.. . [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 190 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xbe [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 15 of length 194 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=190 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=17 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28883 (0x70D3) smb_bcc=123 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 6C 00 00 00 12 00 00 00 54 .......l .......T [020] 00 00 00 00 00 11 00 00 00 00 00 03 00 00 00 00 ........ ........ [030] 00 00 00 86 48 73 8A A1 1A 00 00 01 00 00 00 E8 ....Hs.. ........ [040] 03 00 00 00 00 00 00 01 00 00 00 1C 00 1C 00 00 ........ ........ [050] 00 02 00 0E 00 00 00 00 00 00 00 0E 00 00 00 63 ........ .......c [060] 00 68 00 70 00 61 00 73 00 2D 00 6C 00 61 00 6E .h.p.a.s .-.l.a.n [070] 00 73 00 76 00 63 00 73 00 24 00 .s.v.c.s .$. [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:39, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:39, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=108 params=0 setup=2 [2008/07/22 21:33:39, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:39, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:39, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d3 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=70d3 (pipes_open=1) [2008/07/22 21:33:39, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 70d3) [2008/07/22 21:33:39, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c97190 max_trans_reply: 4280 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d3 name: samr open: Yes len: 108 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 108 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 108 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 108, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 92 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 92 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 006c [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000012 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 92 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 92, incoming data = 92 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000054 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0011 [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\samr [2008/07/22 21:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUPNAMES [2008/07/22 21:33:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[17].fn == 0x555555754752 samr_LookupNames: struct samr_LookupNames in: struct samr_LookupNames domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-8648-738aa11a0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x001c (28) size : 0x001c (28) string : * string : 'chpas-lansvcs$' [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:_samr_LookupNames(1797) _samr_LookupNames: 1797 [2008/07/22 21:33:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(227) _samr_LookupNames: access check ((granted: 0x000f07ff; required: 0000000000) [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:_samr_LookupNames(1822) _samr_LookupNames: looking name on SID S-1-5-21-399034208-633907489-3292321255 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [dc=arnoldtrans,dc=lcl], filter => [(&(uid=chpas-lansvcs$)(objectclass=sambaSamAccount))], scope => [2] [2008/07/22 21:33:39, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: chpas-lansvcs$ [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdLastSet does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdCanChange does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdMustChange does not exist [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLMPassword does not exist [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPasswordHistory] = [] [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2008/07/22 21:33:39, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user chpas-lansvcs$ [2008/07/22 21:33:39, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2008/07/22 21:33:39, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user chpas-lansvcs$ [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is chpas-lansvcs$ [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [chpas-lansvcs$]! [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2008/07/22 21:33:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 515 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:lookup_sid(958) lookup_sid called for SID 'S-1-5-21-399034208-633907489-3292321255-515' [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:check_dom_sid_to_level(713) Accepting SID S-1-5-21-399034208-633907489-3292321255 in level 1 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:lookup_rids(476) lookup_rids called for domain sid 'S-1-5-21-399034208-633907489-3292321255' [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Users,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-399034208-633907489-3292321255-515)))], scope => [2] [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-399034208-633907489-3292321255-515)))], scope => [2] [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:lookup_sid(993) Sid S-1-5-21-399034208-633907489-3292321255-515 -> ARNOLD\Domain Trust Accounts(2) [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:39, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 from rid 41377 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:_samr_LookupNames(1856) _samr_LookupNames: 1856 samr_LookupNames: struct samr_LookupNames out: struct samr_LookupNames rids : * rids: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x0000a1a1 (41377) types : * types: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000001 (1) result : NT_STATUS_OK [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called samr successfully [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 8 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 92 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d3 name: samr len: 4280 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 003c [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000012 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000024 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..60] (align 0) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 12 00 00 ........ .<...... [010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ [020] 00 01 00 00 00 A1 A1 00 00 01 00 00 00 04 00 02 ........ ........ [030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 134 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x86 [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 16 of length 138 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=134 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28883 (0x70D3) smb_bcc=67 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 34 00 00 00 13 00 00 00 1C .......4 ........ [020] 00 00 00 00 00 22 00 00 00 00 00 03 00 00 00 00 .....".. ........ [030] 00 00 00 86 48 73 8A A1 1A 00 00 00 00 00 02 A1 ....Hs.. ........ [040] A1 00 00 ... [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:39, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:39, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=52 params=0 setup=2 [2008/07/22 21:33:39, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:39, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:39, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d3 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=70d3 (pipes_open=1) [2008/07/22 21:33:39, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 70d3) [2008/07/22 21:33:39, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c97190 max_trans_reply: 4280 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d3 name: samr open: Yes len: 52 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 52 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 36 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0034 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000013 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 36 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000001c [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0022 [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\samr [2008/07/22 21:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPENUSER [2008/07/22 21:33:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[34].fn == 0x5555557522ea samr_OpenUser: struct samr_OpenUser in: struct samr_OpenUser domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-8648-738aa11a0000 access_mask : 0x02000000 (33554432) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 0: SAMR_USER_ACCESS_GET_ATTRIBUTES 0: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 0: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP rid : 0x0000a1a1 (41377) [2008/07/22 21:33:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(227) _samr_OpenUser: access check ((granted: 0x000f07ff; required: 0x00000200) [2008/07/22 21:33:39, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(184) access_check_samr_object: user rights access mask [0xd04e4] [2008/07/22 21:33:39, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x02000000, for NT token with 9 entries and first sid S-1-5-21-399034208-633907489-3292321255-2996. [2008/07/22 21:33:39, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/22 21:33:39, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-399034208-633907489-3292321255-2996 se_access_check: also S-1-5-21-399034208-633907489-3292321255-512 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-399034208-633907489-3292321255-3075 se_access_check: also S-1-22-2-512 se_access_check: also S-1-22-2-1037 se_access_check: also S-1-5-32-544 [2008/07/22 21:33:39, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(215) _samr_OpenUser: access GRANTED (requested: 0x02000000, granted: 0x000f07ff) [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user chpas-lansvcs$ [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is chpas-lansvcs$ [2008/07/22 21:33:39, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [chpas-lansvcs$]! [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2008/07/22 21:33:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 515 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:lookup_sid(958) lookup_sid called for SID 'S-1-5-21-399034208-633907489-3292321255-515' [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:check_dom_sid_to_level(713) Accepting SID S-1-5-21-399034208-633907489-3292321255 in level 1 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:lookup_rids(476) lookup_rids called for domain sid 'S-1-5-21-399034208-633907489-3292321255' [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Users,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-399034208-633907489-3292321255-515)))], scope => [2] [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-399034208-633907489-3292321255-515)))], scope => [2] [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 10] passdb/lookup_sid.c:lookup_sid(993) Sid S-1-5-21-399034208-633907489-3292321255-515 -> ARNOLD\Domain Trust Accounts(2) [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:39, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 from rid 41377 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(331) get_samr_info_by_sid: created new info for sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:39, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[3] [000] 00 00 00 00 04 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... samr_OpenUser: struct samr_OpenUser out: struct samr_OpenUser user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-8648-738aa11a0000 result : NT_STATUS_OK [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called samr successfully [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 1248 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 36 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d3 name: samr len: 4280 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000013 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:39, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 13 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 04 00 00 ........ ........ [020] 00 00 00 00 00 86 48 73 8A A1 1A 00 00 00 00 00 ......Hs ........ [030] 00 . [2008/07/22 21:33:39, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 647 [2008/07/22 21:33:39, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x287 [2008/07/22 21:33:39, 3] smbd/process.c:process_smb(1549) Transaction 17 of length 651 (0 toread) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:39, 5] lib/util.c:show_msg(655) size=647 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=19 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 565 (0x235) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 565 (0x235) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28883 (0x70D3) smb_bcc=580 [2008/07/22 21:33:39, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 35 02 00 00 14 00 00 00 1D .......5 ........ [020] 02 00 00 00 00 3A 00 00 00 00 00 04 00 00 00 00 .....:.. ........ [030] 00 00 00 86 48 73 8A A1 1A 00 00 18 00 18 00 88 ....Hs.. ........ [040] A1 D2 A9 9A FF 70 44 73 26 81 12 F8 EB 1D 8C 19 .....pDs &....... [050] 77 4E 75 41 37 B0 16 B4 61 4E D9 90 2A 3B B2 95 wNuA7... aN..*;.. [060] FD 0C 90 B0 81 C4 29 AC BE 9A FE B7 82 95 09 00 ......). ........ [070] 36 21 BD 2F E4 EF CD 26 67 81 C8 EA 90 21 75 E7 6!./...& g....!u. [080] BD 67 50 C2 8B 0E 8D 3B 73 2E C0 0A 9E 49 2D 5A .gP....; s....I-Z [090] F4 13 37 93 C5 F9 7C BA 9F 69 6F 60 C6 27 CF BA ..7...|. .io`.'.. [0A0] E2 70 8B 87 FF 83 68 C4 A3 FD 3F 5A 4B D5 53 73 .p....h. ..?ZK.Ss [0B0] DB E9 B0 D0 4C E6 07 E8 C2 15 1C 20 71 44 6D C5 ....L... ... qDm. [0C0] EF 56 65 01 E7 04 DF 1D 43 98 AE 0D E8 CA 05 1E .Ve..... C....... [0D0] BA 8E 8F 86 E0 D2 93 E0 75 40 35 07 E6 FB 28 B2 ........ u@5...(. [0E0] F2 28 40 90 99 89 26 2D 56 FE 88 EF AE B1 31 D4 .(@...&- V.....1. [0F0] A8 FD 05 82 C8 8E 99 0E C3 71 5D B9 44 C5 93 A8 ........ .q].D... [100] 46 7C C2 C9 23 67 36 40 22 06 DC 2D 93 C8 33 D4 F|..#g6@ "..-..3. [110] 96 19 C4 6F 68 BE D0 7E AE 23 75 2E 04 6E 57 8C ...oh..~ .#u..nW. [120] ED 16 67 6A 7F 54 FE 54 D5 53 6B 5C 54 65 6F 45 ..gj.T.T .Sk\TeoE [130] C5 C6 26 25 4F 57 13 12 A4 BB DC 3B C4 4E D9 22 ..&%OW.. ...;.N." [140] 0D 6E 42 1F 25 F2 E6 46 BF A8 36 74 2A 25 FE 96 .nB.%..F ..6t*%.. [150] 9D C2 DA E3 58 08 CE F2 9A CB 66 E4 92 89 88 C5 ....X... ..f..... [160] 6F 90 24 30 36 E5 76 F4 68 3B 2A B7 EE 1D 3B 42 o.$06.v. h;*...;B [170] 05 2A B4 56 01 5E 1D 69 99 57 18 7A 8A 9D 47 B9 .*.V.^.i .W.z..G. [180] E0 2D B2 2D 07 9F EE 48 99 61 36 F9 80 78 57 DB .-.-...H .a6..xW. [190] 6E 7B 4B 31 45 70 67 F6 54 5B 9C 19 72 B6 31 BB n{K1Epg. T[..r.1. [1A0] 82 1C 9C 73 0B BE E8 3E 75 93 67 C0 40 EA 18 07 ...s...> u.g.@... [1B0] 34 C3 E6 7A 57 AE 9F B4 26 14 2D 67 19 47 A4 FE 4..zW... &.-g.G.. [1C0] 0F 86 02 2A B3 95 45 7C BB FF 6E 57 97 6A ED E9 ...*..E| ..nW.j.. [1D0] E2 68 AC 42 53 45 E0 C7 AF D1 43 66 33 34 E3 15 .h.BSE.. ..Cf34.. [1E0] 1B 17 BC 77 96 75 19 42 CB 57 B8 45 8C A7 60 84 ...w.u.B .W.E..`. [1F0] D8 7E CD B4 8A AB FA 72 91 2B C9 AB 06 2B BC D3 .~.....r .+...+.. [2008/07/22 21:33:39, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:39, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:39, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=565 params=0 setup=2 [2008/07/22 21:33:39, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:39, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:39, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:39, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d3 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=70d3 (pipes_open=1) [2008/07/22 21:33:39, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 70d3) [2008/07/22 21:33:39, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c97190 max_trans_reply: 4280 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d3 name: samr open: Yes len: 565 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 565 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 565 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 565, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 549 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 549 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0235 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000014 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 549 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 549, incoming data = 549 [2008/07/22 21:33:39, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000021d [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:39, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 003a [2008/07/22 21:33:39, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:39, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\samr [2008/07/22 21:33:39, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SETUSERINFO2 [2008/07/22 21:33:39, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[58].fn == 0x55555574edbb samr_SetUserInfo2: struct samr_SetUserInfo2 in: struct samr_SetUserInfo2 user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-8648-738aa11a0000 level : 0x0018 (24) info : * info : union samr_UserInfo(case 24) info24: struct samr_UserInfo24 password: struct samr_CryptPassword data : 88a1d2a99aff704473268112f8eb1d8c19774e754137b016b4614ed9902a3bb295fd0c90b081c429acbe9afeb7829509003621bd2fe4efcd266781c8ea902175e7bd6750c28b0e8d3b732ec00a9e492d5af4133793c5f97cba9f696f60c627cfbae2708b87ff8368c4a3fd3f5a4bd55373dbe9b0d04ce607e8c2151c2071446dc5ef566501e704df1d4398ae0de8ca051eba8e8f86e0d293e075403507e6fb28b2f22840909989262d56fe88efaeb131d4a8fd0582c88e990ec3715db944c593a8467cc2c9236736402206dc2d93c833d49619c46f68bed07eae23752e046e578ced16676a7f54fe54d5536b5c54656f45c5c626254f571312a4bbdc3bc44ed9220d6e421f25f2e646bfa836742a25fe969dc2dae35808cef29acb66e4928988c56f90243036e576f4683b2ab7ee1d3b42052ab456015e1d699957187a8a9d47b9e02db22d079fee48996136f9807857db6e7b4b31457067f6545b9c1972b631bb821c9c730bbee83e759367c040ea180734c3e67a57ae9fb426142d671947a4fe0f86022ab395457cbbff6e57976aede9e268ac425345e0c7afd143663334e3151b17bc7796751942cb57b8458ca76084d87ecdb48aabfa72912bc9ab062bbcd364e020b8bdb6d7b6062d76d526fd69c60a7e1ed2ac7a6ced9af1baa5eec39ee52421f3a1 +> 80ba6bf899bd963a9907f94a6bb67ebc17afc07d8eb69c854c370614c59db5 pw_len : 0x18 (24) [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:samr_SetUserInfo_internal(4091) _samr_SetUserInfo2: 4091 [2008/07/22 21:33:39, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(227) _samr_SetUserInfo2: access check ((granted: 0x000f07ff; required: 0x00000080) [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:samr_SetUserInfo_internal(4127) _samr_SetUserInfo2: sid:S-1-5-21-399034208-633907489-3292321255-41377, level:24 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:39, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 from rid 41377 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:samr_SetUserInfo_internal(4167) _samr_SetUserInfo2: root does possess sufficient rights [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:39, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:39, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:39, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(3944) Attempting administrator password change for user chpas-lansvcs$ [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(3970) Changing trust account or non-unix-user password, not updating /etc/passwd [2008/07/22 21:33:39, 5] rpc_server/srv_samr_nt.c:set_user_info_pw(4012) set_user_info_pw: pdb_update_pwd() [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [dc=arnoldtrans,dc=lcl], filter => [(&(uid=chpas-lansvcs$)(objectclass=sambaSamAccount))], scope => [2] [2008/07/22 21:33:39, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1912) ldapsam_update_sam_account: user chpas-lansvcs$ to be modified has dn: uid=chpas-lansvcs$,ou=Computers,dc=arnoldtrans,dc=lcl [2008/07/22 21:33:39, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1128) init_ldap_from_sam: Setting entry for user: chpas-lansvcs$ [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaLMPassword] = [] [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_make_mod(505) smbldap_make_mod: deleting attribute |sambaNTPassword| values |623BC7C6CA965F663E16530D04A418C3| [2008/07/22 21:33:39, 10] lib/smbldap.c:smbldap_make_mod(514) smbldap_make_mod: adding attribute |sambaNTPassword| value |8ED3FD0D2B244A1B5BFBA5A9017D198F| [2008/07/22 21:33:39, 5] lib/smbldap.c:smbldap_modify(1402) smbldap_modify: dn => [uid=chpas-lansvcs$,ou=Computers,dc=arnoldtrans,dc=lcl] [2008/07/22 21:33:40, 2] passdb/pdb_ldap.c:ldapsam_update_sam_account(1957) ldapsam_update_sam_account: successfully modified uid = chpas-lansvcs$ in the LDAP database [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 samr_SetUserInfo2: struct samr_SetUserInfo2 out: struct samr_SetUserInfo2 result : NT_STATUS_OK [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called samr successfully [2008/07/22 21:33:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 549 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d3 name: samr len: 4280 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 001c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000014 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000004 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..28] (align 0) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 14 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 134 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x86 [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 18 of length 138 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=134 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=20 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28883 (0x70D3) smb_bcc=67 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 34 00 00 00 15 00 00 00 1C .......4 ........ [020] 00 00 00 00 00 25 00 00 00 00 00 04 00 00 00 00 .....%.. ........ [030] 00 00 00 86 48 73 8A A1 1A 00 00 10 00 10 00 00 ....Hs.. ........ [040] 01 00 00 ... [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=52 params=0 setup=2 [2008/07/22 21:33:40, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:40, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:40, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d3 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=70d3 (pipes_open=1) [2008/07/22 21:33:40, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 70d3) [2008/07/22 21:33:40, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c97190 max_trans_reply: 4280 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d3 name: samr open: Yes len: 52 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 52 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 36 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0034 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000015 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 36 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000001c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0025 [2008/07/22 21:33:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\samr [2008/07/22 21:33:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: samr op 0x25 - api_rpcTNP: rpc command: SAMR_SETUSERINFO [2008/07/22 21:33:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[37].fn == 0x555555751c97 samr_SetUserInfo: struct samr_SetUserInfo in: struct samr_SetUserInfo user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-8648-738aa11a0000 level : 0x0010 (16) info : * info : union samr_UserInfo(case 16) info16: struct samr_UserInfo16 acct_flags : 0x00000100 (256) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 0: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 1: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_NO_AUTH_DATA_REQD [2008/07/22 21:33:40, 5] rpc_server/srv_samr_nt.c:samr_SetUserInfo_internal(4091) _samr_SetUserInfo: 4091 [2008/07/22 21:33:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... [2008/07/22 21:33:40, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(227) _samr_SetUserInfo: access check ((granted: 0x000f07ff; required: 0x000000b0) [2008/07/22 21:33:40, 5] rpc_server/srv_samr_nt.c:samr_SetUserInfo_internal(4127) _samr_SetUserInfo: sid:S-1-5-21-399034208-633907489-3292321255-41377, level:16 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [dc=arnoldtrans,dc=lcl], filter => [(&(sambaSID=S-1-5-21-399034208-633907489-3292321255-41377)(objectclass=sambaSamAccount))], scope => [2] [2008/07/22 21:33:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: chpas-lansvcs$ [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdLastSet does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdCanChange does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdMustChange does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLMPassword does not exist [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPasswordHistory] = [] [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2008/07/22 21:33:40, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user chpas-lansvcs$ [2008/07/22 21:33:40, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2008/07/22 21:33:40, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] rpc_server/srv_samr_nt.c:samr_SetUserInfo_internal(4167) _samr_SetUserInfo: root does possess sufficient rights [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1912) ldapsam_update_sam_account: user chpas-lansvcs$ to be modified has dn: uid=chpas-lansvcs$,ou=Computers,dc=arnoldtrans,dc=lcl [2008/07/22 21:33:40, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1128) init_ldap_from_sam: Setting entry for user: chpas-lansvcs$ [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_make_mod(489) smbldap_make_mod: attribute |sambaAcctFlags| not changed. [2008/07/22 21:33:40, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1926) ldapsam_update_sam_account: mods is empty: nothing to update for user: chpas-lansvcs$ [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 samr_SetUserInfo: struct samr_SetUserInfo out: struct samr_SetUserInfo result : NT_STATUS_OK [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called samr successfully [2008/07/22 21:33:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 36 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d3 name: samr len: 4280 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 001c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000015 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000004 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..28] (align 0) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 15 00 00 ........ ........ [010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 126 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x7e [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 19 of length 130 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=126 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=21 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28883 (0x70D3) smb_bcc=59 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2C 00 00 00 16 00 00 00 14 ......., ........ [020] 00 00 00 00 00 01 00 00 00 00 00 04 00 00 00 00 ........ ........ [030] 00 00 00 86 48 73 8A A1 1A 00 00 ....Hs.. ... [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=44 params=0 setup=2 [2008/07/22 21:33:40, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:40, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:40, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d3 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=70d3 (pipes_open=1) [2008/07/22 21:33:40, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 70d3) [2008/07/22 21:33:40, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c97190 max_trans_reply: 4280 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d3 name: samr open: Yes len: 44 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 28 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000016 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 28 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000014 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0001 [2008/07/22 21:33:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\samr [2008/07/22 21:33:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE [2008/07/22 21:33:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[1].fn == 0x555555756cb5 samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-8648-738aa11a0000 [2008/07/22 21:33:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... [2008/07/22 21:33:40, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2008/07/22 21:33:40, 10] rpc_server/srv_samr_nt.c:free_samr_cache(353) free_samr_cache: deleting cache for SID S-1-5-21-399034208-633907489-3292321255 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called samr successfully [2008/07/22 21:33:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 28 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d3 name: samr len: 4280 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000016 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=21 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 16 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [030] 00 . [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 20 of length 45 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=22 smt_wct=3 smb_vwv[ 0]=28883 (0x70D3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d3 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=70d3 (pipes_open=1) [2008/07/22 21:33:40, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:70d3 [2008/07/22 21:33:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... [2008/07/22 21:33:40, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2008/07/22 21:33:40, 10] rpc_server/srv_samr_nt.c:free_samr_cache(353) free_samr_cache: deleting cache for SID S-1-5-21-399034208-633907489-3292321255 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 86 48 73 8A ........ .....Hs. [010] A1 1A 00 00 .... [2008/07/22 21:33:40, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2008/07/22 21:33:40, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe samr [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name samr pnum=70d3 (pipes_open=0) [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 73616D722F363831372F [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555caece0 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 73616D722F363831372F [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=22 smt_wct=0 smb_bcc=0 [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 104 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x68 [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 21 of length 108 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=23 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=21 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [010] 00 4E 00 00 00 .N... [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = NETLOGON [2008/07/22 21:33:40, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \NETLOGON. [2008/07/22 21:33:40, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe NETLOGON opening. [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested NETLOGON (pipes_open=0) [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested NETLOGON [2008/07/22 21:33:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe NETLOGON [2008/07/22 21:33:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe NETLOGON (pipes_open=0) [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe NETLOGON with handle 70d4 (pipes_open=1) [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name NETLOGON pnum=70d4 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c88220 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \NETLOGON [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=23 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=54272 (0xD400) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 154 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x9a [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 22 of length 158 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=24 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28884 (0x70D4) smb_bcc=87 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 17 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=72 params=0 setup=2 [2008/07/22 21:33:40, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:40, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:40, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d4 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d4 (pipes_open=1) [2008/07/22 21:33:40, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "NETLOGON" (pnum 70d4) [2008/07/22 21:33:40, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555cd0cb0 max_trans_reply: 4280 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d4 name: NETLOGON open: Yes len: 72 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000017 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/22 21:33:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/22 21:33:40, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345678 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 cf fb [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/22 21:33:40, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/22 21:33:40, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\NETLOGON checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000f [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\netlogon. [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000019 smb_io_rpc_results [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001c num_results: 01 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0020 result : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0022 reason : 0000 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/22 21:33:40, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000017 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d4 name: NETLOGON len: 4280 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2008/07/22 21:33:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..72] (align 0) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 05 00 0C 03 10 00 00 00 48 00 00 00 17 00 00 ........ .H...... [010] 00 B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 \netlogo n....... [030] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 202 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xca [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 23 of length 206 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=202 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=25 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 120 (0x78) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28884 (0x70D4) smb_bcc=135 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 78 00 00 00 18 00 00 00 60 .......x .......` [020] 00 00 00 00 00 04 00 00 00 02 00 10 00 00 00 00 ........ ........ [030] 00 00 00 10 00 00 00 5C 00 5C 00 43 00 48 00 50 .......\ .\.C.H.P [040] 00 41 00 53 00 2D 00 4E 00 45 00 54 00 53 00 56 .A.S.-.N .E.T.S.V [050] 00 43 00 53 00 00 00 0E 00 00 00 00 00 00 00 0E .C.S.... ........ [060] 00 00 00 43 00 48 00 50 00 41 00 53 00 2D 00 4C ...C.H.P .A.S.-.L [070] 00 41 00 4E 00 53 00 56 00 43 00 53 00 00 00 EA .A.N.S.V .C.S.... [080] 94 00 5E EA 0B B9 13 ..^.... [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=120 params=0 setup=2 [2008/07/22 21:33:40, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:40, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:40, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d4 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d4 (pipes_open=1) [2008/07/22 21:33:40, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "NETLOGON" (pnum 70d4) [2008/07/22 21:33:40, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555cd0cb0 max_trans_reply: 4280 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d4 name: NETLOGON open: Yes len: 120 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 120 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 120 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 120, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 104 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 104 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0078 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000018 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 104 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 104, incoming data = 104 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000060 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0004 [2008/07/22 21:33:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 81 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\NETLOGON [2008/07/22 21:33:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE [2008/07/22 21:33:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[4].fn == 0x55555570d92e netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\CHPAS-NETSVCS' computer_name : 'CHPAS-LANSVCS' credentials : * credentials: struct netr_Credential data : ea94005eea0bb913 [2008/07/22 21:33:40, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) init_net_r_req_chal: 41 netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : effc55fc6278e952 result : NT_STATUS_OK [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called NETLOGON successfully [2008/07/22 21:33:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 104 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d4 name: NETLOGON len: 4280 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0024 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000018 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000000c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=25 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 18 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 EF FC 55 FC 62 78 E9 ........ ...U.bx. [020] 52 00 00 00 00 R.... [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 250 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xfa [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 24 of length 254 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=250 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=26 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 168 (0xA8) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28884 (0x70D4) smb_bcc=183 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 A8 00 00 00 19 00 00 00 90 ........ ........ [020] 00 00 00 00 00 0F 00 00 00 02 00 10 00 00 00 00 ........ ........ [030] 00 00 00 10 00 00 00 5C 00 5C 00 43 00 48 00 50 .......\ .\.C.H.P [040] 00 41 00 53 00 2D 00 4E 00 45 00 54 00 53 00 56 .A.S.-.N .E.T.S.V [050] 00 43 00 53 00 00 00 0F 00 00 00 00 00 00 00 0F .C.S.... ........ [060] 00 00 00 43 00 48 00 50 00 41 00 53 00 2D 00 4C ...C.H.P .A.S.-.L [070] 00 41 00 4E 00 53 00 56 00 43 00 53 00 24 00 00 .A.N.S.V .C.S.$.. [080] 00 06 00 0E 00 00 00 00 00 00 00 0E 00 00 00 43 ........ .......C [090] 00 48 00 50 00 41 00 53 00 2D 00 4C 00 41 00 4E .H.P.A.S .-.L.A.N [0A0] 00 53 00 56 00 43 00 53 00 00 00 86 3D D2 61 6D .S.V.C.S ....=.am [0B0] C3 CD 7B FF FF 0F 60 ..{...` [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=168 params=0 setup=2 [2008/07/22 21:33:40, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:40, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:40, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d4 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d4 (pipes_open=1) [2008/07/22 21:33:40, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "NETLOGON" (pnum 70d4) [2008/07/22 21:33:40, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555cd0cb0 max_trans_reply: 4280 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d4 name: NETLOGON open: Yes len: 168 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 168 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 168 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 168, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 152 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 152 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00a8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000019 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 152 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 152, incoming data = 152 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000090 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 000f [2008/07/22 21:33:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\NETLOGON [2008/07/22 21:33:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE2 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[15].fn == 0x55555570beda netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 in: struct netr_ServerAuthenticate2 server_name : * server_name : '\\CHPAS-NETSVCS' account_name : 'CHPAS-LANSVCS$' secure_channel_type : SEC_CHAN_BDC (6) computer_name : 'CHPAS-LANSVCS' credentials : * credentials: struct netr_Credential data : 863dd2616dc3cd7b negotiate_flags : * negotiate_flags : 0x600fffff (1611661311) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [dc=arnoldtrans,dc=lcl], filter => [(&(uid=CHPAS-LANSVCS$)(objectclass=sambaSamAccount))], scope => [2] [2008/07/22 21:33:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: chpas-lansvcs$ [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdLastSet does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdCanChange does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdMustChange does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLMPassword does not exist [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPasswordHistory] = [] [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2008/07/22 21:33:40, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user chpas-lansvcs$ [2008/07/22 21:33:40, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2008/07/22 21:33:40, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2008/07/22 21:33:40, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user chpas-lansvcs$ [2008/07/22 21:33:40, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is chpas-lansvcs$ [2008/07/22 21:33:40, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [chpas-lansvcs$]! [2008/07/22 21:33:40, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2008/07/22 21:33:40, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 515 [2008/07/22 21:33:40, 10] passdb/lookup_sid.c:lookup_sid(958) lookup_sid called for SID 'S-1-5-21-399034208-633907489-3292321255-515' [2008/07/22 21:33:40, 10] passdb/lookup_sid.c:check_dom_sid_to_level(713) Accepting SID S-1-5-21-399034208-633907489-3292321255 in level 1 [2008/07/22 21:33:40, 10] passdb/lookup_sid.c:lookup_rids(476) lookup_rids called for domain sid 'S-1-5-21-399034208-633907489-3292321255' [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Users,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-399034208-633907489-3292321255-515)))], scope => [2] [2008/07/22 21:33:40, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-399034208-633907489-3292321255-515)))], scope => [2] [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 10] passdb/lookup_sid.c:lookup_sid(993) Sid S-1-5-21-399034208-633907489-3292321255-515 -> ARNOLD\Domain Trust Accounts(2) [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:40, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 from rid 41377 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] lib/util.c:dump_data(2226) [000] 8E D3 FD 0D 2B 24 4A 1B 5B FB A5 A9 01 7D 19 8F ....+$J. [....}.. [2008/07/22 21:33:40, 10] libsmb/credentials.c:creds_server_init(185) creds_server_init: neg_flags : 600fffff [2008/07/22 21:33:40, 10] libsmb/credentials.c:creds_server_init(186) creds_server_init: client chal : EA94005EEA0BB913 [2008/07/22 21:33:40, 10] libsmb/credentials.c:creds_server_init(187) creds_server_init: server chal : EFFC55FC6278E952 [2008/07/22 21:33:40, 5] libsmb/credentials.c:creds_init_128(70) creds_init_128 [2008/07/22 21:33:40, 5] libsmb/credentials.c:creds_init_128(71) clnt_chal_in: EA94005EEA0BB913 [2008/07/22 21:33:40, 5] libsmb/credentials.c:creds_init_128(72) srv_chal_in : EFFC55FC6278E952 [2008/07/22 21:33:40, 10] libsmb/credentials.c:creds_server_init(205) creds_server_init: clnt : 863DD2616DC3CD7B [2008/07/22 21:33:40, 10] libsmb/credentials.c:creds_server_init(206) creds_server_init: server : 2D36ADE930C29102 [2008/07/22 21:33:40, 10] libsmb/credentials.c:creds_server_init(207) creds_server_init: seed : 863DD2616DC3CD7B [2008/07/22 21:33:40, 10] libsmb/credentials.c:netlogon_creds_server_check(227) netlogon_creds_server_check: credentials check OK. [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 3] passdb/secrets.c:secrets_store_schannel_session_info(1216) secrets_store_schannel_session_info: stored schannel info with key SECRETS/SCHANNEL/CHPAS-LANSVCS [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 out: struct netr_ServerAuthenticate2 return_credentials : * return_credentials: struct netr_Credential data : 2d36ade930c29102 negotiate_flags : * negotiate_flags : 0x400001ff (1073742335) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 0: NETLOGON_NEG_128BIT 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 0: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL result : NT_STATUS_OK [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called NETLOGON successfully [2008/07/22 21:33:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 152 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d4 name: NETLOGON len: 4280 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0028 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000019 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000010 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..40] (align 0) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=26 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 19 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 2D 36 AD E9 30 C2 91 ........ .-6..0.. [020] 02 FF 01 00 40 00 00 00 00 ....@... . [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 104 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x68 [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 25 of length 108 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=27 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=21 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [010] 00 4E 00 00 00 .N... [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = NETLOGON [2008/07/22 21:33:40, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \NETLOGON. [2008/07/22 21:33:40, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe NETLOGON opening. [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested NETLOGON (pipes_open=1) [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(195) open_rpc_pipe_p: name NETLOGON pnum=70d4 [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested NETLOGON [2008/07/22 21:33:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 2 for pipe NETLOGON [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe NETLOGON (pipes_open=1) [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe NETLOGON with handle 70d5 (pipes_open=2) [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name NETLOGON pnum=70d5 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name NETLOGON pnum=70d4 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555ccfba0 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \NETLOGON [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=27 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=54528 (0xD500) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 191 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xbf [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 26 of length 195 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=191 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=28 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 109 (0x6D) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 109 (0x6D) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28885 (0x70D5) smb_bcc=124 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 6D 00 1D 00 1A 00 00 00 B8 .......m ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 41 52 4E 4F 4C 44 00 43 48 .......A RNOLD.CH [070] 50 41 53 2D 4C 41 4E 53 56 43 53 00 PAS-LANS VCS. [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=109 params=0 setup=2 [2008/07/22 21:33:40, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:40, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:40, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d5 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d5 (pipes_open=2) [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d4 (pipes_open=2) [2008/07/22 21:33:40, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "NETLOGON" (pnum 70d5) [2008/07/22 21:33:40, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c908a0 max_trans_reply: 4280 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d5 name: NETLOGON open: Yes len: 109 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 109 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 109 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 109, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 93 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 93 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 006d [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 001d [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001a [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 93 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 93, incoming data = 93 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/22 21:33:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/22 21:33:40, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345678 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 cf fb [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/22 21:33:40, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 44 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000040 smb_io_rpc_auth_schannel_neg [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 type1: 00000000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 type2: 00000003 [2008/07/22 21:33:40, 6] lib/util.c:dump_data(2226) [000] 41 52 4E 4F 4C 44 ARNOLD [2008/07/22 21:33:40, 6] lib/util.c:dump_data(2226) [000] 43 48 50 41 53 2D 4C 41 4E 53 56 43 53 CHPAS-LA NSVCS [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 3] passdb/secrets.c:secrets_restore_schannel_session_info(1309) secrets_restore_schannel_session_info: restored schannel info key SECRETS/SCHANNEL/CHPAS-LANSVCS [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_auth [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 auth_type : 44 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 auth_level : 06 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 auth_pad_len : 08 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 auth_reserved: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 auth_context_id: 00000001 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_schannel_verifier [2008/07/22 21:33:40, 6] lib/util.c:dump_data(2226) [000] 01 . [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000a msg_type : 00000000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 flags : 00000005 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe.c:pipe_schannel_auth_bind(1409) pipe_schannel_auth_bind: schannel auth: domain [ARNOLD] myname [CHPAS-LANSVCS] [2008/07/22 21:33:40, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\NETLOGON checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000f [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\netlogon. [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000019 smb_io_rpc_results [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001c num_results: 01 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0020 result : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0022 reason : 0000 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/22 21:33:40, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 005c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 000c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001a [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 93 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d5 name: NETLOGON len: 4280 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: NETLOGON: current_pdu_len = 92, current_pdu_sent = 0 returning 92 bytes. [2008/07/22 21:33:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..92] (align 0) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=28 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 92 (0x5C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=93 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 05 00 0C 03 10 00 00 00 5C 00 0C 00 1A 00 00 ........ .\...... [010] 00 B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 \netlogo n....... [030] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 44 06 08 00 01 00 00 .+.H`... .D...... [050] 00 01 00 00 00 00 00 00 00 05 00 00 00 ........ ..... [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 27 of length 45 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=29 smt_wct=3 smb_vwv[ 0]=28885 (0x70D5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d5 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d5 (pipes_open=2) [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d4 (pipes_open=2) [2008/07/22 21:33:40, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:70d5 [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name NETLOGON pnum=70d5 (pipes_open=1) [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555caed40 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=29 smt_wct=0 smb_bcc=0 [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 28 of length 45 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=30 smt_wct=3 smb_vwv[ 0]=28884 (0x70D4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d4 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d4 (pipes_open=1) [2008/07/22 21:33:40, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:70d4 [2008/07/22 21:33:40, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe NETLOGON [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name NETLOGON pnum=70d4 (pipes_open=0) [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555caed40 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=30 smt_wct=0 smb_bcc=0 [2008/07/22 21:33:40, 5] lib/debug.c:debug_dump_status(395) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 doing parameter max log size = 0 [2008/07/22 21:33:40, 2] param/loadparm.c:do_section(7363) Processing section "[homes]" [2008/07/22 21:33:40, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 3 for homes [2008/07/22 21:33:40, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 3 for service name homes doing parameter comment = Home Directories doing parameter valid users = %S doing parameter read only = No doing parameter inherit acls = Yes doing parameter browseable = No [2008/07/22 21:33:40, 2] param/loadparm.c:do_section(7363) Processing section "[netlogon]" [2008/07/22 21:33:40, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 2 for netlogon [2008/07/22 21:33:40, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 2 for service name netlogon doing parameter comment = Network Logon Service doing parameter path = /var/lib/samba/netlogon doing parameter guest ok = Yes doing parameter browseable = No doing parameter share modes = No [2008/07/22 21:33:40, 2] param/loadparm.c:do_section(7363) Processing section "[profiles]" [2008/07/22 21:33:40, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 1 for profiles [2008/07/22 21:33:40, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 1 for service name profiles doing parameter comment = Network Profiles Service doing parameter path = /var/lib/samba/profiles doing parameter read only = No doing parameter create mask = 0600 doing parameter directory mask = 0700 doing parameter store dos attributes = Yes doing parameter browseable = No doing parameter available = No [2008/07/22 21:33:40, 4] param/loadparm.c:lp_load_ex(8724) pm_process() returned Yes [2008/07/22 21:33:40, 1] param/loadparm.c:service_ok(6501) NOTE: Service profiles is flagged unavailable. [2008/07/22 21:33:40, 8] param/loadparm.c:add_a_service(5762) add_a_service: Creating snum = 0 for IPC$ [2008/07/22 21:33:40, 10] param/loadparm.c:hash_a_service(5809) hash_a_service: hashing index 0 for service name IPC$ [2008/07/22 21:33:40, 3] param/loadparm.c:lp_add_ipc(5906) adding IPC service [2008/07/22 21:33:40, 10] param/loadparm.c:set_server_role(7905) set_server_role: role = ROLE_DOMAIN_PDC [2008/07/22 21:33:40, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:40, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:40, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:40, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:40, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:40, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:40, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:40, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:40, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:40, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:40, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:40, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/22 21:33:40, 7] param/loadparm.c:lp_servicenumber(8917) lp_servicenumber: couldn't find printers [2008/07/22 21:33:40, 3] printing/pcap.c:pcap_cache_reload(116) reloading printcap cache [2008/07/22 21:33:40, 3] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2008/07/22 21:33:40, 3] printing/pcap.c:pcap_cache_reload(116) reloading printcap cache [2008/07/22 21:33:40, 3] printing/pcap.c:pcap_cache_reload(223) reload status: ok [2008/07/22 21:33:40, 7] param/loadparm.c:lp_servicenumber(8917) lp_servicenumber: couldn't find printers [2008/07/22 21:33:40, 2] lib/interface.c:add_interface(334) added interface eth0 ip=fe80::214:22ff:fe24:45be%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2008/07/22 21:33:40, 2] lib/interface.c:add_interface(334) added interface eth0 ip=192.168.10.23 bcast=192.168.11.255 netmask=255.255.254.0 [2008/07/22 21:33:40, 2] lib/interface.c:add_interface(334) added interface lo ip=::1 bcast=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff [2008/07/22 21:33:40, 2] lib/interface.c:add_interface(334) added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 0 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 0 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 87380 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 0 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 0 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 87380 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2008/07/22 21:33:40, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2008/07/22 21:33:40, 5] smbd/reply.c:reply_special(472) init msg_type=0x81 msg_flags=0x0 [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 190 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xbe [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 0 of length 194 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=0 smb_mid=2 smt_wct=0 smb_bcc=155 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBnegprot (pid 6818) conn 0x0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:40, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [PC NETWORK PROGRAM 1.0] [2008/07/22 21:33:40, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [MICROSOFT NETWORKS 1.03] [2008/07/22 21:33:40, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [MICROSOFT NETWORKS 3.0] [2008/07/22 21:33:40, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LANMAN1.0] [2008/07/22 21:33:40, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LM1.2X002] [2008/07/22 21:33:40, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [DOS LANMAN2.1] [2008/07/22 21:33:40, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LANMAN2.1] [2008/07/22 21:33:40, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [Samba] [2008/07/22 21:33:40, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [NT LANMAN 1.0] [2008/07/22 21:33:40, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [NT LM 0.12] [2008/07/22 21:33:40, 10] lib/util.c:set_remote_arch(2201) set_remote_arch: Client arch is 'Samba' [2008/07/22 21:33:40, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/%m.conf -> /etc/samba/chpas-lansvcs.conf last mod_time: Tue Jul 22 21:32:54 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 22 21:32:59 2008 [2008/07/22 21:33:40, 5] smbd/connection.c:claim_connection(142) claiming [] [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key A21A0000FFFFFFFF0000 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c8f380 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key A21A0000FFFFFFFF0000 [2008/07/22 21:33:40, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/%m.conf -> /etc/samba/chpas-lansvcs.conf last mod_time: Tue Jul 22 21:32:54 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 22 21:32:59 2008 [2008/07/22 21:33:40, 3] smbd/negprot.c:reply_nt1(392) using SPNEGO [2008/07/22 21:33:40, 3] smbd/negprot.c:reply_negprot(673) Selected protocol NT LANMAN 1.0 [2008/07/22 21:33:40, 5] smbd/negprot.c:reply_negprot(680) negprot index=8 [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=41472 (0xA200) smb_vwv[ 8]= 26 (0x1A) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=33714 (0x83B2) smb_vwv[13]=25634 (0x6422) smb_vwv[14]=51436 (0xC8EC) smb_vwv[15]=61441 (0xF001) smb_vwv[16]= 0 (0x0) smb_bcc=58 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 63 68 70 61 73 2D 6E 65 74 73 76 63 73 00 00 00 chpas-ne tsvcs... [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 88 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x58 [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 1 of length 92 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=88 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=0 smb_mid=3 smt_wct=13 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 8292 (0x2064) smb_vwv[ 5]= 6818 (0x1AA2) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=49244 (0xC05C) smb_vwv[12]= 0 (0x0) smb_bcc=27 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S [010] 00 61 00 6D 00 62 00 61 00 00 00 .a.m.b.a ... [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBsesssetupX (pid 6818) conn 0x0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409) wct=13 flg2=0xc801 [2008/07/22 21:33:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1608) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2008/07/22 21:33:40, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1624) sesssetupX:name=[]\[]@[chpas-lansvcs] [2008/07/22 21:33:40, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/%m.conf -> /etc/samba/chpas-lansvcs.conf last mod_time: Tue Jul 22 21:32:54 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 22 21:32:59 2008 [2008/07/22 21:33:40, 3] smbd/sesssetup.c:check_guest_password(159) Got anonymous request [2008/07/22 21:33:40, 5] auth/auth.c:make_auth_context_subsystem(485) Making default auth method list for DC, security=user, encrypt passwords = yes [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend sam [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'sam' [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend sam_ignoredomain [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'sam_ignoredomain' [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend unix [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'unix' [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend winbind [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'winbind' [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend smbserver [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'smbserver' [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend trustdomain [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'trustdomain' [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend ntdomain [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'ntdomain' [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend guest [2008/07/22 21:33:40, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'guest' [2008/07/22 21:33:40, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match guest [2008/07/22 21:33:40, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method guest has a valid init [2008/07/22 21:33:40, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match sam [2008/07/22 21:33:40, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method sam has a valid init [2008/07/22 21:33:40, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2008/07/22 21:33:40, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match trustdomain [2008/07/22 21:33:40, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method trustdomain has a valid init [2008/07/22 21:33:40, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method winbind has a valid init [2008/07/22 21:33:40, 5] auth/auth_util.c:make_user_info(92) attempting to make a user_info for () [2008/07/22 21:33:40, 5] auth/auth_util.c:make_user_info(102) making strings for 's user_info struct [2008/07/22 21:33:40, 5] auth/auth_util.c:make_user_info(134) making blobs for 's user_info struct [2008/07/22 21:33:40, 10] auth/auth_util.c:make_user_info(152) made an encrypted user_info for () [2008/07/22 21:33:40, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user []\[]@[] with the new password interface [2008/07/22 21:33:40, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: []\[]@[] [2008/07/22 21:33:40, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by fixed [2008/07/22 21:33:40, 10] auth/auth.c:check_ntlm_password(234) challenge is: [2008/07/22 21:33:40, 5] lib/util.c:dump_data(2226) [000] 00 00 00 00 00 00 00 00 ........ [2008/07/22 21:33:40, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=65533))], scope => [2] [2008/07/22 21:33:40, 5] lib/smbldap.c:smbldap_close(1110) The connection to the LDAP server was closed [2008/07/22 21:33:40, 10] lib/smbldap.c:smb_ldap_setup_conn(616) smb_ldap_setup_connection: ldap://localhost [2008/07/22 21:33:40, 2] lib/smbldap.c:smbldap_open_connection(796) smbldap_open_connection: connection opened [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_connect_system(961) ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=arnoldtrans,dc=lcl" [2008/07/22 21:33:40, 3] lib/smbldap.c:smbldap_connect_system(1007) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2008/07/22 21:33:40, 10] lib/events.c:event_add_timed(128) Added timed event "smbldap_idle_fn": 555555c97190 [2008/07/22 21:33:40, 4] lib/smbldap.c:smbldap_open(1090) The LDAP server is successfully connected [2008/07/22 21:33:40, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65533)) [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username nobody, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username , was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name nobody, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\nobody, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-501 [2008/07/22 21:33:40, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-399034208-633907489-3292321255-501 from rid 501 [2008/07/22 21:33:40, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: guest authentication for user [] succeeded [2008/07/22 21:33:40, 5] auth/auth.c:check_ntlm_password(308) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2008/07/22 21:33:40, 5] auth/auth_util.c:free_user_info(1951) attempting to free (and zero) a user_info structure [2008/07/22 21:33:40, 10] auth/auth_util.c:free_user_info(1955) structure was created for [2008/07/22 21:33:40, 5] auth/auth_util.c:free_user_info(1951) attempting to free (and zero) a user_info structure [2008/07/22 21:33:40, 10] auth/token_util.c:create_local_nt_token(302) Create local NT token for S-1-5-21-399034208-633907489-3292321255-501 [2008/07/22 21:33:40, 10] passdb/lookup_sid.c:sid_to_gid(1439) sid S-1-5-32-544 -> gid 10024 [2008/07/22 21:33:40, 10] passdb/lookup_sid.c:sid_to_gid(1439) sid S-1-5-32-545 -> gid 10025 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-399034208-633907489-3292321255-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2008/07/22 21:33:40, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-399034208-633907489-3292321255-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-399034208-633907489-3292321255-501] [2008/07/22 21:33:40, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2008/07/22 21:33:40, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2008/07/22 21:33:40, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2008/07/22 21:33:40, 10] passdb/lookup_sid.c:sid_to_gid(1434) winbind failed to find a gid for sid S-1-1-0 [2008/07/22 21:33:40, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-1-0 to gid, ignoring it [2008/07/22 21:33:40, 10] passdb/lookup_sid.c:sid_to_gid(1434) winbind failed to find a gid for sid S-1-5-2 [2008/07/22 21:33:40, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-5-2 to gid, ignoring it [2008/07/22 21:33:40, 10] passdb/lookup_sid.c:sid_to_gid(1434) winbind failed to find a gid for sid S-1-5-32-546 [2008/07/22 21:33:40, 10] auth/auth_util.c:create_local_token(727) Could not convert SID S-1-5-32-546 to gid, ignoring it [2008/07/22 21:33:40, 10] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-399034208-633907489-3292321255-501 contains 4 SIDs SID[ 0]: S-1-5-21-399034208-633907489-3292321255-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/07/22 21:33:40, 10] smbd/password.c:register_initial_vuid(188) register_initial_vuid: allocated vuid = 100 [2008/07/22 21:33:40, 10] smbd/password.c:register_existing_vuid(310) register_existing_vuid: (65534,65533) nobody nobody ARNOLD guest=1 [2008/07/22 21:33:40, 3] smbd/password.c:register_existing_vuid(314) register_existing_vuid: User name: nobody Real name: nobody [2008/07/22 21:33:40, 3] smbd/password.c:register_existing_vuid(326) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2008/07/22 21:33:40, 6] param/loadparm.c:lp_file_list_changed(6625) lp_file_list_changed() file /etc/samba/%m.conf -> /etc/samba/chpas-lansvcs.conf last mod_time: Tue Jul 22 21:32:54 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Jul 22 21:32:59 2008 [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=124 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=100 smb_mid=3 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_bcc=83 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [010] 00 62 00 61 00 20 00 33 00 2E 00 32 00 2E 00 30 .b.a. .3 ...2...0 [020] 00 2D 00 31 00 37 00 39 00 35 00 2D 00 53 00 55 .-.1.7.9 .5.-.S.U [030] 00 53 00 45 00 2D 00 53 00 4C 00 45 00 53 00 31 .S.E.-.S .L.E.S.1 [040] 00 30 00 00 00 41 00 52 00 4E 00 4F 00 4C 00 44 .0...A.R .N.O.L.D [050] 00 00 00 ... [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 90 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x5a [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 2 of length 94 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=90 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=8292 smb_uid=100 smb_mid=4 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=47 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 5C 00 43 00 48 00 50 00 41 00 53 00 2D .\.\.C.H .P.A.S.- [010] 00 4E 00 45 00 54 00 53 00 56 00 43 00 53 00 5C .N.E.T.S .V.C.S.\ [020] 00 49 00 50 00 43 00 24 00 00 00 49 50 43 00 .I.P.C.$ ...IPC. [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBtconX (pid 6818) conn 0x0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:40, 4] smbd/reply.c:reply_tcon_and_X(653) Client requested device type [IPC] for share [IPC$] [2008/07/22 21:33:40, 5] smbd/service.c:make_connection(1376) making a connection to 'normal' service ipc$ [2008/07/22 21:33:40, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user nobody [2008/07/22 21:33:40, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is nobody [2008/07/22 21:33:40, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [nobody]! [2008/07/22 21:33:40, 10] smbd/service.c:set_conn_connectpath(157) set_conn_connectpath: service IPC$, connectpath = /var/tmp [2008/07/22 21:33:40, 3] smbd/service.c:make_connection_snum(936) Connect path is '/var/tmp' for service [IPC$] [2008/07/22 21:33:40, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/07/22 21:33:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000002, for NT token with 4 entries and first sid S-1-5-21-399034208-633907489-3292321255-501. [2008/07/22 21:33:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/22 21:33:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-399034208-633907489-3292321255-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2008/07/22 21:33:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2008/07/22 21:33:40, 3] smbd/vfs.c:vfs_init_default(96) Initialising default vfs hooks [2008/07/22 21:33:40, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend '/[Default VFS]/' [2008/07/22 21:33:40, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for posixacl [2008/07/22 21:33:40, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend 'posixacl' [2008/07/22 21:33:40, 3] smbd/vfs.c:vfs_init_custom(130) Initialising custom vfs hooks from [/[Default VFS]/] [2008/07/22 21:33:40, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ [2008/07/22 21:33:40, 5] smbd/connection.c:claim_connection(142) claiming [IPC$] [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key A21A0000010000004950 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c8f7c0 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key A21A0000010000004950 [2008/07/22 21:33:40, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user nobody [2008/07/22 21:33:40, 10] smbd/share_access.c:is_share_read_only_for_token(273) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2008/07/22 21:33:40, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/07/22 21:33:40, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-399034208-633907489-3292321255-501. [2008/07/22 21:33:40, 3] lib/util_seaccess.c:se_access_check(249) [2008/07/22 21:33:40, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-399034208-633907489-3292321255-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2008/07/22 21:33:40, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (1) granted. [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-399034208-633907489-3292321255-501 contains 4 SIDs SID[ 0]: S-1-5-21-399034208-633907489-3292321255-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(65534,65534) gid=(0,65533) [2008/07/22 21:33:40, 3] smbd/service.c:make_connection_snum(1190) chpas-lansvcs (192.168.10.33) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 6818) [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:40, 3] smbd/reply.c:reply_tcon_and_X(727) tconX service=IPC$ [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=4 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 49 50 43 00 00 00 00 IPC.... [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 104 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x68 [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 3 of length 108 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=5 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=21 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [010] 00 4E 00 00 00 .N... [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 6818) conn 0x555555cd0070 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-399034208-633907489-3292321255-501 contains 4 SIDs SID[ 0]: S-1-5-21-399034208-633907489-3292321255-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(65534,65534) gid=(0,65533) [2008/07/22 21:33:40, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to /var/tmp [2008/07/22 21:33:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = NETLOGON [2008/07/22 21:33:40, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \NETLOGON. [2008/07/22 21:33:40, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe NETLOGON opening. [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested NETLOGON (pipes_open=0) [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested NETLOGON [2008/07/22 21:33:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe NETLOGON [2008/07/22 21:33:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe NETLOGON (pipes_open=0) [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe NETLOGON with handle 70d6 (pipes_open=1) [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name NETLOGON pnum=70d6 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c9a170 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \NETLOGON [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=54784 (0xD600) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 154 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x9a [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 4 of length 158 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28886 (0x70D6) smb_bcc=87 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 1B 00 00 00 B8 .......H ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 .H`.... [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6818) conn 0x555555cd0070 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=72 params=0 setup=2 [2008/07/22 21:33:40, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:40, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:40, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d6 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d6 (pipes_open=1) [2008/07/22 21:33:40, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "NETLOGON" (pnum 70d6) [2008/07/22 21:33:40, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c9d090 max_trans_reply: 4280 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d6 name: NETLOGON open: Yes len: 72 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001b [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/22 21:33:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/22 21:33:40, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345678 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 cf fb [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/22 21:33:40, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/22 21:33:40, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\NETLOGON checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000f [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\netlogon. [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000019 smb_io_rpc_results [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001c num_results: 01 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0020 result : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0022 reason : 0000 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/22 21:33:40, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001b [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d6 name: NETLOGON len: 4280 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2008/07/22 21:33:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..72] (align 0) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 05 00 0C 03 10 00 00 00 48 00 00 00 1B 00 00 ........ .H...... [010] 00 B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 \netlogo n....... [030] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 202 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xca [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 5 of length 206 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=202 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 120 (0x78) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 120 (0x78) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28886 (0x70D6) smb_bcc=135 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 78 00 00 00 1C 00 00 00 60 .......x .......` [020] 00 00 00 00 00 04 00 00 00 02 00 10 00 00 00 00 ........ ........ [030] 00 00 00 10 00 00 00 5C 00 5C 00 43 00 48 00 50 .......\ .\.C.H.P [040] 00 41 00 53 00 2D 00 4E 00 45 00 54 00 53 00 56 .A.S.-.N .E.T.S.V [050] 00 43 00 53 00 00 00 0E 00 00 00 00 00 00 00 0E .C.S.... ........ [060] 00 00 00 43 00 48 00 50 00 41 00 53 00 2D 00 4C ...C.H.P .A.S.-.L [070] 00 41 00 4E 00 53 00 56 00 43 00 53 00 00 00 2D .A.N.S.V .C.S...- [080] 6D 6A 9D 92 20 0F 23 mj.. .# [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6818) conn 0x555555cd0070 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=120 params=0 setup=2 [2008/07/22 21:33:40, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:40, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:40, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d6 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d6 (pipes_open=1) [2008/07/22 21:33:40, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "NETLOGON" (pnum 70d6) [2008/07/22 21:33:40, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c9d090 max_trans_reply: 4280 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d6 name: NETLOGON open: Yes len: 120 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 120 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 120 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 120, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 104 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 104 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0078 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001c [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 104 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 104, incoming data = 104 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000060 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0004 [2008/07/22 21:33:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 81 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\NETLOGON [2008/07/22 21:33:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE [2008/07/22 21:33:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[4].fn == 0x55555570d92e netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\CHPAS-NETSVCS' computer_name : 'CHPAS-LANSVCS' credentials : * credentials: struct netr_Credential data : 2d6d6a9d92200f23 [2008/07/22 21:33:40, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) init_net_r_req_chal: 41 netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : 828a2260350e5c42 result : NT_STATUS_OK [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called NETLOGON successfully [2008/07/22 21:33:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 104 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d6 name: NETLOGON len: 4280 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0024 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000000c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 24 00 00 00 1C 00 00 ........ .$...... [010] 00 0C 00 00 00 00 00 00 00 82 8A 22 60 35 0E 5C ........ ..."`5.\ [020] 42 00 00 00 00 B.... [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 250 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xfa [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 6 of length 254 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=250 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 168 (0xA8) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 168 (0xA8) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28886 (0x70D6) smb_bcc=183 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 A8 00 00 00 1D 00 00 00 90 ........ ........ [020] 00 00 00 00 00 0F 00 00 00 02 00 10 00 00 00 00 ........ ........ [030] 00 00 00 10 00 00 00 5C 00 5C 00 43 00 48 00 50 .......\ .\.C.H.P [040] 00 41 00 53 00 2D 00 4E 00 45 00 54 00 53 00 56 .A.S.-.N .E.T.S.V [050] 00 43 00 53 00 00 00 0F 00 00 00 00 00 00 00 0F .C.S.... ........ [060] 00 00 00 43 00 48 00 50 00 41 00 53 00 2D 00 4C ...C.H.P .A.S.-.L [070] 00 41 00 4E 00 53 00 56 00 43 00 53 00 24 00 00 .A.N.S.V .C.S.$.. [080] 00 06 00 0E 00 00 00 00 00 00 00 0E 00 00 00 43 ........ .......C [090] 00 48 00 50 00 41 00 53 00 2D 00 4C 00 41 00 4E .H.P.A.S .-.L.A.N [0A0] 00 53 00 56 00 43 00 53 00 00 00 97 6F 6D C5 39 .S.V.C.S ....om.9 [0B0] CF 97 A4 FF FF 0F 60 ......` [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6818) conn 0x555555cd0070 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=168 params=0 setup=2 [2008/07/22 21:33:40, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:40, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:40, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d6 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d6 (pipes_open=1) [2008/07/22 21:33:40, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "NETLOGON" (pnum 70d6) [2008/07/22 21:33:40, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c9d090 max_trans_reply: 4280 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d6 name: NETLOGON open: Yes len: 168 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 168 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 168 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 168, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 152 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 152 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00a8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001d [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 152 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 152, incoming data = 152 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000090 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 000f [2008/07/22 21:33:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\NETLOGON [2008/07/22 21:33:40, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE2 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[15].fn == 0x55555570beda netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 in: struct netr_ServerAuthenticate2 server_name : * server_name : '\\CHPAS-NETSVCS' account_name : 'CHPAS-LANSVCS$' secure_channel_type : SEC_CHAN_BDC (6) computer_name : 'CHPAS-LANSVCS' credentials : * credentials: struct netr_Credential data : 976f6dc539cf97a4 negotiate_flags : * negotiate_flags : 0x600fffff (1611661311) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [dc=arnoldtrans,dc=lcl], filter => [(&(uid=CHPAS-LANSVCS$)(objectclass=sambaSamAccount))], scope => [2] [2008/07/22 21:33:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: chpas-lansvcs$ [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdLastSet does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdCanChange does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdMustChange does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLMPassword does not exist [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_get_single_attribute(276) smbldap_get_single_attribute: [sambaPasswordHistory] = [] [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2008/07/22 21:33:40, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2008/07/22 21:33:40, 5] passdb/login_cache.c:login_cache_init(40) Opening cache file at /var/lib/samba/login_cache.tdb [2008/07/22 21:33:40, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user chpas-lansvcs$ [2008/07/22 21:33:40, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2008/07/22 21:33:40, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2008/07/22 21:33:40, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user chpas-lansvcs$ [2008/07/22 21:33:40, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is chpas-lansvcs$ [2008/07/22 21:33:40, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [chpas-lansvcs$]! [2008/07/22 21:33:40, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2008/07/22 21:33:40, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 515 [2008/07/22 21:33:40, 10] passdb/lookup_sid.c:lookup_sid(958) lookup_sid called for SID 'S-1-5-21-399034208-633907489-3292321255-515' [2008/07/22 21:33:40, 10] passdb/lookup_sid.c:check_dom_sid_to_level(713) Accepting SID S-1-5-21-399034208-633907489-3292321255 in level 1 [2008/07/22 21:33:40, 10] passdb/lookup_sid.c:lookup_rids(476) lookup_rids called for domain sid 'S-1-5-21-399034208-633907489-3292321255' [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Users,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-399034208-633907489-3292321255-515)))], scope => [2] [2008/07/22 21:33:40, 5] lib/smbldap.c:smbldap_search_ext(1207) smbldap_search_ext: base => [ou=Group,dc=arnoldtrans,dc=lcl], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-399034208-633907489-3292321255-515)))], scope => [2] [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 10] passdb/lookup_sid.c:lookup_sid(993) Sid S-1-5-21-399034208-633907489-3292321255-515 -> ARNOLD\Domain Trust Accounts(2) [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username chpas-lansvcs$, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain ARNOLD, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username chpas-lansvcs$, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive H:, was NULL [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script scripts\logon.bat, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\chpas-netsvcs\profiles\chpas-lansvcs_, was [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 5 , timeout = Tue Jul 22 21:34:09 2008 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 [2008/07/22 21:33:40, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-399034208-633907489-3292321255-41377 from rid 41377 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] lib/util.c:dump_data(2226) [000] 8E D3 FD 0D 2B 24 4A 1B 5B FB A5 A9 01 7D 19 8F ....+$J. [....}.. [2008/07/22 21:33:40, 10] libsmb/credentials.c:creds_server_init(185) creds_server_init: neg_flags : 600fffff [2008/07/22 21:33:40, 10] libsmb/credentials.c:creds_server_init(186) creds_server_init: client chal : 2D6D6A9D92200F23 [2008/07/22 21:33:40, 10] libsmb/credentials.c:creds_server_init(187) creds_server_init: server chal : 828A2260350E5C42 [2008/07/22 21:33:40, 5] libsmb/credentials.c:creds_init_128(70) creds_init_128 [2008/07/22 21:33:40, 5] libsmb/credentials.c:creds_init_128(71) clnt_chal_in: 2D6D6A9D92200F23 [2008/07/22 21:33:40, 5] libsmb/credentials.c:creds_init_128(72) srv_chal_in : 828A2260350E5C42 [2008/07/22 21:33:40, 10] libsmb/credentials.c:creds_server_init(205) creds_server_init: clnt : 976F6DC539CF97A4 [2008/07/22 21:33:40, 10] libsmb/credentials.c:creds_server_init(206) creds_server_init: server : 47DE43EA86F903FA [2008/07/22 21:33:40, 10] libsmb/credentials.c:creds_server_init(207) creds_server_init: seed : 976F6DC539CF97A4 [2008/07/22 21:33:40, 10] libsmb/credentials.c:netlogon_creds_server_check(227) netlogon_creds_server_check: credentials check OK. [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 3] passdb/secrets.c:secrets_store_schannel_session_info(1216) secrets_store_schannel_session_info: stored schannel info with key SECRETS/SCHANNEL/CHPAS-LANSVCS [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 out: struct netr_ServerAuthenticate2 return_credentials : * return_credentials: struct netr_Credential data : 47de43ea86f903fa negotiate_flags : * negotiate_flags : 0x400001ff (1073742335) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 0: NETLOGON_NEG_128BIT 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 0: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL result : NT_STATUS_OK [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called NETLOGON successfully [2008/07/22 21:33:40, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 152 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d6 name: NETLOGON len: 4280 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0028 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001d [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000010 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/07/22 21:33:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..40] (align 0) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 05 00 02 03 10 00 00 00 28 00 00 00 1D 00 00 ........ .(...... [010] 00 10 00 00 00 00 00 00 00 47 DE 43 EA 86 F9 03 ........ .G.C.... [020] FA FF 01 00 40 00 00 00 00 ....@... . [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 104 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x68 [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 7 of length 108 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=9 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=21 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [010] 00 4E 00 00 00 .N... [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 6818) conn 0x555555cd0070 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = NETLOGON [2008/07/22 21:33:40, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \NETLOGON. [2008/07/22 21:33:40, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe NETLOGON opening. [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested NETLOGON (pipes_open=1) [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(195) open_rpc_pipe_p: name NETLOGON pnum=70d6 [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested NETLOGON [2008/07/22 21:33:40, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 2 for pipe NETLOGON [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe NETLOGON (pipes_open=1) [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe NETLOGON with handle 70d7 (pipes_open=2) [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name NETLOGON pnum=70d7 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name NETLOGON pnum=70d6 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c2d490 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \NETLOGON [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=9 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=55040 (0xD700) smb_vwv[ 3]= 368 (0x170) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 191 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xbf [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 8 of length 195 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=191 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 109 (0x6D) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 109 (0x6D) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=28887 (0x70D7) smb_bcc=124 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 6D 00 1D 00 1E 00 00 00 B8 .......m ........ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 ........ .......x [030] 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 V4.4.... ..#Eg... [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]... .......+ [050] 10 48 60 02 00 00 00 44 06 00 00 01 00 00 00 00 .H`....D ........ [060] 00 00 00 03 00 00 00 41 52 4E 4F 4C 44 00 43 48 .......A RNOLD.CH [070] 50 41 53 2D 4C 41 4E 53 56 43 53 00 PAS-LANS VCS. [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 6818) conn 0x555555cd0070 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=109 params=0 setup=2 [2008/07/22 21:33:40, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2008/07/22 21:33:40, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2008/07/22 21:33:40, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d7 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d7 (pipes_open=2) [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d6 (pipes_open=2) [2008/07/22 21:33:40, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "NETLOGON" (pnum 70d7) [2008/07/22 21:33:40, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x555555c955d0 max_trans_reply: 4280 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 70d7 name: NETLOGON open: Yes len: 109 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 109 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 109 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 109, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 93 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 93 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 006d [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 001d [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001e [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 93 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 93, incoming data = 93 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/07/22 21:33:40, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/07/22 21:33:40, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345678 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 cf fb [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/22 21:33:40, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 44 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000040 smb_io_rpc_auth_schannel_neg [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0040 type1: 00000000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 type2: 00000003 [2008/07/22 21:33:40, 6] lib/util.c:dump_data(2226) [000] 41 52 4E 4F 4C 44 ARNOLD [2008/07/22 21:33:40, 6] lib/util.c:dump_data(2226) [000] 43 48 50 41 53 2D 4C 41 4E 53 56 43 53 CHPAS-LA NSVCS [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 3] passdb/secrets.c:secrets_restore_schannel_session_info(1309) secrets_restore_schannel_session_info: restored schannel info key SECRETS/SCHANNEL/CHPAS-LANSVCS [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_auth [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 auth_type : 44 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 auth_level : 06 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 auth_pad_len : 08 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 auth_reserved: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 auth_context_id: 00000001 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_schannel_verifier [2008/07/22 21:33:40, 6] lib/util.c:dump_data(2226) [000] 01 . [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000a msg_type : 00000000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 flags : 00000005 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe.c:pipe_schannel_auth_bind(1409) pipe_schannel_auth_bind: schannel auth: domain [ARNOLD] myname [CHPAS-LANSVCS] [2008/07/22 21:33:40, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\NETLOGON checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000f [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\netlogon. [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000019 smb_io_rpc_results [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001c num_results: 01 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0020 result : 0000 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0022 reason : 0000 [2008/07/22 21:33:40, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/07/22 21:33:40, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 005c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 000c [2008/07/22 21:33:40, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000001e [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 93 [2008/07/22 21:33:40, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 70d7 name: NETLOGON len: 4280 [2008/07/22 21:33:40, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: NETLOGON: current_pdu_len = 92, current_pdu_sent = 0 returning 92 bytes. [2008/07/22 21:33:40, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..92] (align 0) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 92 (0x5C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=93 [2008/07/22 21:33:40, 10] lib/util.c:dump_data(2226) [000] 00 05 00 0C 03 10 00 00 00 5C 00 0C 00 1E 00 00 ........ .\...... [010] 00 B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 ......S. ...\PIPE [020] 5C 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 \netlogo n....... [030] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 44 06 08 00 01 00 00 .+.H`... .D...... [050] 00 01 00 00 00 00 00 00 00 05 00 00 00 ........ ..... [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 9 of length 45 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=11 smt_wct=3 smb_vwv[ 0]=28887 (0x70D7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 6818) conn 0x555555cd0070 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d7 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d7 (pipes_open=2) [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d6 (pipes_open=2) [2008/07/22 21:33:40, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:70d7 [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name NETLOGON pnum=70d7 (pipes_open=1) [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c943a0 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=11 smt_wct=0 smb_bcc=0 [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 10 of length 45 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=12 smt_wct=3 smb_vwv[ 0]=28886 (0x70D6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 6818) conn 0x555555cd0070 [2008/07/22 21:33:40, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=70d6 [2008/07/22 21:33:40, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=70d6 (pipes_open=1) [2008/07/22 21:33:40, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:70d6 [2008/07/22 21:33:40, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe NETLOGON [2008/07/22 21:33:40, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name NETLOGON pnum=70d6 (pipes_open=0) [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c943a0 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 4E45544C4F474F4E2F36 [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=12 smt_wct=0 smb_bcc=0 [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 35 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x23 [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Transaction 11 of length 39 (0 toread) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=13 smt_wct=0 smb_bcc=0 [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBtdis (pid 6818) conn 0x555555cd0070 [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:40, 3] smbd/service.c:close_cnum(1401) chpas-lansvcs (192.168.10.33) closed connection to service IPC$ [2008/07/22 21:33:40, 3] smbd/connection.c:yield_connection(31) Yielding connection to IPC$ [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key A21A0000010000004950 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c8a850 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key A21A0000010000004950 [2008/07/22 21:33:40, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to / [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=13 smt_wct=0 smb_bcc=0 [2008/07/22 21:33:40, 5] lib/util_sock.c:read_socket_with_timeout(928) read_socket_with_timeout: blocking read. EOF from client. [2008/07/22 21:33:40, 10] smbd/process.c:receive_smb_raw_talloc(276) receive_smb_raw: NT_STATUS_END_OF_FILE [2008/07/22 21:33:40, 3] smbd/process.c:smbd_process(2027) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2008/07/22 21:33:40, 5] lib/gencache.c:gencache_shutdown(93) [2008/07/22 21:33:40, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 35 [2008/07/22 21:33:40, 6] smbd/process.c:process_smb(1546) Closing cache file [2008/07/22 21:33:40, 5] libsmb/namecache.c:namecache_shutdown(81) namecache_shutdown: netbios namecache closed successfully. [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) got message type 0x0 of len 0x23 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 [2008/07/22 21:33:40, 3] smbd/process.c:process_smb(1549) Primary group is 0 and contains 0 supplementary groups Transaction 29 of length 39 (0 toread) [2008/07/22 21:33:40, 5] smbd/uid.c:change_to_root_user(287) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=35 [2008/07/22 21:33:40, 3] smbd/connection.c:yield_connection(31) smb_com=0x71 Yielding connection to smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=31 smt_wct=0 smb_bcc=0 [2008/07/22 21:33:40, 3] smbd/process.c:switch_message(1361) switch message SMBtdis (pid 6817) conn 0x555555c90ae0 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) Locking key A21A0000FFFFFFFF0000 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) NT user token: (NULL) Allocated locked data 0x0x555555c88140 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) Unlocking key A21A0000FFFFFFFF0000 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] smbd/uid.c:change_to_root_user(287) [2008/07/22 21:33:40, 3] smbd/server.c:exit_server_common(944) change_to_root_user: now uid=(0,0) gid=(0,0) Server exit (normal exit) [2008/07/22 21:33:40, 3] smbd/service.c:close_cnum(1401) chpas-lansvcs (192.168.10.33) closed connection to service IPC$ [2008/07/22 21:33:40, 3] smbd/connection.c:yield_connection(31) Yielding connection to IPC$ [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key A11A0000010000004950 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c9e0a0 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key A11A0000010000004950 [2008/07/22 21:33:40, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to / [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(645) [2008/07/22 21:33:40, 5] lib/util.c:show_msg(655) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=8292 smb_uid=100 smb_mid=31 smt_wct=0 smb_bcc=0 [2008/07/22 21:33:40, 5] lib/util_sock.c:read_socket_with_timeout(928) read_socket_with_timeout: blocking read. EOF from client. [2008/07/22 21:33:40, 10] smbd/process.c:receive_smb_raw_talloc(276) receive_smb_raw: NT_STATUS_END_OF_FILE [2008/07/22 21:33:40, 3] smbd/process.c:smbd_process(2027) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2008/07/22 21:33:40, 5] lib/gencache.c:gencache_shutdown(93) Closing cache file [2008/07/22 21:33:40, 5] libsmb/namecache.c:namecache_shutdown(81) namecache_shutdown: netbios namecache closed successfully. [2008/07/22 21:33:40, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/07/22 21:33:40, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/07/22 21:33:40, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/07/22 21:33:40, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 49442F363831372F3130 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555cab250 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 49442F363831372F3130 [2008/07/22 21:33:40, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key A11A0000FFFFFFFF0000 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x555555c9e0a0 [2008/07/22 21:33:40, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key A11A0000FFFFFFFF0000 [2008/07/22 21:33:40, 3] smbd/server.c:exit_server_common(944) Server exit (normal exit)