[2008/08/04 09:35:47, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2008/08/04 09:35:47, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key FC690000FFFFFFFF0000 [2008/08/04 09:35:47, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb8185000 [2008/08/04 09:35:47, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key FC690000FFFFFFFF0000 [2008/08/04 09:35:47, 3] smbd/server.c:exit_server_common(944) Server exit (normal exit) [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 0 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 0 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 87380 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 0 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 0 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 87380 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2008/08/04 09:37:14, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2008/08/04 09:37:14, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /etc/samba/comps/teste.conf -> /etc/samba/comps/teste.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/comps/netlogon.conf -> /etc/samba/comps/netlogon.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/includes.conf -> /etc/samba/includes.conf last mod_time: Thu Jul 31 15:49:50 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Aug 4 09:34:48 2008 [2008/08/04 09:37:14, 3] smbd/oplock.c:init_oplocks(875) init_oplocks: initializing messages. [2008/08/04 09:37:14, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(285) Linux kernel oplocks enabled [2008/08/04 09:37:14, 10] lib/events.c:event_add_timed(128) Added timed event "idle_evt(keepalive)": b816bd80 [2008/08/04 09:37:14, 10] lib/events.c:event_add_timed(128) Added timed event "idle_evt(deadtime)": b816bf20 [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 68 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x81 of len 0x44 [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 0 of length 72 (0 toread) [2008/08/04 09:37:14, 2] smbd/reply.c:reply_special(425) netbios connect: name1=SRVSMB1J21001 name2=ORC [2008/08/04 09:37:14, 2] smbd/reply.c:reply_special(432) netbios connect: local=srvsmb1j21001 remote=orc, name type = 0 [2008/08/04 09:37:14, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /etc/samba/comps/teste.conf -> /etc/samba/comps/teste.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/comps/netlogon.conf -> /etc/samba/comps/netlogon.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/includes.conf -> /etc/samba/includes.conf last mod_time: Thu Jul 31 15:49:50 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Aug 4 09:34:48 2008 [2008/08/04 09:37:14, 5] smbd/reply.c:reply_special(472) init msg_type=0x81 msg_flags=0x0 [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 133 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x85 [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 0 of length 137 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [060] 32 00 2. [2008/08/04 09:37:14, 3] smbd/process.c:switch_message(1361) switch message SMBnegprot (pid 27141) conn 0x0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/08/04 09:37:14, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [PC NETWORK PROGRAM 1.0] [2008/08/04 09:37:14, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LANMAN1.0] [2008/08/04 09:37:14, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [Windows for Workgroups 3.1a] [2008/08/04 09:37:14, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LM1.2X002] [2008/08/04 09:37:14, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [LANMAN2.1] [2008/08/04 09:37:14, 3] smbd/negprot.c:reply_negprot(568) Requested protocol [NT LM 0.12] [2008/08/04 09:37:14, 10] lib/util.c:set_remote_arch(2201) set_remote_arch: Client arch is 'Win2K' [2008/08/04 09:37:14, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /etc/samba/comps/teste.conf -> /etc/samba/comps/teste.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/comps/netlogon.conf -> /etc/samba/comps/netlogon.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/includes.conf -> /etc/samba/includes.conf last mod_time: Thu Jul 31 15:49:50 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Aug 4 09:34:48 2008 [2008/08/04 09:37:14, 5] smbd/connection.c:claim_connection(142) claiming [] [2008/08/04 09:37:14, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 056A0000FFFFFFFF0000 [2008/08/04 09:37:14, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb816c668 [2008/08/04 09:37:14, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 056A0000FFFFFFFF0000 [2008/08/04 09:37:14, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /etc/samba/comps/teste.conf -> /etc/samba/comps/teste.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/comps/netlogon.conf -> /etc/samba/comps/netlogon.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/includes.conf -> /etc/samba/includes.conf last mod_time: Thu Jul 31 15:49:50 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Aug 4 09:34:48 2008 [2008/08/04 09:37:14, 3] smbd/negprot.c:reply_nt1(392) using SPNEGO [2008/08/04 09:37:14, 3] smbd/negprot.c:reply_negprot(673) Selected protocol NT LM 0.12 [2008/08/04 09:37:14, 5] smbd/negprot.c:reply_negprot(680) negprot index=5 [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]= 1280 (0x500) smb_vwv[ 8]= 106 (0x6A) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=30457 (0x76F9) smb_vwv[13]=11986 (0x2ED2) smb_vwv[14]=51446 (0xC8F6) smb_vwv[15]=46081 (0xB401) smb_vwv[16]= 0 (0x0) smb_bcc=58 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] 73 72 76 73 6D 62 31 6A 32 31 30 30 31 00 00 00 srvsmb1j 21001... [010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 236 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xec [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 1 of length 240 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=236 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 236 (0xEC) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=177 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... [030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 05 01 28 0A 00 00 00 0F 00 57 00 69 00 6E ....(... ...W.i.n [050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [060] 00 32 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .2. .S.e .r.v.i.c [070] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 .e. .P.a .c.k. .2 [080] 00 20 00 32 00 36 00 30 00 30 00 00 00 57 00 69 . .2.6.0 .0...W.i [090] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [0A0] 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 00 00 .0.2. .5 ...1.... [0B0] 00 . [2008/08/04 09:37:14, 3] smbd/process.c:switch_message(1361) switch message SMBsesssetupX (pid 27141) conn 0x0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/08/04 09:37:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409) wct=12 flg2=0xc807 [2008/08/04 09:37:14, 2] smbd/sesssetup.c:setup_new_vc_session(1363) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2008/08/04 09:37:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173) Doing spnego session setup [2008/08/04 09:37:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2008/08/04 09:37:14, 10] lib/util.c:set_remote_arch(2201) set_remote_arch: Client arch is 'WinXP' [2008/08/04 09:37:14, 10] smbd/password.c:register_initial_vuid(188) register_initial_vuid: allocated vuid = 100 [2008/08/04 09:37:14, 10] smbd/sesssetup.c:check_spnego_blob_complete(1121) check_spnego_blob_complete: needed_len = 74, pblob->length = 74 [2008/08/04 09:37:14, 5] smbd/sesssetup.c:parse_spnego_mechanisms(749) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2008/08/04 09:37:14, 3] smbd/sesssetup.c:reply_spnego_negotiate(800) reply_spnego_negotiate: Got secblob of size 40 [2008/08/04 09:37:14, 5] auth/auth.c:make_auth_context_subsystem(485) Making default auth method list for DC, security=user, encrypt passwords = yes [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend sam [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'sam' [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend sam_ignoredomain [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'sam_ignoredomain' [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend unix [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'unix' [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend winbind [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'winbind' [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend smbserver [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'smbserver' [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend trustdomain [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'trustdomain' [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend ntdomain [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'ntdomain' [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(46) Attempting to register auth backend guest [2008/08/04 09:37:14, 5] auth/auth.c:smb_register_auth(58) Successfully added auth method 'guest' [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match guest [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method guest has a valid init [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match sam [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method sam has a valid init [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match trustdomain [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method trustdomain has a valid init [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method winbind has a valid init [2008/08/04 09:37:14, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2008/08/04 09:37:14, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module guest did not want to specify a challenge [2008/08/04 09:37:14, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module sam did not want to specify a challenge [2008/08/04 09:37:14, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module winbind did not want to specify a challenge [2008/08/04 09:37:14, 5] auth/auth.c:get_ntlm_challenge(136) auth_context challenge created by random [2008/08/04 09:37:14, 5] auth/auth.c:get_ntlm_challenge(137) challenge is: [2008/08/04 09:37:14, 5] lib/util.c:dump_data(2226) [000] EC 5A B4 8B 32 3A C2 66 .Z..2:.f [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=336 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=64 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 201 (0xC9) smb_bcc=293 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] A1 81 C6 30 81 C3 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 AD 04 81 AA 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 30 TLMSSP.. .......0 [030] 00 00 00 15 82 89 E2 EC 5A B4 8B 32 3A C2 66 00 ........ Z..2:.f. [040] 00 00 00 00 00 00 00 74 00 74 00 36 00 00 00 55 .......t .t.6...U [050] 00 46 00 55 00 02 00 06 00 55 00 46 00 55 00 01 .F.U.... .U.F.U.. [060] 00 1A 00 53 00 52 00 56 00 53 00 4D 00 42 00 31 ...S.R.V .S.M.B.1 [070] 00 4A 00 32 00 31 00 30 00 30 00 31 00 04 00 12 .J.2.1.0 .0.1.... [080] 00 64 00 72 00 2E 00 75 00 66 00 75 00 2E 00 62 .d.r...u .f.u...b [090] 00 72 00 03 00 2E 00 73 00 72 00 76 00 73 00 6D .r.....s .r.v.s.m [0A0] 00 62 00 31 00 6A 00 32 00 31 00 30 00 30 00 31 .b.1.j.2 .1.0.0.1 [0B0] 00 2E 00 64 00 72 00 2E 00 75 00 66 00 75 00 2E ...d.r.. .u.f.u.. [0C0] 00 62 00 72 00 00 00 00 00 55 00 6E 00 69 00 78 .b.r.... .U.n.i.x [0D0] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0E0] 00 2E 00 32 00 2E 00 30 00 72 00 63 00 31 00 2D ...2...0 .r.c.1.- [0F0] 00 32 00 32 00 2E 00 31 00 2D 00 31 00 37 00 39 .2.2...1 .-.1.7.9 [100] 00 35 00 2D 00 53 00 55 00 53 00 45 00 2D 00 53 .5.-.S.U .S.E.-.S [110] 00 4C 00 31 00 31 00 2E 00 30 00 00 00 55 00 46 .L.1.1.. .0...U.F [120] 00 55 00 00 00 .U... [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 264 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x108 [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 2 of length 268 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=264 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 264 (0x108) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 103 (0x67) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=205 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] A1 65 30 63 A2 61 04 5F 4E 54 4C 4D 53 53 50 00 .e0c.a._ NTLMSSP. [010] 03 00 00 00 01 00 01 00 4E 00 00 00 00 00 00 00 ........ N....... [020] 4F 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 O....... H....... [030] 48 00 00 00 06 00 06 00 48 00 00 00 10 00 10 00 H....... H....... [040] 4F 00 00 00 15 8A 88 E2 05 01 28 0A 00 00 00 0F O....... ..(..... [050] 4F 00 52 00 43 00 00 DA 66 F7 71 81 B9 EB FA 5B O.R.C... f.q....[ [060] 48 75 06 76 4A 0C BB 57 00 69 00 6E 00 64 00 6F Hu.vJ..W .i.n.d.o [070] 00 77 00 73 00 20 00 32 00 30 00 30 00 32 00 20 .w.s. .2 .0.0.2. [080] 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 .S.e.r.v .i.c.e. [090] 00 50 00 61 00 63 00 6B 00 20 00 32 00 20 00 32 .P.a.c.k . .2. .2 [0A0] 00 36 00 30 00 30 00 00 00 57 00 69 00 6E 00 64 .6.0.0.. .W.i.n.d [0B0] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 32 .o.w.s. .2.0.0.2 [0C0] 00 20 00 35 00 2E 00 31 00 00 00 00 00 . .5...1 ..... [2008/08/04 09:37:14, 3] smbd/process.c:switch_message(1361) switch message SMBsesssetupX (pid 27141) conn 0x0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/08/04 09:37:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409) wct=12 flg2=0xc807 [2008/08/04 09:37:14, 2] smbd/sesssetup.c:setup_new_vc_session(1363) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2008/08/04 09:37:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173) Doing spnego session setup [2008/08/04 09:37:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2008/08/04 09:37:14, 10] smbd/sesssetup.c:check_spnego_blob_complete(1121) check_spnego_blob_complete: needed_len = 103, pblob->length = 103 [2008/08/04 09:37:14, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(745) Got user=[] domain=[] workstation=[ORC] len1=1 len2=0 [2008/08/04 09:37:14, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /etc/samba/comps/teste.conf -> /etc/samba/comps/teste.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/comps/netlogon.conf -> /etc/samba/comps/netlogon.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/includes.conf -> /etc/samba/includes.conf last mod_time: Thu Jul 31 15:49:50 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Aug 4 09:34:48 2008 [2008/08/04 09:37:14, 5] auth/auth_util.c:make_user_info_map(178) make_user_info_map: Mapping user []\[] from workstation [ORC] [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] auth/auth_util.c:is_trusted_domain(1968) is_trusted_domain: Checking for domain trust with [UFU] [2008/08/04 09:37:14, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5821) ldapsam_get_trusteddom_pw called for domain UFU [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [sambaDomainName=UFU,sambaDomainName=UFU,dc=ufu,dc=br], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=UFU))], scope => [2] [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_close(1086) The connection to the LDAP server was closed [2008/08/04 09:37:14, 10] lib/smbldap.c:smb_ldap_setup_conn(616) smb_ldap_setup_connection: ldap://ldap.dr.ufu.br [2008/08/04 09:37:14, 2] lib/smbldap.c:smbldap_open_connection(772) smbldap_open_connection: connection opened [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_connect_system(937) ldap_connect_system: Binding to ldap server ldap://ldap.dr.ufu.br as "cn=manager,dc=ufu,dc=br" [2008/08/04 09:37:14, 3] lib/smbldap.c:smbldap_check_root_dse(1701) smbldap_check_root_dse: Expected one rootDSE, got 0 [2008/08/04 09:37:14, 3] lib/smbldap.c:smbldap_connect_system(983) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does not support paged results [2008/08/04 09:37:14, 10] lib/events.c:timed_event_destructor(65) Destroying timed event b81540c8 "smbldap_idle_fn" [2008/08/04 09:37:14, 10] lib/events.c:event_add_timed(128) Added timed event "smbldap_idle_fn": b8155d18 [2008/08/04 09:37:14, 4] lib/smbldap.c:smbldap_open(1066) The LDAP server is successfully connected [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_search_ext(1247) Failed search for base: sambaDomainName=UFU,sambaDomainName=UFU,dc=ufu,dc=br, error: 32 (No such object) (unknown) [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 10] lib/gencache.c:gencache_get(194) Cache entry with key = TDOM/UFU couldn't be found [2008/08/04 09:37:14, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183) no entry for trusted domain UFU found. [2008/08/04 09:37:14, 5] auth/auth_util.c:make_user_info(92) attempting to make a user_info for () [2008/08/04 09:37:14, 5] auth/auth_util.c:make_user_info(102) making strings for 's user_info struct [2008/08/04 09:37:14, 5] auth/auth_util.c:make_user_info(134) making blobs for 's user_info struct [2008/08/04 09:37:14, 10] auth/auth_util.c:make_user_info(152) made an encrypted user_info for () [2008/08/04 09:37:14, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user []\[]@[ORC] with the new password interface [2008/08/04 09:37:14, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [UFU]\[]@[ORC] [2008/08/04 09:37:14, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by random [2008/08/04 09:37:14, 10] auth/auth.c:check_ntlm_password(234) challenge is: [2008/08/04 09:37:14, 5] lib/util.c:dump_data(2226) [000] EC 5A B4 8B 32 3A C2 66 .Z..2:.f [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=65533))], scope => [2] [2008/08/04 09:37:14, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65533)) [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 10] lib/gencache.c:gencache_get(208) Returning expired cache entry: key = ACCT_POL/password history, value = 0 , timeout = Mon Aug 4 09:36:05 2008 [2008/08/04 09:37:14, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845) ldapsam_get_account_policy_from_ldap [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [sambaDomainName=UFU,dc=ufu,dc=br], filter => [(objectclass=*)], scope => [0] [2008/08/04 09:37:14, 10] lib/account_pol.c:cache_account_policy_set(395) cache_account_policy_set: updating account pol cache [2008/08/04 09:37:14, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = ACCT_POL/password history; value = 0 and timeout = Mon Aug 4 09:38:14 2008 (60 seconds ahead) [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username nobody, was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain UFU, was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username , was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name nobody, was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive , was NULL [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script logon.bat, was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path , was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Mon Aug 4 09:38:14 2008 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-534671462-504895351-1339659545-501 [2008/08/04 09:37:14, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-534671462-504895351-1339659545-501 from rid 501 [2008/08/04 09:37:14, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: guest authentication for user [] succeeded [2008/08/04 09:37:14, 5] auth/auth.c:check_ntlm_password(308) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2008/08/04 09:37:14, 5] auth/auth_util.c:free_user_info(1898) attempting to free (and zero) a user_info structure [2008/08/04 09:37:14, 10] auth/auth_util.c:free_user_info(1902) structure was created for [2008/08/04 09:37:14, 10] auth/token_util.c:create_local_nt_token(302) Create local NT token for S-1-5-21-534671462-504895351-1339659545-501 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2008/08/04 09:37:14, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1252) LEGACY: mapping failed for sid S-1-5-32-544 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2008/08/04 09:37:14, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1252) LEGACY: mapping failed for sid S-1-5-32-545 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-534671462-504895351-1339659545-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-534671462-504895351-1339659545-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-534671462-504895351-1339659545-501] [2008/08/04 09:37:14, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2008/08/04 09:37:14, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2008/08/04 09:37:14, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2008/08/04 09:37:14, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1252) LEGACY: mapping failed for sid S-1-1-0 [2008/08/04 09:37:14, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-1-0 to gid, ignoring it [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2008/08/04 09:37:14, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1252) LEGACY: mapping failed for sid S-1-5-2 [2008/08/04 09:37:14, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-5-2 to gid, ignoring it [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2008/08/04 09:37:14, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1252) LEGACY: mapping failed for sid S-1-5-32-546 [2008/08/04 09:37:14, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-5-32-546 to gid, ignoring it [2008/08/04 09:37:14, 10] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-534671462-504895351-1339659545-501 contains 4 SIDs SID[ 0]: S-1-5-21-534671462-504895351-1339659545-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/08/04 09:37:14, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2008/08/04 09:37:14, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144) Got LM session key of length 16 [2008/08/04 09:37:14, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(848) ntlmssp_server_auth: Using unmodified nt session key. [2008/08/04 09:37:14, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2008/08/04 09:37:14, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2008/08/04 09:37:14, 10] smbd/password.c:register_existing_vuid(310) register_existing_vuid: (65534,65533) nobody UFU guest=1 [2008/08/04 09:37:14, 3] smbd/password.c:register_existing_vuid(314) register_existing_vuid: User name: nobody Real name: nobody [2008/08/04 09:37:14, 3] smbd/password.c:register_existing_vuid(326) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2008/08/04 09:37:14, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /etc/samba/comps/teste.conf -> /etc/samba/comps/teste.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/comps/netlogon.conf -> /etc/samba/comps/netlogon.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/includes.conf -> /etc/samba/includes.conf last mod_time: Thu Jul 31 15:49:50 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Aug 4 09:34:48 2008 [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=144 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=101 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 32 00 2E 00 30 00 72 00 63 00 31 00 2D ...2...0 .r.c.1.- [030] 00 32 00 32 00 2E 00 31 00 2D 00 31 00 37 00 39 .2.2...1 .-.1.7.9 [040] 00 35 00 2D 00 53 00 55 00 53 00 45 00 2D 00 53 .5.-.S.U .S.E.-.S [050] 00 4C 00 31 00 31 00 2E 00 30 00 00 00 55 00 46 .L.1.1.. .0...U.F [060] 00 55 00 00 00 .U... [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 92 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x5c [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 3 of length 96 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=92 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=49 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 5C 00 53 00 52 00 56 00 53 00 4D 00 42 .\.\.S.R .V.S.M.B [010] 00 31 00 4A 00 32 00 31 00 30 00 30 00 31 00 5C .1.J.2.1 .0.0.1.\ [020] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [030] 00 . [2008/08/04 09:37:14, 3] smbd/process.c:switch_message(1361) switch message SMBtconX (pid 27141) conn 0x0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/08/04 09:37:14, 4] smbd/reply.c:reply_tcon_and_X(653) Client requested device type [?????] for share [IPC$] [2008/08/04 09:37:14, 5] smbd/service.c:make_connection(1374) making a connection to 'normal' service ipc$ [2008/08/04 09:37:14, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user nobody [2008/08/04 09:37:14, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is nobody [2008/08/04 09:37:14, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [nobody]! [2008/08/04 09:37:14, 10] smbd/service.c:set_conn_connectpath(157) set_conn_connectpath: service IPC$, connectpath = /var/tmp [2008/08/04 09:37:14, 3] smbd/service.c:make_connection_snum(936) Connect path is '/var/tmp' for service [IPC$] [2008/08/04 09:37:14, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/08/04 09:37:14, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000002, for NT token with 4 entries and first sid S-1-5-21-534671462-504895351-1339659545-501. [2008/08/04 09:37:14, 3] lib/util_seaccess.c:se_access_check(249) [2008/08/04 09:37:14, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-534671462-504895351-1339659545-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2008/08/04 09:37:14, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2008/08/04 09:37:14, 3] smbd/vfs.c:vfs_init_default(96) Initialising default vfs hooks [2008/08/04 09:37:14, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend '/[Default VFS]/' [2008/08/04 09:37:14, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for posixacl [2008/08/04 09:37:14, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend 'posixacl' [2008/08/04 09:37:14, 3] smbd/vfs.c:vfs_init_custom(130) Initialising custom vfs hooks from [/[Default VFS]/] [2008/08/04 09:37:14, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ [2008/08/04 09:37:14, 5] smbd/connection.c:claim_connection(142) claiming [IPC$] [2008/08/04 09:37:14, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 056A0000010000004950 [2008/08/04 09:37:14, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb816cc48 [2008/08/04 09:37:14, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 056A0000010000004950 [2008/08/04 09:37:14, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user nobody [2008/08/04 09:37:14, 10] smbd/share_access.c:is_share_read_only_for_token(273) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2008/08/04 09:37:14, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/08/04 09:37:14, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-534671462-504895351-1339659545-501. [2008/08/04 09:37:14, 3] lib/util_seaccess.c:se_access_check(249) [2008/08/04 09:37:14, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-534671462-504895351-1339659545-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2008/08/04 09:37:14, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (1) granted. [2008/08/04 09:37:14, 3] lib/util_sid.c:string_to_sid(228) string_to_sid: Sid @domainAdmins does not start with 'S-'. [2008/08/04 09:37:14, 5] smbd/password.c:user_in_netgroup(467) looking for user nobody of domain in netgroup domainAdmins [2008/08/04 09:37:14, 5] smbd/password.c:user_in_netgroup(483) looking for user nobody of domain in netgroup domainAdmins [2008/08/04 09:37:14, 10] passdb/lookup_sid.c:lookup_name(69) lookup_name: UFU\domainAdmins => UFU (domain), domainAdmins (name) [2008/08/04 09:37:14, 10] passdb/lookup_sid.c:lookup_name(70) lookup_name: flags = 0x077 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=domainAdmins)(cn=domainAdmins)))], scope => [2] [2008/08/04 09:37:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 600 [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-534671462-504895351-1339659545-501 contains 4 SIDs SID[ 0]: S-1-5-21-534671462-504895351-1339659545-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(65534,65534) gid=(0,65533) [2008/08/04 09:37:14, 3] smbd/service.c:make_connection_snum(1188) orc (200.131.191.14) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 27141) [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/08/04 09:37:14, 3] smbd/reply.c:reply_tcon_and_X(727) tconX service=IPC$ [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] 49 50 43 00 00 00 00 IPC.... [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 104 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x68 [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 4 of length 108 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=488 smb_uid=100 smb_mid=256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [010] 00 4E 00 00 00 .N... [2008/08/04 09:37:14, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 27141) conn 0xb816dfc0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-534671462-504895351-1339659545-501 contains 4 SIDs SID[ 0]: S-1-5-21-534671462-504895351-1339659545-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(65534,65534) gid=(0,65533) [2008/08/04 09:37:14, 4] smbd/vfs.c:vfs_ChDir(733) vfs_ChDir to /var/tmp [2008/08/04 09:37:14, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = NETLOGON [2008/08/04 09:37:14, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \NETLOGON. [2008/08/04 09:37:14, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe NETLOGON opening. [2008/08/04 09:37:14, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested NETLOGON (pipes_open=0) [2008/08/04 09:37:14, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested NETLOGON [2008/08/04 09:37:14, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe NETLOGON [2008/08/04 09:37:14, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe NETLOGON [2008/08/04 09:37:14, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe NETLOGON (pipes_open=0) [2008/08/04 09:37:14, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe NETLOGON with handle 75ff (pipes_open=1) [2008/08/04 09:37:14, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name NETLOGON pnum=75ff [2008/08/04 09:37:14, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 4E45544C4F474F4E2F32 [2008/08/04 09:37:14, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb8173ae8 [2008/08/04 09:37:14, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 4E45544C4F474F4E2F32 [2008/08/04 09:37:14, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \NETLOGON [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=488 smb_uid=100 smb_mid=256 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65280 (0xFF00) smb_vwv[ 3]= 373 (0x175) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x88 [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 5 of length 140 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=320 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30207 (0x75FF) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/08/04 09:37:14, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 27141) conn 0xb816dfc0 [2008/08/04 09:37:14, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:14, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=75ff [2008/08/04 09:37:14, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=1) [2008/08/04 09:37:14, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 75ff name: NETLOGON open: Yes len: 72 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/08/04 09:37:14, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/08/04 09:37:14, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/08/04 09:37:14, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/08/04 09:37:14, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/08/04 09:37:14, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/08/04 09:37:14, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345678 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 cf fb [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2008/08/04 09:37:14, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/08/04 09:37:14, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/08/04 09:37:14, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/08/04 09:37:14, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\NETLOGON checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr checking \PIPE\NETLOGON [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/08/04 09:37:14, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/08/04 09:37:14, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000f [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\netlogon. [2008/08/04 09:37:14, 6] rpc_parse/parse_prs.c:prs_debug(88) 000019 smb_io_rpc_results [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 001c num_results: 01 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0020 result : 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0022 reason : 0000 [2008/08/04 09:37:14, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/08/04 09:37:14, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/08/04 09:37:14, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=75ff nwritten=72 [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=320 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 6 of length 63 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30207 (0x75FF) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:14, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 27141) conn 0xb816dfc0 [2008/08/04 09:37:14, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:14, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=75ff [2008/08/04 09:37:14, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=1) [2008/08/04 09:37:14, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 75ff name: NETLOGON len: 1024 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2008/08/04 09:37:14, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=75ff min=1024 max=1024 nread=72 [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=131 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 72 (0x48) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=72 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] 05 00 0C 03 10 00 00 00 48 00 00 00 01 00 00 00 ........ H....... [010] B8 10 B8 10 F0 53 00 00 0F 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6E 65 74 6C 6F 67 6F 6E 00 00 00 00 01 00 00 00 netlogon ........ [030] 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 .....].. ........ [040] 2B 10 48 60 02 00 00 00 +.H`.... [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 164 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xa4 [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 7 of length 168 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=164 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=448 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30207 (0x75FF) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 100 (0x64) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 100 (0x64) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=101 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] EE 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [010] 00 4C 00 00 00 00 00 04 00 98 57 0C 00 10 00 00 .L...... ..W..... [020] 00 00 00 00 00 10 00 00 00 5C 00 5C 00 53 00 52 ........ .\.\.S.R [030] 00 56 00 53 00 4D 00 42 00 31 00 4A 00 32 00 31 .V.S.M.B .1.J.2.1 [040] 00 30 00 30 00 31 00 00 00 04 00 00 00 00 00 00 .0.0.1.. ........ [050] 00 04 00 00 00 4F 00 52 00 43 00 00 00 4F 8F 3A .....O.R .C...O.: [060] A5 1C 74 6F 1A ..to. [2008/08/04 09:37:14, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 27141) conn 0xb816dfc0 [2008/08/04 09:37:14, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:14, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=75ff [2008/08/04 09:37:14, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=1) [2008/08/04 09:37:14, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 75ff name: NETLOGON open: Yes len: 100 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 100 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 84 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0064 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/08/04 09:37:14, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 84 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000004c [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0004 [2008/08/04 09:37:14, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 73 [2008/08/04 09:37:14, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\NETLOGON [2008/08/04 09:37:14, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: NETLOGON op 0x4 - api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE [2008/08/04 09:37:14, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[4].fn == 0xb7cedeff netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\SRVSMB1J21001' computer_name : 'ORC' credentials : * credentials: struct netr_Credential data : 4f8f3aa51c746f1a [2008/08/04 09:37:14, 6] rpc_server/srv_netlog_nt.c:init_net_r_req_chal(41) init_net_r_req_chal: 41 netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : 244f1a8c48c01c14 result : NT_STATUS_OK [2008/08/04 09:37:14, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called NETLOGON successfully [2008/08/04 09:37:14, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 84 [2008/08/04 09:37:14, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=75ff nwritten=100 [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=448 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 100 (0x64) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 8 of length 63 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=512 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30207 (0x75FF) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:14, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 27141) conn 0xb816dfc0 [2008/08/04 09:37:14, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:14, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=75ff [2008/08/04 09:37:14, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=1) [2008/08/04 09:37:14, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 75ff name: NETLOGON len: 1024 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0024 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000000c [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/08/04 09:37:14, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=75ff min=1024 max=1024 nread=36 [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=95 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=512 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 36 (0x24) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=36 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] 05 00 02 03 10 00 00 00 24 00 00 00 01 00 00 00 ........ $....... [010] 0C 00 00 00 00 00 00 00 24 4F 1A 8C 48 C0 1C 14 ........ $O..H... [020] 00 00 00 00 .... [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 192 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xc0 [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 9 of length 196 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=576 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30207 (0x75FF) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] EE 05 00 00 03 10 00 00 00 80 00 00 00 02 00 00 ........ ........ [010] 00 68 00 00 00 00 00 1A 00 98 57 0C 00 10 00 00 .h...... ..W..... [020] 00 00 00 00 00 10 00 00 00 5C 00 5C 00 53 00 52 ........ .\.\.S.R [030] 00 56 00 53 00 4D 00 42 00 31 00 4A 00 32 00 31 .V.S.M.B .1.J.2.1 [040] 00 30 00 30 00 31 00 00 00 05 00 00 00 00 00 00 .0.0.1.. ........ [050] 00 05 00 00 00 4F 00 52 00 43 00 24 00 00 00 02 .....O.R .C.$.... [060] 00 04 00 00 00 00 00 00 00 04 00 00 00 4F 00 52 ........ .....O.R [070] 00 43 00 00 00 B8 64 CF 5B 2F A2 2B 50 FF BF 0F .C....d. [/.+P... [080] 60 ` [2008/08/04 09:37:14, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 27141) conn 0xb816dfc0 [2008/08/04 09:37:14, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:14, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=75ff [2008/08/04 09:37:14, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=1) [2008/08/04 09:37:14, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 75ff name: NETLOGON open: Yes len: 128 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 128 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 112 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0080 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/08/04 09:37:14, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 112 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 112, incoming data = 112 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000068 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 001a [2008/08/04 09:37:14, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/08/04 09:37:14, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\NETLOGON [2008/08/04 09:37:14, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: NETLOGON op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2008/08/04 09:37:14, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[26].fn == 0xb7cea7df netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\SRVSMB1J21001' account_name : 'ORC$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : 'ORC' credentials : * credentials: struct netr_Credential data : b864cf5b2fa22b50 negotiate_flags : * negotiate_flags : 0x600fbfff (1611644927) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 0: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL [2008/08/04 09:37:14, 4] rpc_server/srv_pipe.c:api_rpcTNP(2339) api_rpcTNP: rng fault return [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 03 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 23 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0020 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_hdr_fault fault [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(807) 0018 status : DCERPC_FAULT_OP_RNG_ERROR [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 001c reserved: 00000000 [2008/08/04 09:37:14, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 112 [2008/08/04 09:37:14, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=75ff nwritten=128 [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=576 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 128 (0x80) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 10 of length 63 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=640 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30207 (0x75FF) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:14, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 27141) conn 0xb816dfc0 [2008/08/04 09:37:14, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:14, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=75ff [2008/08/04 09:37:14, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=1) [2008/08/04 09:37:14, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 75ff name: NETLOGON len: 1024 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: NETLOGON: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2008/08/04 09:37:14, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=75ff min=1024 max=1024 nread=32 [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=91 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=640 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 32 (0x20) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=32 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 00 ...#.... ....... [010] 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 00 ........ ........ [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 192 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xc0 [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 11 of length 196 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=192 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=704 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30207 (0x75FF) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 128 (0x80) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 128 (0x80) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=129 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] EE 05 00 00 03 10 00 00 00 80 00 00 00 03 00 00 ........ ........ [010] 00 68 00 00 00 00 00 0F 00 98 57 0C 00 10 00 00 .h...... ..W..... [020] 00 00 00 00 00 10 00 00 00 5C 00 5C 00 53 00 52 ........ .\.\.S.R [030] 00 56 00 53 00 4D 00 42 00 31 00 4A 00 32 00 31 .V.S.M.B .1.J.2.1 [040] 00 30 00 30 00 31 00 00 00 05 00 00 00 00 00 00 .0.0.1.. ........ [050] 00 05 00 00 00 4F 00 52 00 43 00 24 00 00 00 02 .....O.R .C.$.... [060] 00 04 00 00 00 00 00 00 00 04 00 00 00 4F 00 52 ........ .....O.R [070] 00 43 00 00 00 B8 64 CF 5B 2F A2 2B 50 FF BF 0F .C....d. [/.+P... [080] 60 ` [2008/08/04 09:37:14, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 27141) conn 0xb816dfc0 [2008/08/04 09:37:14, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:14, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=75ff [2008/08/04 09:37:14, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=1) [2008/08/04 09:37:14, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 75ff name: NETLOGON open: Yes len: 128 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 128 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 112 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0080 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/08/04 09:37:14, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 112 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 112, incoming data = 112 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000068 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 000f [2008/08/04 09:37:14, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/08/04 09:37:14, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\NETLOGON [2008/08/04 09:37:14, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: NETLOGON op 0xf - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE2 [2008/08/04 09:37:14, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[15].fn == 0xb7cec247 netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 in: struct netr_ServerAuthenticate2 server_name : * server_name : '\\SRVSMB1J21001' account_name : 'ORC$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : 'ORC' credentials : * credentials: struct netr_Credential data : b864cf5b2fa22b50 negotiate_flags : * negotiate_flags : 0x600fbfff (1611644927) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 0: NETLOGON_NEG_128BIT 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [dc=ufu,dc=br], filter => [(&(uid=ORC$)(objectclass=sambaSamAccount))], scope => [2] [2008/08/04 09:37:14, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: orc$ [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username orc$, was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain UFU, was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username orc$, was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-534671462-504895351-1339659545-1014 [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-534671462-504895351-1339659545-1014 [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdCanChange does not exist [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaPwdMustChange does not exist [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name ORC$, was [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive , was NULL [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script logon.bat, was [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path , was [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLMPassword does not exist [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Mon Aug 4 09:38:14 2008 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2008/08/04 09:37:14, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2008/08/04 09:37:14, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user orc$ [2008/08/04 09:37:14, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2008/08/04 09:37:14, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 10] lib/gencache.c:gencache_get(208) Returning expired cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Mon Aug 4 09:36:36 2008 [2008/08/04 09:37:14, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845) ldapsam_get_account_policy_from_ldap [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [sambaDomainName=UFU,dc=ufu,dc=br], filter => [(objectclass=*)], scope => [0] [2008/08/04 09:37:14, 10] lib/account_pol.c:cache_account_policy_set(395) cache_account_policy_set: updating account pol cache [2008/08/04 09:37:14, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = ACCT_POL/maximum password age; value = 4294967295 and timeout = Mon Aug 4 09:38:14 2008 (60 seconds ahead) [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user orc$ [2008/08/04 09:37:14, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is orc$ [2008/08/04 09:37:14, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [orc$]! [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1000))], scope => [2] [2008/08/04 09:37:14, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=1000)) [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Mon Aug 4 09:38:14 2008 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username orc$, was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain UFU, was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username orc$, was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name ORC$, was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive , was NULL [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script logon.bat, was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path , was [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Mon Aug 4 09:38:14 2008 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-534671462-504895351-1339659545-1014 [2008/08/04 09:37:14, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-534671462-504895351-1339659545-1014 from rid 1014 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 5] lib/util.c:dump_data(2226) [000] 7F CD AE EB DB EB A6 A1 F7 48 74 25 73 A5 47 F2 ........ .Ht%s.G. [2008/08/04 09:37:14, 10] libsmb/credentials.c:creds_server_init(185) creds_server_init: neg_flags : 600fbfff [2008/08/04 09:37:14, 10] libsmb/credentials.c:creds_server_init(186) creds_server_init: client chal : 4F8F3AA51C746F1A [2008/08/04 09:37:14, 10] libsmb/credentials.c:creds_server_init(187) creds_server_init: server chal : 244F1A8C48C01C14 [2008/08/04 09:37:14, 5] libsmb/credentials.c:creds_init_64(120) creds_init_64 [2008/08/04 09:37:14, 5] libsmb/credentials.c:creds_init_64(121) clnt_chal_in: 4F8F3AA51C746F1A [2008/08/04 09:37:14, 5] libsmb/credentials.c:creds_init_64(122) srv_chal_in : 244F1A8C48C01C14 [2008/08/04 09:37:14, 5] libsmb/credentials.c:creds_init_64(123) clnt+srv : 73DE543164348C2E [2008/08/04 09:37:14, 5] libsmb/credentials.c:creds_init_64(124) sess_key_out : 71A71DFADF133345 [2008/08/04 09:37:14, 10] libsmb/credentials.c:creds_server_init(205) creds_server_init: clnt : B864CF5B2FA22B50 [2008/08/04 09:37:14, 10] libsmb/credentials.c:creds_server_init(206) creds_server_init: server : 73E7B1FC460EECB0 [2008/08/04 09:37:14, 10] libsmb/credentials.c:creds_server_init(207) creds_server_init: seed : B864CF5B2FA22B50 [2008/08/04 09:37:14, 10] libsmb/credentials.c:netlogon_creds_server_check(227) netlogon_creds_server_check: credentials check OK. [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(65534, 65533) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 3] passdb/secrets.c:secrets_store_schannel_session_info(1212) secrets_store_schannel_session_info: stored schannel info with key SECRETS/SCHANNEL/ORC [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (65534, 65533) - sec_ctx_stack_ndx = 0 netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 out: struct netr_ServerAuthenticate2 return_credentials : * return_credentials: struct netr_Credential data : 73e7b1fc460eecb0 negotiate_flags : * negotiate_flags : 0x400001ff (1073742335) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 0: NETLOGON_NEG_128BIT 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 0: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL result : NT_STATUS_OK [2008/08/04 09:37:14, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called NETLOGON successfully [2008/08/04 09:37:14, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 112 [2008/08/04 09:37:14, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=75ff nwritten=128 [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=704 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 128 (0x80) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 12 of length 63 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=768 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30207 (0x75FF) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:14, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 27141) conn 0xb816dfc0 [2008/08/04 09:37:14, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:14, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=75ff [2008/08/04 09:37:14, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=1) [2008/08/04 09:37:14, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 75ff name: NETLOGON len: 1024 [2008/08/04 09:37:14, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0028 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000010 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/08/04 09:37:14, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/08/04 09:37:14, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=75ff min=1024 max=1024 nread=40 [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=99 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=768 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 40 (0x28) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=40 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] 05 00 02 03 10 00 00 00 28 00 00 00 03 00 00 00 ........ (....... [010] 10 00 00 00 00 00 00 00 73 E7 B1 FC 46 0E EC B0 ........ s...F... [020] FF 01 00 40 00 00 00 00 ...@.... [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 236 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xec [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 13 of length 240 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=236 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=832 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 236 (0xEC) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=177 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... [030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 05 01 28 0A 00 00 00 0F 00 57 00 69 00 6E ....(... ...W.i.n [050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [060] 00 32 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .2. .S.e .r.v.i.c [070] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 .e. .P.a .c.k. .2 [080] 00 20 00 32 00 36 00 30 00 30 00 00 00 57 00 69 . .2.6.0 .0...W.i [090] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [0A0] 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 00 00 .0.2. .5 ...1.... [0B0] 00 . [2008/08/04 09:37:14, 3] smbd/process.c:switch_message(1361) switch message SMBsesssetupX (pid 27141) conn 0x0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/08/04 09:37:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1409) wct=12 flg2=0xc807 [2008/08/04 09:37:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1173) Doing spnego session setup [2008/08/04 09:37:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1208) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2008/08/04 09:37:14, 10] smbd/password.c:register_initial_vuid(188) register_initial_vuid: allocated vuid = 102 [2008/08/04 09:37:14, 10] smbd/sesssetup.c:check_spnego_blob_complete(1121) check_spnego_blob_complete: needed_len = 74, pblob->length = 74 [2008/08/04 09:37:14, 5] smbd/sesssetup.c:parse_spnego_mechanisms(749) parse_spnego_mechanisms: Got OID 1 3 6 1 4 1 311 2 2 10 [2008/08/04 09:37:14, 3] smbd/sesssetup.c:reply_spnego_negotiate(800) reply_spnego_negotiate: Got secblob of size 40 [2008/08/04 09:37:14, 5] auth/auth.c:make_auth_context_subsystem(485) Making default auth method list for DC, security=user, encrypt passwords = yes [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match guest [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method guest has a valid init [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match sam [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method sam has a valid init [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match trustdomain [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method trustdomain has a valid init [2008/08/04 09:37:14, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method winbind has a valid init [2008/08/04 09:37:14, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2008/08/04 09:37:14, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module guest did not want to specify a challenge [2008/08/04 09:37:14, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module sam did not want to specify a challenge [2008/08/04 09:37:14, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module winbind did not want to specify a challenge [2008/08/04 09:37:14, 5] auth/auth.c:get_ntlm_challenge(136) auth_context challenge created by random [2008/08/04 09:37:14, 5] auth/auth.c:get_ntlm_challenge(137) challenge is: [2008/08/04 09:37:14, 5] lib/util.c:dump_data(2226) [000] 35 C4 F4 9A B1 C1 40 A7 5.....@. [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=336 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=832 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 201 (0xC9) smb_bcc=293 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] A1 81 C6 30 81 C3 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [010] 06 01 04 01 82 37 02 02 0A A2 81 AD 04 81 AA 4E .....7.. .......N [020] 54 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 30 TLMSSP.. .......0 [030] 00 00 00 15 82 89 E2 35 C4 F4 9A B1 C1 40 A7 00 .......5 .....@.. [040] 00 00 00 00 00 00 00 74 00 74 00 36 00 00 00 55 .......t .t.6...U [050] 00 46 00 55 00 02 00 06 00 55 00 46 00 55 00 01 .F.U.... .U.F.U.. [060] 00 1A 00 53 00 52 00 56 00 53 00 4D 00 42 00 31 ...S.R.V .S.M.B.1 [070] 00 4A 00 32 00 31 00 30 00 30 00 31 00 04 00 12 .J.2.1.0 .0.1.... [080] 00 64 00 72 00 2E 00 75 00 66 00 75 00 2E 00 62 .d.r...u .f.u...b [090] 00 72 00 03 00 2E 00 73 00 72 00 76 00 73 00 6D .r.....s .r.v.s.m [0A0] 00 62 00 31 00 6A 00 32 00 31 00 30 00 30 00 31 .b.1.j.2 .1.0.0.1 [0B0] 00 2E 00 64 00 72 00 2E 00 75 00 66 00 75 00 2E ...d.r.. .u.f.u.. [0C0] 00 62 00 72 00 00 00 00 00 55 00 6E 00 69 00 78 .b.r.... .U.n.i.x [0D0] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0E0] 00 2E 00 32 00 2E 00 30 00 72 00 63 00 31 00 2D ...2...0 .r.c.1.- [0F0] 00 32 00 32 00 2E 00 31 00 2D 00 31 00 37 00 39 .2.2...1 .-.1.7.9 [100] 00 35 00 2D 00 53 00 55 00 53 00 45 00 2D 00 53 .5.-.S.U .S.E.-.S [110] 00 4C 00 31 00 31 00 2E 00 30 00 00 00 55 00 46 .L.1.1.. .0...U.F [120] 00 55 00 00 00 .U... [2008/08/04 09:37:14, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 264 [2008/08/04 09:37:14, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x108 [2008/08/04 09:37:14, 3] smbd/process.c:process_smb(1549) Transaction 14 of length 268 (0 toread) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:14, 5] lib/util.c:show_msg(655) size=264 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=896 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 264 (0x108) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 103 (0x67) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=205 [2008/08/04 09:37:14, 10] lib/util.c:dump_data(2226) [000] A1 65 30 63 A2 61 04 5F 4E 54 4C 4D 53 53 50 00 .e0c.a._ NTLMSSP. [010] 03 00 00 00 01 00 01 00 4E 00 00 00 00 00 00 00 ........ N....... [020] 4F 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 O....... H....... [030] 48 00 00 00 06 00 06 00 48 00 00 00 10 00 10 00 H....... H....... [040] 4F 00 00 00 15 8A 88 E2 05 01 28 0A 00 00 00 0F O....... ..(..... [050] 4F 00 52 00 43 00 00 DC AB B0 13 3C 52 02 49 55 O.R.C... ...length = 103 [2008/08/04 09:37:14, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(745) Got user=[] domain=[] workstation=[ORC] len1=1 len2=0 [2008/08/04 09:37:14, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /etc/samba/comps/teste.conf -> /etc/samba/comps/teste.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/comps/netlogon.conf -> /etc/samba/comps/netlogon.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/includes.conf -> /etc/samba/includes.conf last mod_time: Thu Jul 31 15:49:50 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Aug 4 09:34:48 2008 [2008/08/04 09:37:14, 5] auth/auth_util.c:make_user_info_map(178) make_user_info_map: Mapping user []\[] from workstation [ORC] [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:14, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:14, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:14, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:14, 5] auth/auth_util.c:is_trusted_domain(1968) is_trusted_domain: Checking for domain trust with [UFU] [2008/08/04 09:37:14, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5821) ldapsam_get_trusteddom_pw called for domain UFU [2008/08/04 09:37:14, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [sambaDomainName=UFU,sambaDomainName=UFU,dc=ufu,dc=br], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=UFU))], scope => [2] [2008/08/04 09:37:15, 10] lib/smbldap.c:smbldap_search_ext(1247) Failed search for base: sambaDomainName=UFU,sambaDomainName=UFU,dc=ufu,dc=br, error: 32 (No such object) (unknown) [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 10] lib/gencache.c:gencache_get(194) Cache entry with key = TDOM/UFU couldn't be found [2008/08/04 09:37:15, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183) no entry for trusted domain UFU found. [2008/08/04 09:37:15, 5] auth/auth_util.c:make_user_info(92) attempting to make a user_info for () [2008/08/04 09:37:15, 5] auth/auth_util.c:make_user_info(102) making strings for 's user_info struct [2008/08/04 09:37:15, 5] auth/auth_util.c:make_user_info(134) making blobs for 's user_info struct [2008/08/04 09:37:15, 10] auth/auth_util.c:make_user_info(152) made an encrypted user_info for () [2008/08/04 09:37:15, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user []\[]@[ORC] with the new password interface [2008/08/04 09:37:15, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [UFU]\[]@[ORC] [2008/08/04 09:37:15, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by random [2008/08/04 09:37:15, 10] auth/auth.c:check_ntlm_password(234) challenge is: [2008/08/04 09:37:15, 5] lib/util.c:dump_data(2226) [000] 35 C4 F4 9A B1 C1 40 A7 5.....@. [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:15, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:15, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Mon Aug 4 09:38:14 2008 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username nobody, was [2008/08/04 09:37:15, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain UFU, was [2008/08/04 09:37:15, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username , was [2008/08/04 09:37:15, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name nobody, was [2008/08/04 09:37:15, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir , was [2008/08/04 09:37:15, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive , was NULL [2008/08/04 09:37:15, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script logon.bat, was [2008/08/04 09:37:15, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path , was [2008/08/04 09:37:15, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:15, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:15, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Mon Aug 4 09:38:14 2008 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-534671462-504895351-1339659545-501 [2008/08/04 09:37:15, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-534671462-504895351-1339659545-501 from rid 501 [2008/08/04 09:37:15, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: guest authentication for user [] succeeded [2008/08/04 09:37:15, 5] auth/auth.c:check_ntlm_password(308) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2008/08/04 09:37:15, 5] auth/auth_util.c:free_user_info(1898) attempting to free (and zero) a user_info structure [2008/08/04 09:37:15, 10] auth/auth_util.c:free_user_info(1902) structure was created for [2008/08/04 09:37:15, 10] auth/token_util.c:create_local_nt_token(302) Create local NT token for S-1-5-21-534671462-504895351-1339659545-501 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:15, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:15, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2008/08/04 09:37:15, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1252) LEGACY: mapping failed for sid S-1-5-32-544 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:15, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:15, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2008/08/04 09:37:15, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1252) LEGACY: mapping failed for sid S-1-5-32-545 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:15, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:15, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-534671462-504895351-1339659545-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2008/08/04 09:37:15, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-534671462-504895351-1339659545-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-534671462-504895351-1339659545-501] [2008/08/04 09:37:15, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2008/08/04 09:37:15, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2008/08/04 09:37:15, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:15, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:15, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2008/08/04 09:37:15, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1252) LEGACY: mapping failed for sid S-1-1-0 [2008/08/04 09:37:15, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-1-0 to gid, ignoring it [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:15, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:15, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2008/08/04 09:37:15, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1252) LEGACY: mapping failed for sid S-1-5-2 [2008/08/04 09:37:15, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-5-2 to gid, ignoring it [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:15, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:15, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2008/08/04 09:37:15, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2459) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 10] passdb/lookup_sid.c:legacy_sid_to_gid(1252) LEGACY: mapping failed for sid S-1-5-32-546 [2008/08/04 09:37:15, 10] auth/auth_util.c:create_local_token(674) Could not convert SID S-1-5-32-546 to gid, ignoring it [2008/08/04 09:37:15, 10] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-534671462-504895351-1339659545-501 contains 4 SIDs SID[ 0]: S-1-5-21-534671462-504895351-1339659545-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/08/04 09:37:15, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2008/08/04 09:37:15, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(144) Got LM session key of length 16 [2008/08/04 09:37:15, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(848) ntlmssp_server_auth: Using unmodified nt session key. [2008/08/04 09:37:15, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2008/08/04 09:37:15, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2008/08/04 09:37:15, 10] smbd/password.c:register_existing_vuid(310) register_existing_vuid: (65534,65533) nobody UFU guest=1 [2008/08/04 09:37:15, 3] smbd/password.c:register_existing_vuid(314) register_existing_vuid: User name: nobody Real name: nobody [2008/08/04 09:37:15, 3] smbd/password.c:register_existing_vuid(326) register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 102 [2008/08/04 09:37:15, 6] param/loadparm.c:lp_file_list_changed(6613) lp_file_list_changed() file /etc/samba/comps/teste.conf -> /etc/samba/comps/teste.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/comps/netlogon.conf -> /etc/samba/comps/netlogon.conf last mod_time: Thu Jul 31 15:50:13 2008 file /etc/samba/includes.conf -> /etc/samba/includes.conf last mod_time: Thu Jul 31 15:49:50 2008 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Aug 4 09:34:48 2008 [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=144 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=896 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=101 [2008/08/04 09:37:15, 10] lib/util.c:dump_data(2226) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 32 00 2E 00 30 00 72 00 63 00 31 00 2D ...2...0 .r.c.1.- [030] 00 32 00 32 00 2E 00 31 00 2D 00 31 00 37 00 39 .2.2...1 .-.1.7.9 [040] 00 35 00 2D 00 53 00 55 00 53 00 45 00 2D 00 53 .5.-.S.U .S.E.-.S [050] 00 4C 00 31 00 31 00 2E 00 30 00 00 00 55 00 46 .L.1.1.. .0...U.F [060] 00 55 00 00 00 .U... [2008/08/04 09:37:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 92 [2008/08/04 09:37:15, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x5c [2008/08/04 09:37:15, 3] smbd/process.c:process_smb(1549) Transaction 15 of length 96 (0 toread) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=92 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=960 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=49 [2008/08/04 09:37:15, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 5C 00 53 00 52 00 56 00 53 00 4D 00 42 .\.\.S.R .V.S.M.B [010] 00 31 00 4A 00 32 00 31 00 30 00 30 00 31 00 5C .1.J.2.1 .0.0.1.\ [020] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [030] 00 . [2008/08/04 09:37:15, 3] smbd/process.c:switch_message(1361) switch message SMBtconX (pid 27141) conn 0x0 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:15, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:15, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/08/04 09:37:15, 4] smbd/reply.c:reply_tcon_and_X(653) Client requested device type [?????] for share [IPC$] [2008/08/04 09:37:15, 5] smbd/service.c:make_connection(1374) making a connection to 'normal' service ipc$ [2008/08/04 09:37:15, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user nobody [2008/08/04 09:37:15, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is nobody [2008/08/04 09:37:15, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [nobody]! [2008/08/04 09:37:15, 10] smbd/service.c:set_conn_connectpath(157) set_conn_connectpath: service IPC$, connectpath = /var/tmp [2008/08/04 09:37:15, 3] smbd/service.c:make_connection_snum(936) Connect path is '/var/tmp' for service [IPC$] [2008/08/04 09:37:15, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/08/04 09:37:15, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000002, for NT token with 4 entries and first sid S-1-5-21-534671462-504895351-1339659545-501. [2008/08/04 09:37:15, 3] lib/util_seaccess.c:se_access_check(249) [2008/08/04 09:37:15, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-534671462-504895351-1339659545-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2008/08/04 09:37:15, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2008/08/04 09:37:15, 3] smbd/vfs.c:vfs_init_default(96) Initialising default vfs hooks [2008/08/04 09:37:15, 3] smbd/vfs.c:vfs_init_custom(130) Initialising custom vfs hooks from [/[Default VFS]/] [2008/08/04 09:37:15, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ [2008/08/04 09:37:15, 5] smbd/connection.c:claim_connection(142) claiming [IPC$] [2008/08/04 09:37:15, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 056A0000020000004950 [2008/08/04 09:37:15, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb816cbb8 [2008/08/04 09:37:15, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 056A0000020000004950 [2008/08/04 09:37:15, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user nobody [2008/08/04 09:37:15, 10] smbd/share_access.c:is_share_read_only_for_token(273) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2008/08/04 09:37:15, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2008/08/04 09:37:15, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-534671462-504895351-1339659545-501. [2008/08/04 09:37:15, 3] lib/util_seaccess.c:se_access_check(249) [2008/08/04 09:37:15, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-534671462-504895351-1339659545-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2008/08/04 09:37:15, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (1) granted. [2008/08/04 09:37:15, 3] lib/util_sid.c:string_to_sid(228) string_to_sid: Sid @domainAdmins does not start with 'S-'. [2008/08/04 09:37:15, 5] smbd/password.c:user_in_netgroup(467) looking for user nobody of domain in netgroup domainAdmins [2008/08/04 09:37:15, 5] smbd/password.c:user_in_netgroup(483) looking for user nobody of domain in netgroup domainAdmins [2008/08/04 09:37:15, 10] passdb/lookup_sid.c:lookup_name(69) lookup_name: UFU\domainAdmins => UFU (domain), domainAdmins (name) [2008/08/04 09:37:15, 10] passdb/lookup_sid.c:lookup_name(70) lookup_name: flags = 0x077 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 3] smbd/uid.c:push_conn_ctx(357) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:15, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:15, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [ou=Grupos,dc=ufu,dc=br], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=domainAdmins)(cn=domainAdmins)))], scope => [2] [2008/08/04 09:37:15, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 600 [2008/08/04 09:37:15, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-534671462-504895351-1339659545-501 contains 4 SIDs SID[ 0]: S-1-5-21-534671462-504895351-1339659545-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups [2008/08/04 09:37:15, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(65534,65534) gid=(0,65533) [2008/08/04 09:37:15, 3] smbd/service.c:make_connection_snum(1188) orc (200.131.191.14) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 27141) [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_nt_user_token(464) NT user token: (NULL) [2008/08/04 09:37:15, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/08/04 09:37:15, 5] smbd/uid.c:change_to_root_user(287) change_to_root_user: now uid=(0,0) gid=(0,0) [2008/08/04 09:37:15, 3] smbd/reply.c:reply_tcon_and_X(727) tconX service=IPC$ [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=960 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2008/08/04 09:37:15, 10] lib/util.c:dump_data(2226) [000] 49 50 43 00 00 00 00 IPC.... [2008/08/04 09:37:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 100 [2008/08/04 09:37:15, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x64 [2008/08/04 09:37:15, 3] smbd/process.c:process_smb(1549) Transaction 16 of length 104 (0 toread) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=488 smb_uid=102 smb_mid=1024 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2008/08/04 09:37:15, 10] lib/util.c:dump_data(2226) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2008/08/04 09:37:15, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 27141) conn 0xb8186298 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-534671462-504895351-1339659545-501 contains 4 SIDs SID[ 0]: S-1-5-21-534671462-504895351-1339659545-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups [2008/08/04 09:37:15, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(65534,65534) gid=(0,65533) [2008/08/04 09:37:15, 10] smbd/nttrans.c:reply_ntcreate_and_X(490) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc [2008/08/04 09:37:15, 4] smbd/nttrans.c:nt_open_pipe(297) nt_open_pipe: Opening pipe \lsarpc. [2008/08/04 09:37:15, 3] smbd/nttrans.c:nt_open_pipe(322) nt_open_pipe: Known pipe lsarpc opening. [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested lsarpc (pipes_open=1) [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(195) open_rpc_pipe_p: name NETLOGON pnum=75ff [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested lsarpc [2008/08/04 09:37:15, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2008/08/04 09:37:15, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe lsarpc (pipes_open=1) [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe lsarpc with handle 7600 (pipes_open=2) [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name lsarpc pnum=7600 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name NETLOGON pnum=75ff [2008/08/04 09:37:15, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F323731 [2008/08/04 09:37:15, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb8173708 [2008/08/04 09:37:15, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F323731 [2008/08/04 09:37:15, 5] smbd/nttrans.c:do_ntcreate_pipe_open(410) do_ntcreate_pipe_open: open pipe = \lsarpc [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=135 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=488 smb_uid=102 smb_mid=1024 smt_wct=42 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 374 (0x176) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_vwv[34]= 0 (0x0) smb_vwv[35]= 0 (0x0) smb_vwv[36]= 0 (0x0) smb_vwv[37]= 0 (0x0) smb_vwv[38]= 0 (0x0) smb_vwv[39]= 0 (0x0) smb_vwv[40]= 0 (0x0) smb_vwv[41]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 136 [2008/08/04 09:37:15, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x88 [2008/08/04 09:37:15, 3] smbd/process.c:process_smb(1549) Transaction 17 of length 140 (0 toread) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=136 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1088 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30208 (0x7600) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 72 (0x48) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 72 (0x48) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=73 [2008/08/04 09:37:15, 10] lib/util.c:dump_data(2226) [000] EE 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [010] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [040] 00 2B 10 48 60 02 00 00 00 .+.H`... . [2008/08/04 09:37:15, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 27141) conn 0xb8186298 [2008/08/04 09:37:15, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7600 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7600 (pipes_open=2) [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=2) [2008/08/04 09:37:15, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 7600 name: lsarpc open: Yes len: 72 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2008/08/04 09:37:15, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2008/08/04 09:37:15, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2008/08/04 09:37:15, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2008/08/04 09:37:15, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345778 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 89 ab [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000000 [2008/08/04 09:37:15, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2008/08/04 09:37:15, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2008/08/04 09:37:15, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\lsarpc checking \PIPE\lsarpc [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2008/08/04 09:37:15, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2008/08/04 09:37:15, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\lsarpc. [2008/08/04 09:37:15, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2008/08/04 09:37:15, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2008/08/04 09:37:15, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2008/08/04 09:37:15, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=7600 nwritten=72 [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1088 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 72 (0x48) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/08/04 09:37:15, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/08/04 09:37:15, 3] smbd/process.c:process_smb(1549) Transaction 18 of length 63 (0 toread) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1152 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30208 (0x7600) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:15, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 27141) conn 0xb8186298 [2008/08/04 09:37:15, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7600 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7600 (pipes_open=2) [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=2) [2008/08/04 09:37:15, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 7600 name: lsarpc len: 1024 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2008/08/04 09:37:15, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=7600 min=1024 max=1024 nread=68 [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=127 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1152 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 68 (0x44) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=68 [2008/08/04 09:37:15, 10] lib/util.c:dump_data(2226) [000] 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 00 ........ D....... [010] B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 5C .....S.. ..\PIPE\ [020] 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 00 lsarpc.. ........ [030] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [040] 02 00 00 00 .... [2008/08/04 09:37:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 164 [2008/08/04 09:37:15, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0xa4 [2008/08/04 09:37:15, 3] smbd/process.c:process_smb(1549) Transaction 19 of length 168 (0 toread) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=164 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1216 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30208 (0x7600) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 100 (0x64) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 100 (0x64) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=101 [2008/08/04 09:37:15, 10] lib/util.c:dump_data(2226) [000] EE 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [010] 00 4C 00 00 00 00 00 2C 00 78 11 0D 00 10 00 00 .L....., .x...... [020] 00 00 00 00 00 10 00 00 00 5C 00 5C 00 53 00 52 ........ .\.\.S.R [030] 00 56 00 53 00 4D 00 42 00 31 00 4A 00 32 00 31 .V.S.M.B .1.J.2.1 [040] 00 30 00 30 00 31 00 00 00 18 00 00 00 00 00 00 .0.0.1.. ........ [050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [060] 00 01 00 00 00 ..... [2008/08/04 09:37:15, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 27141) conn 0xb8186298 [2008/08/04 09:37:15, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7600 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7600 (pipes_open=2) [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=2) [2008/08/04 09:37:15, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 7600 name: lsarpc open: Yes len: 100 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 100 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 84 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0064 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 84 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000004c [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 002c [2008/08/04 09:37:15, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 71 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2008/08/04 09:37:15, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2008/08/04 09:37:15, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[44].fn == 0xb7cb997f lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : '\\SRVSMB1J21001' attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : NULL access_mask : 0x00000001 (1) 1: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2008/08/04 09:37:15, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000001, for NT token with 4 entries and first sid S-1-5-21-534671462-504895351-1339659545-501. [2008/08/04 09:37:15, 3] lib/util_seaccess.c:se_access_check(249) [2008/08/04 09:37:15, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-534671462-504895351-1339659545-501 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20801, current desired = 1 [2008/08/04 09:37:15, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (1) granted. [2008/08/04 09:37:15, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 96 48 FB F7 ........ .....H.. [010] 05 6A 00 00 .j.. lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-9648-fbf7056a0000 result : NT_STATUS_OK [2008/08/04 09:37:15, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2008/08/04 09:37:15, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 820 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 84 [2008/08/04 09:37:15, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=7600 nwritten=100 [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1216 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 100 (0x64) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/08/04 09:37:15, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/08/04 09:37:15, 3] smbd/process.c:process_smb(1549) Transaction 20 of length 63 (0 toread) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1280 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30208 (0x7600) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:15, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 27141) conn 0xb8186298 [2008/08/04 09:37:15, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7600 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7600 (pipes_open=2) [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=2) [2008/08/04 09:37:15, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 7600 name: lsarpc len: 1024 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/08/04 09:37:15, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=7600 min=1024 max=1024 nread=48 [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=107 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1280 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 48 (0x30) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=48 [2008/08/04 09:37:15, 10] lib/util.c:dump_data(2226) [000] 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 00 ........ 0....... [010] 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ........ ........ [020] 00 00 00 00 96 48 FB F7 05 6A 00 00 00 00 00 00 .....H.. .j...... [2008/08/04 09:37:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 116 [2008/08/04 09:37:15, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x74 [2008/08/04 09:37:15, 3] smbd/process.c:process_smb(1549) Transaction 21 of length 120 (0 toread) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=116 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1344 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30208 (0x7600) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 52 (0x34) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 52 (0x34) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=53 [2008/08/04 09:37:15, 10] lib/util.c:dump_data(2226) [000] EE 05 00 00 03 10 00 00 00 34 00 00 00 02 00 00 ........ .4...... [010] 00 1C 00 00 00 00 00 0D 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 96 48 FB F7 05 6A 00 00 00 00 00 ......H. ..j..... [030] 00 FF FF FF FF ..... [2008/08/04 09:37:15, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 27141) conn 0xb8186298 [2008/08/04 09:37:15, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7600 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7600 (pipes_open=2) [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=2) [2008/08/04 09:37:15, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 7600 name: lsarpc open: Yes len: 52 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 52 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 36 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0034 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 36 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000001c [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 000d [2008/08/04 09:37:15, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2008/08/04 09:37:15, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0xd - api_rpcTNP: rpc command: LSA_ENUMTRUSTDOM [2008/08/04 09:37:15, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[13].fn == 0xb7cbe2f7 lsa_EnumTrustDom: struct lsa_EnumTrustDom in: struct lsa_EnumTrustDom handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-9648-fbf7056a0000 resume_handle : * resume_handle : 0x00000000 (0) max_size : 0xffffffff (4294967295) [2008/08/04 09:37:15, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 96 48 FB F7 ........ .....H.. [010] 05 6A 00 00 .j.. [2008/08/04 09:37:15, 5] lib/smbldap.c:smbldap_search_ext(1183) smbldap_search_ext: base => [sambaDomainName=UFU,dc=ufu,dc=br], filter => [(objectClass=sambaTrustedDomainPassword)], scope => [2] [2008/08/04 09:37:15, 0] lib/smbldap.c:smbldap_open(1005) smbldap_open: cannot access LDAP when not root.. lsa_EnumTrustDom: struct lsa_EnumTrustDom out: struct lsa_EnumTrustDom resume_handle : * resume_handle : 0x00000000 (0) domains : * domains: struct lsa_DomainList count : 0x00000000 (0) domains : NULL result : NT_STATUS_UNSUCCESSFUL [2008/08/04 09:37:15, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2008/08/04 09:37:15, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 36 [2008/08/04 09:37:15, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=7600 nwritten=52 [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1344 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 52 (0x34) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/08/04 09:37:15, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/08/04 09:37:15, 3] smbd/process.c:process_smb(1549) Transaction 22 of length 63 (0 toread) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1408 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30208 (0x7600) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:15, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 27141) conn 0xb8186298 [2008/08/04 09:37:15, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7600 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7600 (pipes_open=2) [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=2) [2008/08/04 09:37:15, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 7600 name: lsarpc len: 1024 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0028 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000010 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/08/04 09:37:15, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=7600 min=1024 max=1024 nread=40 [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=99 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1408 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 40 (0x28) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=40 [2008/08/04 09:37:15, 10] lib/util.c:dump_data(2226) [000] 05 00 02 03 10 00 00 00 28 00 00 00 02 00 00 00 ........ (....... [010] 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 01 00 00 C0 ........ [2008/08/04 09:37:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 108 [2008/08/04 09:37:15, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x6c [2008/08/04 09:37:15, 3] smbd/process.c:process_smb(1549) Transaction 23 of length 112 (0 toread) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=108 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1472 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30208 (0x7600) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 44 (0x2C) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 44 (0x2C) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=45 [2008/08/04 09:37:15, 10] lib/util.c:dump_data(2226) [000] EE 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... [010] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 96 48 FB F7 05 6A 00 00 ......H. ..j.. [2008/08/04 09:37:15, 3] smbd/process.c:switch_message(1361) switch message SMBwriteX (pid 27141) conn 0xb8186298 [2008/08/04 09:37:15, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7600 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7600 (pipes_open=2) [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=2) [2008/08/04 09:37:15, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 7600 name: lsarpc open: Yes len: 44 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 44 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 28 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002c [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 28 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000014 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0000 [2008/08/04 09:37:15, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2008/08/04 09:37:15, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2008/08/04 09:37:15, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[0].fn == 0xb7cc01d7 lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-9648-fbf7056a0000 [2008/08/04 09:37:15, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 96 48 FB F7 ........ .....H.. [010] 05 6A 00 00 .j.. [2008/08/04 09:37:15, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 96 48 FB F7 ........ .....H.. [010] 05 6A 00 00 .j.. [2008/08/04 09:37:15, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2008/08/04 09:37:15, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2008/08/04 09:37:15, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 28 [2008/08/04 09:37:15, 3] smbd/pipes.c:reply_pipe_write_and_X(251) writeX-IPC pnum=7600 nwritten=44 [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=47 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1472 smt_wct=6 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 44 (0x2C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 59 [2008/08/04 09:37:15, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x3b [2008/08/04 09:37:15, 3] smbd/process.c:process_smb(1549) Transaction 24 of length 63 (0 toread) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1536 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=30208 (0x7600) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2008/08/04 09:37:15, 3] smbd/process.c:switch_message(1361) switch message SMBreadX (pid 27141) conn 0xb8186298 [2008/08/04 09:37:15, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7600 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7600 (pipes_open=2) [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=2) [2008/08/04 09:37:15, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 7600 name: lsarpc len: 1024 [2008/08/04 09:37:15, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2008/08/04 09:37:15, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2008/08/04 09:37:15, 3] smbd/pipes.c:reply_pipe_read_and_X(301) readX-IPC pnum=7600 min=1024 max=1024 nread=48 [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=107 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1536 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 48 (0x30) smb_vwv[ 6]= 59 (0x3B) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=48 [2008/08/04 09:37:15, 10] lib/util.c:dump_data(2226) [000] 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 00 ........ 0....... [010] 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2008/08/04 09:37:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/08/04 09:37:15, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/08/04 09:37:15, 3] smbd/process.c:process_smb(1549) Transaction 25 of length 45 (0 toread) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1600 smt_wct=3 smb_vwv[ 0]=30208 (0x7600) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/08/04 09:37:15, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 27141) conn 0xb8186298 [2008/08/04 09:37:15, 4] smbd/uid.c:change_to_user(182) change_to_user: Skipping user change - already user [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=7600 [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=7600 (pipes_open=2) [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=2) [2008/08/04 09:37:15, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:7600 [2008/08/04 09:37:15, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe lsarpc [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name lsarpc pnum=7600 (pipes_open=1) [2008/08/04 09:37:15, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F323731 [2008/08/04 09:37:15, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb8172e08 [2008/08/04 09:37:15, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F323731 [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=102 smb_mid=1600 smt_wct=0 smb_bcc=0 [2008/08/04 09:37:15, 10] lib/util_sock.c:read_smb_length_return_keepalive(1118) got smb length of 41 [2008/08/04 09:37:15, 6] smbd/process.c:process_smb(1546) got message type 0x0 of len 0x29 [2008/08/04 09:37:15, 3] smbd/process.c:process_smb(1549) Transaction 26 of length 45 (0 toread) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1664 smt_wct=3 smb_vwv[ 0]=30207 (0x75FF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2008/08/04 09:37:15, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 27141) conn 0xb816dfc0 [2008/08/04 09:37:15, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_nt_user_token(470) NT user token of user S-1-5-21-534671462-504895351-1339659545-501 contains 4 SIDs SID[ 0]: S-1-5-21-534671462-504895351-1339659545-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SE_PRIV 0x0 0x0 0x0 0x0 [2008/08/04 09:37:15, 5] auth/token_util.c:debug_unix_user_token(490) UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups [2008/08/04 09:37:15, 5] smbd/uid.c:change_to_user(272) change_to_user uid=(65534,65534) gid=(0,65533) [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=75ff [2008/08/04 09:37:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name NETLOGON pnum=75ff (pipes_open=1) [2008/08/04 09:37:15, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:75ff [2008/08/04 09:37:15, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe NETLOGON [2008/08/04 09:37:15, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name NETLOGON pnum=75ff (pipes_open=0) [2008/08/04 09:37:15, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 4E45544C4F474F4E2F32 [2008/08/04 09:37:15, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0xb8172e08 [2008/08/04 09:37:15, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 4E45544C4F474F4E2F32 [2008/08/04 09:37:15, 5] lib/util.c:show_msg(645) [2008/08/04 09:37:15, 5] lib/util.c:show_msg(655) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1664 smt_wct=0 smb_bcc=0