First Example: -------------- "wbinfo -r" fails to recognise the removal of user "karen" from group "inetuser" 1) # wbinfo -r karen 3000 3018 3019 3001 [2007/12/06 21:55:16, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 17 [2007/12/06 21:55:16, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 21:55:16, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) [ 0]: request interface version [2007/12/06 21:55:16, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/12/06 21:55:16, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) [ 0]: request location of privileged pipe [2007/12/06 21:55:16, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 21:55:16, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETGROUPS [2007/12/06 21:55:16, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1017) [ 0]: getgroups karen [2007/12/06 21:55:16, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 21:55:16, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 21:55:16, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=225 [2007/12/06 21:55:16, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 21:55:16, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 21:55:16, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1088) Expanding our own local groups [2007/12/06 21:55:16, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20540 [2007/12/06 21:55:16, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 21:55:16, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1098) Expanding our own BUILTIN groups [2007/12/06 21:55:16, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20541 [2007/12/06 21:55:16, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 21:55:16, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1227] [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1227 of type 0x2 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3000 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3000 -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 21:55:16, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3000] [2007/12/06 21:55:16, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1158] [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1158 of type 0x2 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1158 -> GID 3018 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1158 -> GID 3018 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3018 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3018 -> S-1-5-21-573177630-792016305-1830848205-1158 [2007/12/06 21:55:16, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3018] [2007/12/06 21:55:16, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1159] [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1159 of type 0x2 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1159 -> GID 3019 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1159 -> GID 3019 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3019 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3019 -> S-1-5-21-573177630-792016305-1830848205-1159 [2007/12/06 21:55:16, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3019] [2007/12/06 21:55:16, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-513] [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-513 of type 0x2 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-513 -> GID 3001 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-513 -> GID 3001 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3001 [2007/12/06 21:55:16, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3001 -> S-1-5-21-573177630-792016305-1830848205-513 [2007/12/06 21:55:16, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3001] [2007/12/06 21:59:46, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 21:59:46, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=64 [2007/12/06 22:01:07, 6] nsswitch/winbindd.c:new_connection(601) 2) # getent group inetuser inetuser:x:3000:kids,karen,ab [2007/12/06 22:01:22, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:01:22, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:01:22, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) [ 0]: request interface version [2007/12/06 22:01:22, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/12/06 22:01:22, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) [ 0]: request location of privileged pipe [2007/12/06 22:01:22, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 22 [2007/12/06 22:01:22, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETGRNAM [2007/12/06 22:01:22, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(220) [ 0]: getgrnam inetuser [2007/12/06 22:01:22, 10] nsswitch/winbindd_cache.c:name_to_sid(1289) name_to_sid: [Cached] - doing backend query for name for domain DOMAIN [2007/12/06 22:01:22, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(257) rpc: name_to_sid name=DOMAIN\inetuser [2007/12/06 22:01:22, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(265) name_to_sid [rpc] DOMAIN\inetuser for domain DOMAIN [2007/12/06 22:01:22, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1567) init_q_lookup_names [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_lookup_names [2007/12/06 22:01:22, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0000 data1: 00000000 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0004 data2: caad6fba [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 data3: 1c36 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a data4: 4165 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8s(855) 000c data5: 88 f9 e7 83 e5 86 10 6b [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0014 num_entries : 00000001 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0018 num_entries2 : 00000001 [2007/12/06 22:01:22, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unihdr hdr_name [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 001c uni_str_len: 0028 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 001e uni_max_len: 0028 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0020 buffer : 00000001 [2007/12/06 22:01:22, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 dom_name [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0024 uni_max_len: 00000014 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0028 offset : 00000000 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 002c uni_str_len: 00000014 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940) 0030 buffer : D.A.T.A.S.Y.S.T.E.M.E.\.i.n.e.t.u.s.e.r. [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0058 num_trans_entries : 00000000 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 005c ptr_trans_sids : 00000000 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0060 lookup_level : 0001 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0064 mapped_count : 00000000 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 frag_len : 0098 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a auth_len : 0010 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c call_id : 00000005 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 alloc_hint: 00000068 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 context_id: 0000 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0016 opnum : 000e [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_debug(84) 000080 smb_io_rpc_hdr_auth hdr_auth [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0080 auth_type : 09 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0081 auth_level : 06 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0082 auth_pad_len : 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0083 auth_reserved: 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0084 auth_context_id: 00000001 [2007/12/06 22:01:22, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(249) ntlmssp_seal_data: seal [2007/12/06 22:01:22, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine ADS1 pipe \lsarpc fnum 0x17 [2007/12/06 22:01:22, 5] lib/util.c:show_msg(485) [2007/12/06 22:01:22, 5] lib/util.c:show_msg(495) size=234 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 -- [2007/12/06 22:01:22, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 98 00 10 00 05 00 00 00 68 ........ .......h [020] 00 00 00 00 00 0E 00 5E E2 0C 88 4F 34 83 D4 47 .......^ â..O4.ÔG [030] 17 6D C8 BD D8 68 D8 77 B8 AB 98 FD 00 11 F8 08 .mÈœØhØw ž«.ý..ø. [040] 75 5A DC F6 7D 71 3E B6 BE 6A 06 BA A0 DC D1 EB uZÜö}q>¶ Ÿj.º ÜÑë [050] 4B 61 5A 3B DA E2 95 8B C0 FC 21 E4 AB 9A B6 9B KaZ;Úâ.. Àü!ä«.¶. -- [2007/12/06 22:01:22, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 16 [2007/12/06 22:01:22, 10] libsmb/smb_signing.c:client_sign_outgoing_message(348) client_sign_outgoing_message: sent SMB signature of [2007/12/06 22:01:22, 10] lib/util.c:dump_data(2222) [000] E7 C5 EF D5 22 DB 2A C5 çÅïÕ"Û*Å [2007/12/06 22:01:22, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 17 mid = 10 [2007/12/06 22:01:22, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,238) [2007/12/06 22:01:22, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,238) wrote 238 [2007/12/06 22:01:22, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 232 [2007/12/06 22:01:22, 5] lib/util.c:show_msg(485) [2007/12/06 22:01:22, 5] lib/util.c:show_msg(495) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 -- [2007/12/06 22:01:22, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 B0 00 10 00 05 00 00 ........ .°...... [010] 00 80 00 00 00 00 00 00 00 FA AA C0 96 F1 A5 33 ........ .úªÀ.ñ¥3 [020] E9 CD 15 D3 29 66 8A A2 7D 1F 9F 0B 7A C6 C9 99 éÍ.Ó)f.¢ }...zÆÉ. [030] 79 F4 3A 0C EE 08 10 04 BA 48 A6 2C 99 F4 DA D8 yô:.î... ºHŠ,.ôÚØ [040] ED 5B 13 ED A4 55 A7 F7 17 41 81 B4 17 4C 7F 6D í[.í€U§÷ .A.Ž.L.m [050] 2D 48 16 F4 2D 5A 44 8D CE 66 5A F3 42 B3 00 76 -H.ô-ZD. ÎfZóB³.v -- [2007/12/06 22:01:22, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 17 mid = 10 [2007/12/06 22:01:22, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 17 [2007/12/06 22:01:22, 10] libsmb/smb_signing.c:client_check_incoming_message(428) client_check_incoming_message: seq 17: got good SMB signature of [2007/12/06 22:01:22, 10] lib/util.c:dump_data(2222) [000] 9D 6F D8 22 2E B5 ED FE .oØ".µíþ [2007/12/06 22:01:22, 5] lib/util.c:show_msg(485) [2007/12/06 22:01:22, 5] lib/util.c:show_msg(495) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 -- [2007/12/06 22:01:22, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 B0 00 10 00 05 00 00 ........ .°...... [010] 00 80 00 00 00 00 00 00 00 FA AA C0 96 F1 A5 33 ........ .úªÀ.ñ¥3 [020] E9 CD 15 D3 29 66 8A A2 7D 1F 9F 0B 7A C6 C9 99 éÍ.Ó)f.¢ }...zÆÉ. [030] 79 F4 3A 0C EE 08 10 04 BA 48 A6 2C 99 F4 DA D8 yô:.î... ºHŠ,.ôÚØ [040] ED 5B 13 ED A4 55 A7 F7 17 41 81 B4 17 4C 7F 6D í[.í€U§÷ .A.Ž.L.m [050] 2D 48 16 F4 2D 5A 44 8D CE 66 5A F3 42 B3 00 76 -H.ô-ZD. ÎfZóB³.v -- [2007/12/06 22:01:22, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 17 mid = 10 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 frag_len : 00b0 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a auth_len : 0010 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c call_id : 00000005 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 alloc_hint: 00000080 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 context_id: 0000 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_debug(84) 000098 smb_io_rpc_hdr_auth hdr_auth [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0098 auth_type : 09 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0099 auth_level : 06 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009a auth_pad_len : 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009b auth_reserved: 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 009c auth_context_id: 00000001 [2007/12/06 22:01:22, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(310) ntlmssp_unseal_data: seal [2007/12/06 22:01:22, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(223) ntlmssp_check_packet: NTLMSSP signature OK ! [2007/12/06 22:01:22, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 176, data_len 128, ss_len 0 [2007/12/06 22:01:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 176 at offset 0 [2007/12/06 22:01:22, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine ADS1 pipe \lsarpc fnum 0x17 returned 256 bytes. [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_lookup_names [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0000 ptr_dom_ref: 00020000 [2007/12/06 22:01:22, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_dom_r_ref [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0004 num_ref_doms_1: 00000001 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0008 ptr_ref_dom : 00020004 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c max_entries : 00000020 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 num_ref_doms_2: 00000001 [2007/12/06 22:01:22, 7] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unihdr dom_ref[0] [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 uni_str_len: 0016 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0016 uni_max_len: 0018 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0018 buffer : 00020008 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 001c sid_ptr[0] : 0002000c [2007/12/06 22:01:22, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_unistr2 dom_ref[0] [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0020 uni_max_len: 0000000c [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0024 offset : 00000000 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0028 uni_str_len: 0000000b [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940) 002c buffer : D.A.T.A.S.Y.S.T.E.M.E. [2007/12/06 22:01:22, 7] rpc_parse/parse_prs.c:prs_debug(84) 000044 smb_io_dom_sid2 sid_ptr[0] [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0044 num_auths: 00000004 [2007/12/06 22:01:22, 8] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_dom_sid sid [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0048 sid_rev_num: 01 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0049 num_auths : 04 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004a id_auth[0] : 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004b id_auth[1] : 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004c id_auth[2] : 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004d id_auth[3] : 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004e id_auth[4] : 00 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004f id_auth[5] : 05 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32s(995) 0050 sub_auths : 00000015 2229ff1e 2f3535b1 6d2086cd [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0060 num_entries: 00000001 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0064 ptr_entries: 00020010 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0068 num_entries2: 00000001 [2007/12/06 22:01:22, 6] rpc_parse/parse_prs.c:prs_debug(84) 00006c smb_io_dom_rid [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint16(679) 006c type : 0002 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0070 rid : 000004cb [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0074 rid_idx: 00000000 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0078 mapped_count: 00000001 [2007/12/06 22:01:22, 5] rpc_parse/parse_prs.c:prs_ntstatus(767) 007c status : NT_STATUS_OK [2007/12/06 22:01:22, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(362) fetch_cache_seqnum: timeout [DOMAIN][3120758 @ 1196974872] [2007/12/06 22:01:22, 3] nsswitch/winbindd_ads.c:sequence_number(1018) ads: fetch sequence_number for DOMAIN [2007/12/06 22:01:22, 10] nsswitch/winbindd_ads.c:ads_cached_connection(43) ads_cached_connection [2007/12/06 22:01:22, 7] nsswitch/winbindd_ads.c:ads_cached_connection(51) Current tickets expire at 1197010868, time is now 1196974882 [2007/12/06 22:01:22, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:01:22, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(400) store_cache_seqnum: success [DOMAIN][3120758 @ 1196974882] [2007/12/06 22:01:22, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459) refresh_sequence_number: DOMAIN seq number is now 3120758 [2007/12/06 22:01:22, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(764) wcache_save_name_to_sid: DOMAIN\INETUSER -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:01:22, 10] nsswitch/winbindd_cache.c:wcache_save_sid_to_name(787) wcache_save_sid_to_name: S-1-5-21-573177630-792016305-1830848205-1227 -> inetuser [2007/12/06 22:01:22, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1227] [2007/12/06 22:01:22, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:01:22, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1227 of type 0x2 [2007/12/06 22:01:22, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:01:22, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:01:22, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3000 [2007/12/06 22:01:22, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3000 -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:01:22, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3000] [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(79) group SID S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:01:22, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1665) lookup_groupmem: [Cached] - doing backend query for info for domain DOMAIN [2007/12/06 22:01:22, 10] nsswitch/winbindd_ads.c:lookup_groupmem(879) ads: lookup_groupmem DOMAIN sid=S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:01:22, 10] nsswitch/winbindd_ads.c:ads_cached_connection(43) ads_cached_connection [2007/12/06 22:01:22, 7] nsswitch/winbindd_ads.c:ads_cached_connection(51) Current tickets expire at 1197010868, time is now 1196974882 [2007/12/06 22:01:22, 10] nsswitch/winbindd_ads.c:lookup_groupmem(919) Searching for attrs[0] = member, attrs[1] = usnChanged [2007/12/06 22:01:22, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\1E\FF\29\22\B1\35\35\2F\CD\86\20\6D\CB\04\00\00) gave 1 replies [2007/12/06 22:01:22, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:01:22, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:01:22, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:01:22, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:01:22, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:01:22, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:01:22, 3] nsswitch/winbindd_ads.c:lookup_groupmem(1003) ads lookup_groupmem for sid=S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:01:22, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(430) refresh_sequence_number: DOMAIN time ok [2007/12/06 22:01:22, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459) refresh_sequence_number: DOMAIN seq number is now 3120758 [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(111) looked up 3 names [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) kids S-1-5-21-573177630-792016305-1830848205-1621 1 [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) karen S-1-5-21-573177630-792016305-1830848205-1127 1 [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) ab S-1-5-21-573177630-792016305-1830848205-1125 1 [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name kids [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 5 = 5 [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name karen [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 6 = 11 [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name ab [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 3 = 14 [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name kids [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending kids at ndx 4 [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name karen [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending karen at ndx 5 [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name ab [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending ab at ndx 2 [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(188) num_mem = 3, len = 14, mem = kids,karen,ab [2007/12/06 22:01:22, 10] nsswitch/winbindd_group.c:fill_grent_mem(195) fill_grent_mem returning 1 [2007/12/06 22:02:01, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:02:01, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:02:01, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) 3) Removal of "karen" from group "inetuser" at one of our two ADS 4) # wbinfo -r karen 3000 3018 3019 3001 [2007/12/06 22:07:54, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:07:54, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:07:54, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) [ 0]: request interface version [2007/12/06 22:07:54, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/12/06 22:07:54, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) [ 0]: request location of privileged pipe [2007/12/06 22:07:54, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 22 [2007/12/06 22:07:54, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETGROUPS [2007/12/06 22:07:54, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1017) [ 0]: getgroups karen [2007/12/06 22:07:54, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:07:54, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:07:54, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=225 [2007/12/06 22:07:54, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:07:54, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 22:07:54, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1088) Expanding our own local groups [2007/12/06 22:07:54, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20540 [2007/12/06 22:07:54, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 22:07:54, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1098) Expanding our own BUILTIN groups [2007/12/06 22:07:54, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20541 [2007/12/06 22:07:54, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 22:07:54, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1227] [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1227 of type 0x2 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3000 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3000 -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:07:54, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3000] [2007/12/06 22:07:54, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1158] [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1158 of type 0x2 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1158 -> GID 3018 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1158 -> GID 3018 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3018 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3018 -> S-1-5-21-573177630-792016305-1830848205-1158 [2007/12/06 22:07:54, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3018] [2007/12/06 22:07:54, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1159] [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1159 of type 0x2 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1159 -> GID 3019 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1159 -> GID 3019 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3019 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3019 -> S-1-5-21-573177630-792016305-1830848205-1159 [2007/12/06 22:07:54, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3019] [2007/12/06 22:07:54, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-513] [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-513 of type 0x2 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-513 -> GID 3001 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-513 -> GID 3001 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3001 [2007/12/06 22:07:54, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3001 -> S-1-5-21-573177630-792016305-1830848205-513 [2007/12/06 22:07:54, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3001] [2007/12/06 22:10:09, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:10:09, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:10:09, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) 5) # getent group inetuser inetuser:x:3000:kids,ab [2007/12/06 22:10:09, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:10:09, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:10:09, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) [ 0]: request interface version [2007/12/06 22:10:09, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/12/06 22:10:09, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) [ 0]: request location of privileged pipe [2007/12/06 22:10:09, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 22 [2007/12/06 22:10:09, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETGRNAM [2007/12/06 22:10:09, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(220) [ 0]: getgrnam inetuser [2007/12/06 22:10:09, 10] nsswitch/winbindd_cache.c:name_to_sid(1289) name_to_sid: [Cached] - doing backend query for name for domain DOMAIN [2007/12/06 22:10:09, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(257) rpc: name_to_sid name=DOMAIN\inetuser [2007/12/06 22:10:09, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(265) name_to_sid [rpc] DOMAIN\inetuser for domain DOMAIN [2007/12/06 22:10:09, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1567) init_q_lookup_names [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_lookup_names [2007/12/06 22:10:09, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0000 data1: 00000000 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0004 data2: caad6fba [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 data3: 1c36 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a data4: 4165 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8s(855) 000c data5: 88 f9 e7 83 e5 86 10 6b [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0014 num_entries : 00000001 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0018 num_entries2 : 00000001 [2007/12/06 22:10:09, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unihdr hdr_name [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 001c uni_str_len: 0028 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 001e uni_max_len: 0028 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0020 buffer : 00000001 [2007/12/06 22:10:09, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 dom_name [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0024 uni_max_len: 00000014 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0028 offset : 00000000 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 002c uni_str_len: 00000014 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940) 0030 buffer : D.A.T.A.S.Y.S.T.E.M.E.\.i.n.e.t.u.s.e.r. [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0058 num_trans_entries : 00000000 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 005c ptr_trans_sids : 00000000 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0060 lookup_level : 0001 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0064 mapped_count : 00000000 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 frag_len : 0098 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a auth_len : 0010 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c call_id : 00000006 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 alloc_hint: 00000068 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 context_id: 0000 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0016 opnum : 000e [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000080 smb_io_rpc_hdr_auth hdr_auth [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0080 auth_type : 09 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0081 auth_level : 06 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0082 auth_pad_len : 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0083 auth_reserved: 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0084 auth_context_id: 00000001 [2007/12/06 22:10:09, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(249) ntlmssp_seal_data: seal [2007/12/06 22:10:09, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine ADS1 pipe \lsarpc fnum 0x17 [2007/12/06 22:10:09, 5] lib/util.c:show_msg(485) [2007/12/06 22:10:09, 5] lib/util.c:show_msg(495) size=234 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 -- [2007/12/06 22:10:09, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 98 00 10 00 06 00 00 00 68 ........ .......h [020] 00 00 00 00 00 0E 00 B0 4D 77 9E 0A FA 51 BA E6 .......° Mw..úQºæ [030] 15 62 BC EE BA D0 23 BB AB 71 2B AA B2 24 F5 63 .bŒîºÐ#» «q+ª²$õc [040] 84 AA D0 75 CD 92 FB A0 FB 21 3A F5 5C D2 07 4A .ªÐuÍ.û  û!:õ\Ò.J [050] 9C 9A 94 ED 7A 97 CD 30 9C 57 D9 6B 84 41 71 4A ...íz.Í0 .WÙk.AqJ -- [2007/12/06 22:10:09, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 18 [2007/12/06 22:10:09, 10] libsmb/smb_signing.c:client_sign_outgoing_message(348) client_sign_outgoing_message: sent SMB signature of [2007/12/06 22:10:09, 10] lib/util.c:dump_data(2222) [000] 7D 68 F8 29 FF A0 CF C4 }hø)ÿ ÏÄ [2007/12/06 22:10:09, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 19 mid = 11 [2007/12/06 22:10:09, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,238) [2007/12/06 22:10:09, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,238) wrote 238 [2007/12/06 22:10:09, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 232 [2007/12/06 22:10:09, 5] lib/util.c:show_msg(485) [2007/12/06 22:10:09, 5] lib/util.c:show_msg(495) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 -- [2007/12/06 22:10:09, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 B0 00 10 00 06 00 00 ........ .°...... [010] 00 80 00 00 00 00 00 00 00 A6 75 0F E4 09 91 C6 ........ .Šu.ä..Æ [020] 50 DB D7 21 8B 8E E3 D7 3A A5 44 94 6A AC DF 42 PÛ×!..ã× :¥D.j¬ßB [030] AA AB 24 24 A0 22 BD 2A 0A 23 10 FD 5D EF C6 6A ª«$$ "œ* .#.ý]ïÆj [040] 42 9F A9 CF D0 41 9F 58 83 26 A7 61 FA 48 79 20 B.©ÏÐA.X .&§aúHy [050] EA E4 5C 3E 0D D0 C0 F0 CD 20 44 71 9D 13 66 4D êä\>.ÐÀð Í Dq..fM -- [2007/12/06 22:10:09, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 19 mid = 11 [2007/12/06 22:10:09, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 19 [2007/12/06 22:10:09, 10] libsmb/smb_signing.c:client_check_incoming_message(428) client_check_incoming_message: seq 19: got good SMB signature of [2007/12/06 22:10:09, 10] lib/util.c:dump_data(2222) [000] 4F 50 77 70 77 8F 72 7B OPwpw.r{ [2007/12/06 22:10:09, 5] lib/util.c:show_msg(485) [2007/12/06 22:10:09, 5] lib/util.c:show_msg(495) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 -- [2007/12/06 22:10:09, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 B0 00 10 00 06 00 00 ........ .°...... [010] 00 80 00 00 00 00 00 00 00 A6 75 0F E4 09 91 C6 ........ .Šu.ä..Æ [020] 50 DB D7 21 8B 8E E3 D7 3A A5 44 94 6A AC DF 42 PÛ×!..ã× :¥D.j¬ßB [030] AA AB 24 24 A0 22 BD 2A 0A 23 10 FD 5D EF C6 6A ª«$$ "œ* .#.ý]ïÆj [040] 42 9F A9 CF D0 41 9F 58 83 26 A7 61 FA 48 79 20 B.©ÏÐA.X .&§aúHy [050] EA E4 5C 3E 0D D0 C0 F0 CD 20 44 71 9D 13 66 4D êä\>.ÐÀð Í Dq..fM -- [2007/12/06 22:10:09, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 19 mid = 11 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 frag_len : 00b0 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a auth_len : 0010 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c call_id : 00000006 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 alloc_hint: 00000080 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 context_id: 0000 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000098 smb_io_rpc_hdr_auth hdr_auth [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0098 auth_type : 09 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0099 auth_level : 06 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009a auth_pad_len : 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009b auth_reserved: 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 009c auth_context_id: 00000001 [2007/12/06 22:10:09, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(310) ntlmssp_unseal_data: seal [2007/12/06 22:10:09, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(223) ntlmssp_check_packet: NTLMSSP signature OK ! [2007/12/06 22:10:09, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 176, data_len 128, ss_len 0 [2007/12/06 22:10:09, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 176 at offset 0 [2007/12/06 22:10:09, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine ADS1 pipe \lsarpc fnum 0x17 returned 256 bytes. [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_lookup_names [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0000 ptr_dom_ref: 00020000 [2007/12/06 22:10:09, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_dom_r_ref [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0004 num_ref_doms_1: 00000001 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0008 ptr_ref_dom : 00020004 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c max_entries : 00000020 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 num_ref_doms_2: 00000001 [2007/12/06 22:10:09, 7] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unihdr dom_ref[0] [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 uni_str_len: 0016 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0016 uni_max_len: 0018 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0018 buffer : 00020008 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 001c sid_ptr[0] : 0002000c [2007/12/06 22:10:09, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_unistr2 dom_ref[0] [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0020 uni_max_len: 0000000c [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0024 offset : 00000000 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0028 uni_str_len: 0000000b [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940) 002c buffer : D.A.T.A.S.Y.S.T.E.M.E. [2007/12/06 22:10:09, 7] rpc_parse/parse_prs.c:prs_debug(84) 000044 smb_io_dom_sid2 sid_ptr[0] [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0044 num_auths: 00000004 [2007/12/06 22:10:09, 8] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_dom_sid sid [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0048 sid_rev_num: 01 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0049 num_auths : 04 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004a id_auth[0] : 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004b id_auth[1] : 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004c id_auth[2] : 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004d id_auth[3] : 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004e id_auth[4] : 00 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004f id_auth[5] : 05 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32s(995) 0050 sub_auths : 00000015 2229ff1e 2f3535b1 6d2086cd [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0060 num_entries: 00000001 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0064 ptr_entries: 00020010 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0068 num_entries2: 00000001 [2007/12/06 22:10:09, 6] rpc_parse/parse_prs.c:prs_debug(84) 00006c smb_io_dom_rid [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint16(679) 006c type : 0002 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0070 rid : 000004cb [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0074 rid_idx: 00000000 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0078 mapped_count: 00000001 [2007/12/06 22:10:09, 5] rpc_parse/parse_prs.c:prs_ntstatus(767) 007c status : NT_STATUS_OK [2007/12/06 22:10:09, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(368) fetch_cache_seqnum: success [DOMAIN][3120771 @ 1196975409] [2007/12/06 22:10:09, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459) refresh_sequence_number: DOMAIN seq number is now 3120771 [2007/12/06 22:10:09, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(764) wcache_save_name_to_sid: DOMAIN\INETUSER -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:10:09, 10] nsswitch/winbindd_cache.c:wcache_save_sid_to_name(787) wcache_save_sid_to_name: S-1-5-21-573177630-792016305-1830848205-1227 -> inetuser [2007/12/06 22:10:09, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1227] [2007/12/06 22:10:09, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:10:09, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1227 of type 0x2 [2007/12/06 22:10:09, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:10:09, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:10:09, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3000 [2007/12/06 22:10:09, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3000 -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:10:09, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3000] [2007/12/06 22:10:09, 10] nsswitch/winbindd_group.c:fill_grent_mem(79) group SID S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:10:09, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1665) lookup_groupmem: [Cached] - doing backend query for info for domain DOMAIN [2007/12/06 22:10:09, 10] nsswitch/winbindd_ads.c:lookup_groupmem(879) ads: lookup_groupmem DOMAIN sid=S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:10:09, 10] nsswitch/winbindd_ads.c:ads_cached_connection(43) ads_cached_connection [2007/12/06 22:10:09, 7] nsswitch/winbindd_ads.c:ads_cached_connection(51) Current tickets expire at 1197010868, time is now 1196975409 [2007/12/06 22:10:09, 10] nsswitch/winbindd_ads.c:lookup_groupmem(919) Searching for attrs[0] = member, attrs[1] = usnChanged [2007/12/06 22:10:09, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\1E\FF\29\22\B1\35\35\2F\CD\86\20\6D\CB\04\00\00) gave 1 replies [2007/12/06 22:10:09, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:10:09, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:10:09, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:10:09, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:10:09, 3] nsswitch/winbindd_ads.c:lookup_groupmem(1003) ads lookup_groupmem for sid=S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:10:09, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(430) refresh_sequence_number: DOMAIN time ok [2007/12/06 22:10:09, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459) refresh_sequence_number: DOMAIN seq number is now 3120771 [2007/12/06 22:10:09, 10] nsswitch/winbindd_group.c:fill_grent_mem(111) looked up 2 names [2007/12/06 22:10:09, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) kids S-1-5-21-573177630-792016305-1830848205-1621 1 [2007/12/06 22:10:09, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) ab S-1-5-21-573177630-792016305-1830848205-1125 1 [2007/12/06 22:10:09, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name kids [2007/12/06 22:10:09, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 5 = 5 [2007/12/06 22:10:09, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name ab [2007/12/06 22:10:09, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 3 = 8 [2007/12/06 22:10:09, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name kids [2007/12/06 22:10:09, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending kids at ndx 4 [2007/12/06 22:10:09, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name ab [2007/12/06 22:10:09, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending ab at ndx 2 [2007/12/06 22:10:09, 10] nsswitch/winbindd_group.c:fill_grent_mem(188) num_mem = 2, len = 8, mem = kids,ab [2007/12/06 22:10:09, 10] nsswitch/winbindd_group.c:fill_grent_mem(195) fill_grent_mem returning 1 [2007/12/06 22:10:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:10:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=64 [2007/12/06 22:15:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:15:09, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=64 [2007/12/06 22:17:01, 6] nsswitch/winbindd.c:new_connection(601) Second Example: --------------- "wbinfo -r" fails to recognise the addition of user "guru" to group "inetuser" 1) # wbinfo -r guru 3018 3036 3011 3019 3009 3026 3025 3021 3024 [2007/12/06 22:17:52, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:17:52, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:17:52, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) [ 0]: request interface version [2007/12/06 22:17:52, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/12/06 22:17:52, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) [ 0]: request location of privileged pipe [2007/12/06 22:17:52, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 22 [2007/12/06 22:17:52, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETGROUPS [2007/12/06 22:17:52, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1017) [ 0]: getgroups guru [2007/12/06 22:17:52, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:17:52, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:17:52, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=269 [2007/12/06 22:17:52, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:17:52, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=181 [2007/12/06 22:17:52, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1088) Expanding our own local groups [2007/12/06 22:17:52, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20540 [2007/12/06 22:17:52, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 22:17:52, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1098) Expanding our own BUILTIN groups [2007/12/06 22:17:52, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20541 [2007/12/06 22:17:52, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1158] [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1158 of type 0x2 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1158 -> GID 3018 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1158 -> GID 3018 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3018 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3018 -> S-1-5-21-573177630-792016305-1830848205-1158 [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3018] [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1226] [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1226 of type 0x2 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1226 -> GID 3036 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1226 -> GID 3036 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3036 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3036 -> S-1-5-21-573177630-792016305-1830848205-1226 [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3036] [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-512] [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-512 of type 0x2 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-512 -> GID 3011 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-512 -> GID 3011 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3011 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3011 -> S-1-5-21-573177630-792016305-1830848205-512 [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3011] [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1159] [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1159 of type 0x2 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1159 -> GID 3019 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1159 -> GID 3019 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3019 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3019 -> S-1-5-21-573177630-792016305-1830848205-1159 [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3019] [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-519] [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-519 of type 0x2 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-519 -> GID 3009 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-519 -> GID 3009 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3009 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3009 -> S-1-5-21-573177630-792016305-1830848205-519 [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3009] [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1202] [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1202 of type 0x2 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1202 -> GID 3026 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1202 -> GID 3026 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3026 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3026 -> S-1-5-21-573177630-792016305-1830848205-1202 [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3026] [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1199] [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1199 of type 0x2 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1199 -> GID 3025 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1199 -> GID 3025 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3025 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3025 -> S-1-5-21-573177630-792016305-1830848205-1199 [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3025] [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1170] [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1170 of type 0x2 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1170 -> GID 3021 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1170 -> GID 3021 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3021 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3021 -> S-1-5-21-573177630-792016305-1830848205-1170 [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3021] [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1198] [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1198 of type 0x2 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1198 -> GID 3024 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1198 -> GID 3024 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3024 [2007/12/06 22:17:52, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3024 -> S-1-5-21-573177630-792016305-1830848205-1198 [2007/12/06 22:17:52, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3024] [2007/12/06 22:19:28, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:19:28, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:19:28, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) 2) # getent group inetuser inetuser:x:3000:kids,karen,ab [2007/12/06 22:19:28, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:19:28, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:19:28, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) [ 0]: request interface version [2007/12/06 22:19:28, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/12/06 22:19:28, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) [ 0]: request location of privileged pipe [2007/12/06 22:19:28, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 22 [2007/12/06 22:19:28, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETGRNAM [2007/12/06 22:19:28, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(220) [ 0]: getgrnam inetuser [2007/12/06 22:19:28, 10] nsswitch/winbindd_cache.c:name_to_sid(1289) name_to_sid: [Cached] - doing backend query for name for domain DOMAIN [2007/12/06 22:19:28, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(257) rpc: name_to_sid name=DOMAIN\inetuser [2007/12/06 22:19:28, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(265) name_to_sid [rpc] DOMAIN\inetuser for domain DOMAIN [2007/12/06 22:19:28, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1567) init_q_lookup_names [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_lookup_names [2007/12/06 22:19:28, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0000 data1: 00000000 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0004 data2: caad6fba [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 data3: 1c36 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a data4: 4165 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8s(855) 000c data5: 88 f9 e7 83 e5 86 10 6b [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0014 num_entries : 00000001 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0018 num_entries2 : 00000001 [2007/12/06 22:19:28, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unihdr hdr_name [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 001c uni_str_len: 0028 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 001e uni_max_len: 0028 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0020 buffer : 00000001 [2007/12/06 22:19:28, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 dom_name [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0024 uni_max_len: 00000014 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0028 offset : 00000000 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 002c uni_str_len: 00000014 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940) 0030 buffer : D.A.T.A.S.Y.S.T.E.M.E.\.i.n.e.t.u.s.e.r. [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0058 num_trans_entries : 00000000 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 005c ptr_trans_sids : 00000000 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0060 lookup_level : 0001 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0064 mapped_count : 00000000 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 frag_len : 0098 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a auth_len : 0010 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c call_id : 00000007 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 alloc_hint: 00000068 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 context_id: 0000 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0016 opnum : 000e [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_debug(84) 000080 smb_io_rpc_hdr_auth hdr_auth [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0080 auth_type : 09 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0081 auth_level : 06 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0082 auth_pad_len : 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0083 auth_reserved: 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0084 auth_context_id: 00000001 [2007/12/06 22:19:28, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(249) ntlmssp_seal_data: seal [2007/12/06 22:19:28, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine ADS1 pipe \lsarpc fnum 0x17 [2007/12/06 22:19:28, 5] lib/util.c:show_msg(485) [2007/12/06 22:19:28, 5] lib/util.c:show_msg(495) size=234 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 -- [2007/12/06 22:19:28, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 98 00 10 00 07 00 00 00 68 ........ .......h [020] 00 00 00 00 00 0E 00 B7 DC 0A B2 0D 91 3B 40 7F .......· Ü.²..;@. [030] 6B C8 2A 98 63 C6 15 D9 1E 94 06 BA 7A C7 B6 4D kÈ*.cÆ.Ù ...ºzǶM [040] EC 60 F9 2A 21 E2 CD 3E 08 60 83 7A A8 05 41 51 ì`ù*!âÍ> .`.zš.AQ [050] 98 45 6C 8D 61 A6 4F 2D E6 BB 14 4F 60 54 99 FF .El.aŠO- æ».O`T.ÿ -- [2007/12/06 22:19:28, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 20 [2007/12/06 22:19:28, 10] libsmb/smb_signing.c:client_sign_outgoing_message(348) client_sign_outgoing_message: sent SMB signature of [2007/12/06 22:19:28, 10] lib/util.c:dump_data(2222) [000] 34 E6 46 4A FF 44 F5 48 4æFJÿDõH [2007/12/06 22:19:28, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 21 mid = 12 [2007/12/06 22:19:28, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,238) [2007/12/06 22:19:28, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,238) wrote 238 [2007/12/06 22:19:28, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 232 [2007/12/06 22:19:28, 5] lib/util.c:show_msg(485) [2007/12/06 22:19:28, 5] lib/util.c:show_msg(495) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 -- [2007/12/06 22:19:28, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 B0 00 10 00 07 00 00 ........ .°...... [010] 00 80 00 00 00 00 00 00 00 89 DC 5B 1B A7 27 D0 ........ ..Ü[.§'Ð [020] CC 4A 87 E2 F1 2E DD 78 49 4D 9E DB B7 87 D6 7C ÌJ.âñ.Ýx IM.Û·.Ö| [030] EC 2F F3 1A 9D FB 70 2C 8F D5 80 12 E5 95 18 7A ì/ó..ûp, .Õ..å..z [040] B9 79 C2 73 E0 2D C2 19 7F 7A 9A A0 25 0C 64 CE ¹yÂsà-Â. .z. %.dÎ [050] F1 5B D7 2D CA 65 A3 82 C0 E5 1B AE 89 F3 53 82 ñ[×-Êe£. Àå.®.óS. -- [2007/12/06 22:19:28, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 21 mid = 12 [2007/12/06 22:19:28, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 21 [2007/12/06 22:19:28, 10] libsmb/smb_signing.c:client_check_incoming_message(428) client_check_incoming_message: seq 21: got good SMB signature of [2007/12/06 22:19:28, 10] lib/util.c:dump_data(2222) [000] AE 19 C9 B1 97 DC B5 34 ®.ɱ.ܵ4 [2007/12/06 22:19:28, 5] lib/util.c:show_msg(485) [2007/12/06 22:19:28, 5] lib/util.c:show_msg(495) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 -- [2007/12/06 22:19:28, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 B0 00 10 00 07 00 00 ........ .°...... [010] 00 80 00 00 00 00 00 00 00 89 DC 5B 1B A7 27 D0 ........ ..Ü[.§'Ð [020] CC 4A 87 E2 F1 2E DD 78 49 4D 9E DB B7 87 D6 7C ÌJ.âñ.Ýx IM.Û·.Ö| [030] EC 2F F3 1A 9D FB 70 2C 8F D5 80 12 E5 95 18 7A ì/ó..ûp, .Õ..å..z [040] B9 79 C2 73 E0 2D C2 19 7F 7A 9A A0 25 0C 64 CE ¹yÂsà-Â. .z. %.dÎ [050] F1 5B D7 2D CA 65 A3 82 C0 E5 1B AE 89 F3 53 82 ñ[×-Êe£. Àå.®.óS. -- [2007/12/06 22:19:28, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 21 mid = 12 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 frag_len : 00b0 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a auth_len : 0010 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c call_id : 00000007 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 alloc_hint: 00000080 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 context_id: 0000 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_debug(84) 000098 smb_io_rpc_hdr_auth hdr_auth [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0098 auth_type : 09 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0099 auth_level : 06 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009a auth_pad_len : 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009b auth_reserved: 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 009c auth_context_id: 00000001 [2007/12/06 22:19:28, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(310) ntlmssp_unseal_data: seal [2007/12/06 22:19:28, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(223) ntlmssp_check_packet: NTLMSSP signature OK ! [2007/12/06 22:19:28, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 176, data_len 128, ss_len 0 [2007/12/06 22:19:28, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 176 at offset 0 [2007/12/06 22:19:28, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine ADS1 pipe \lsarpc fnum 0x17 returned 256 bytes. [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_lookup_names [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0000 ptr_dom_ref: 00020000 [2007/12/06 22:19:28, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_dom_r_ref [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0004 num_ref_doms_1: 00000001 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0008 ptr_ref_dom : 00020004 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c max_entries : 00000020 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 num_ref_doms_2: 00000001 [2007/12/06 22:19:28, 7] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unihdr dom_ref[0] [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 uni_str_len: 0016 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0016 uni_max_len: 0018 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0018 buffer : 00020008 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 001c sid_ptr[0] : 0002000c [2007/12/06 22:19:28, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_unistr2 dom_ref[0] [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0020 uni_max_len: 0000000c [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0024 offset : 00000000 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0028 uni_str_len: 0000000b [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940) 002c buffer : D.A.T.A.S.Y.S.T.E.M.E. [2007/12/06 22:19:28, 7] rpc_parse/parse_prs.c:prs_debug(84) 000044 smb_io_dom_sid2 sid_ptr[0] [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0044 num_auths: 00000004 [2007/12/06 22:19:28, 8] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_dom_sid sid [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0048 sid_rev_num: 01 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0049 num_auths : 04 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004a id_auth[0] : 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004b id_auth[1] : 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004c id_auth[2] : 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004d id_auth[3] : 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004e id_auth[4] : 00 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004f id_auth[5] : 05 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32s(995) 0050 sub_auths : 00000015 2229ff1e 2f3535b1 6d2086cd [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0060 num_entries: 00000001 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0064 ptr_entries: 00020010 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0068 num_entries2: 00000001 [2007/12/06 22:19:28, 6] rpc_parse/parse_prs.c:prs_debug(84) 00006c smb_io_dom_rid [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint16(679) 006c type : 0002 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0070 rid : 000004cb [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0074 rid_idx: 00000000 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0078 mapped_count: 00000001 [2007/12/06 22:19:28, 5] rpc_parse/parse_prs.c:prs_ntstatus(767) 007c status : NT_STATUS_OK [2007/12/06 22:19:28, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(362) fetch_cache_seqnum: timeout [DOMAIN][3120785 @ 1196975872] [2007/12/06 22:19:28, 3] nsswitch/winbindd_ads.c:sequence_number(1018) ads: fetch sequence_number for DOMAIN [2007/12/06 22:19:28, 10] nsswitch/winbindd_ads.c:ads_cached_connection(43) ads_cached_connection [2007/12/06 22:19:28, 7] nsswitch/winbindd_ads.c:ads_cached_connection(51) Current tickets expire at 1197010868, time is now 1196975968 [2007/12/06 22:19:28, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:19:28, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(400) store_cache_seqnum: success [DOMAIN][3120786 @ 1196975968] [2007/12/06 22:19:28, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459) refresh_sequence_number: DOMAIN seq number is now 3120786 [2007/12/06 22:19:28, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(764) wcache_save_name_to_sid: DOMAIN\INETUSER -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:19:28, 10] nsswitch/winbindd_cache.c:wcache_save_sid_to_name(787) wcache_save_sid_to_name: S-1-5-21-573177630-792016305-1830848205-1227 -> inetuser [2007/12/06 22:19:28, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1227] [2007/12/06 22:19:28, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:19:28, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1227 of type 0x2 [2007/12/06 22:19:28, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:19:28, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:19:28, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3000 [2007/12/06 22:19:28, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3000 -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:19:28, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3000] [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(79) group SID S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:19:28, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1665) lookup_groupmem: [Cached] - doing backend query for info for domain DOMAIN [2007/12/06 22:19:28, 10] nsswitch/winbindd_ads.c:lookup_groupmem(879) ads: lookup_groupmem DOMAIN sid=S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:19:28, 10] nsswitch/winbindd_ads.c:ads_cached_connection(43) ads_cached_connection [2007/12/06 22:19:28, 7] nsswitch/winbindd_ads.c:ads_cached_connection(51) Current tickets expire at 1197010868, time is now 1196975968 [2007/12/06 22:19:28, 10] nsswitch/winbindd_ads.c:lookup_groupmem(919) Searching for attrs[0] = member, attrs[1] = usnChanged [2007/12/06 22:19:28, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\1E\FF\29\22\B1\35\35\2F\CD\86\20\6D\CB\04\00\00) gave 1 replies [2007/12/06 22:19:28, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:19:28, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:19:28, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:19:28, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:19:28, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:19:28, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:19:28, 3] nsswitch/winbindd_ads.c:lookup_groupmem(1003) ads lookup_groupmem for sid=S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:19:28, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(430) refresh_sequence_number: DOMAIN time ok [2007/12/06 22:19:28, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459) refresh_sequence_number: DOMAIN seq number is now 3120786 [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(111) looked up 3 names [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) kids S-1-5-21-573177630-792016305-1830848205-1621 1 [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) karen S-1-5-21-573177630-792016305-1830848205-1127 1 [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) ab S-1-5-21-573177630-792016305-1830848205-1125 1 [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name kids [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 5 = 5 [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name karen [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 6 = 11 [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name ab [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 3 = 14 [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name kids [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending kids at ndx 4 [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name karen [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending karen at ndx 5 [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name ab [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending ab at ndx 2 [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(188) num_mem = 3, len = 14, mem = kids,karen,ab [2007/12/06 22:19:28, 10] nsswitch/winbindd_group.c:fill_grent_mem(195) fill_grent_mem returning 1 [2007/12/06 22:20:28, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:20:28, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=64 [2007/12/06 22:21:19, 6] nsswitch/winbindd.c:new_connection(601) 3) Add "guru" to group "inetuser" on ADS 4) # wbinfo -r guru 3018 3036 3011 3019 3009 3026 3025 3021 3024 [2007/12/06 22:23:37, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:23:37, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:23:37, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) [ 0]: request interface version [2007/12/06 22:23:37, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/12/06 22:23:37, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) [ 0]: request location of privileged pipe [2007/12/06 22:23:37, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 22 [2007/12/06 22:23:37, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETGROUPS [2007/12/06 22:23:37, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1017) [ 0]: getgroups guru [2007/12/06 22:23:37, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:23:37, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:23:37, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=269 [2007/12/06 22:23:37, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:23:37, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=181 [2007/12/06 22:23:37, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1088) Expanding our own local groups [2007/12/06 22:23:37, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20540 [2007/12/06 22:23:37, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 22:23:37, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1098) Expanding our own BUILTIN groups [2007/12/06 22:23:37, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20541 [2007/12/06 22:23:37, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1158] [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1158 of type 0x2 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1158 -> GID 3018 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1158 -> GID 3018 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3018 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3018 -> S-1-5-21-573177630-792016305-1830848205-1158 [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3018] [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1226] [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1226 of type 0x2 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1226 -> GID 3036 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1226 -> GID 3036 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3036 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3036 -> S-1-5-21-573177630-792016305-1830848205-1226 [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3036] [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-512] [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-512 of type 0x2 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-512 -> GID 3011 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-512 -> GID 3011 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3011 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3011 -> S-1-5-21-573177630-792016305-1830848205-512 [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3011] [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1159] [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1159 of type 0x2 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1159 -> GID 3019 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1159 -> GID 3019 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3019 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3019 -> S-1-5-21-573177630-792016305-1830848205-1159 [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3019] [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-519] [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-519 of type 0x2 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-519 -> GID 3009 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-519 -> GID 3009 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3009 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3009 -> S-1-5-21-573177630-792016305-1830848205-519 [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3009] [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1202] [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1202 of type 0x2 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1202 -> GID 3026 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1202 -> GID 3026 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3026 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3026 -> S-1-5-21-573177630-792016305-1830848205-1202 [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3026] [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1199] [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1199 of type 0x2 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1199 -> GID 3025 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1199 -> GID 3025 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3025 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3025 -> S-1-5-21-573177630-792016305-1830848205-1199 [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3025] [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1170] [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1170 of type 0x2 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1170 -> GID 3021 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1170 -> GID 3021 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3021 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3021 -> S-1-5-21-573177630-792016305-1830848205-1170 [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3021] [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1198] [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1198 of type 0x2 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1198 -> GID 3024 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1198 -> GID 3024 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3024 [2007/12/06 22:23:37, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3024 -> S-1-5-21-573177630-792016305-1830848205-1198 [2007/12/06 22:23:37, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3024] [2007/12/06 22:24:23, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:24:23, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:24:23, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) 5) # getent group inetuser inetuser:x:3000:kids,karen,ab,guru [2007/12/06 22:24:23, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:24:23, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:24:23, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) [ 0]: request interface version [2007/12/06 22:24:23, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/12/06 22:24:23, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) [ 0]: request location of privileged pipe [2007/12/06 22:24:23, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 22 [2007/12/06 22:24:23, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETGRNAM [2007/12/06 22:24:23, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(220) [ 0]: getgrnam inetuser [2007/12/06 22:24:23, 10] nsswitch/winbindd_cache.c:name_to_sid(1289) name_to_sid: [Cached] - doing backend query for name for domain DOMAIN [2007/12/06 22:24:23, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(257) rpc: name_to_sid name=DOMAIN\inetuser [2007/12/06 22:24:23, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(265) name_to_sid [rpc] DOMAIN\inetuser for domain DOMAIN [2007/12/06 22:24:23, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1567) init_q_lookup_names [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_lookup_names [2007/12/06 22:24:23, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0000 data1: 00000000 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0004 data2: caad6fba [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 data3: 1c36 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a data4: 4165 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8s(855) 000c data5: 88 f9 e7 83 e5 86 10 6b [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0014 num_entries : 00000001 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0018 num_entries2 : 00000001 [2007/12/06 22:24:23, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unihdr hdr_name [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 001c uni_str_len: 0028 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 001e uni_max_len: 0028 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0020 buffer : 00000001 [2007/12/06 22:24:23, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 dom_name [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0024 uni_max_len: 00000014 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0028 offset : 00000000 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 002c uni_str_len: 00000014 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940) 0030 buffer : D.A.T.A.S.Y.S.T.E.M.E.\.i.n.e.t.u.s.e.r. [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0058 num_trans_entries : 00000000 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 005c ptr_trans_sids : 00000000 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0060 lookup_level : 0001 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0064 mapped_count : 00000000 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 frag_len : 0098 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a auth_len : 0010 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c call_id : 00000009 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 alloc_hint: 00000068 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 context_id: 0000 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0016 opnum : 000e [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_debug(84) 000080 smb_io_rpc_hdr_auth hdr_auth [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0080 auth_type : 09 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0081 auth_level : 06 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0082 auth_pad_len : 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0083 auth_reserved: 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0084 auth_context_id: 00000001 [2007/12/06 22:24:23, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(249) ntlmssp_seal_data: seal [2007/12/06 22:24:23, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine ADS1 pipe \lsarpc fnum 0x17 [2007/12/06 22:24:23, 5] lib/util.c:show_msg(485) [2007/12/06 22:24:23, 5] lib/util.c:show_msg(495) size=234 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 -- [2007/12/06 22:24:23, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 98 00 10 00 09 00 00 00 68 ........ .......h [020] 00 00 00 00 00 0E 00 F4 16 78 FD 8B 51 F8 85 09 .......ô .xý.Qø.. [030] 6D 09 C8 71 D4 44 FA DD 62 23 E2 5F 76 1C 68 2D m.ÈqÔDúÝ b#â_v.h- [040] 87 4F 46 D5 6E 12 45 FA F7 15 ED 08 FF 94 CB E6 .OFÕn.Eú ÷.í.ÿ.Ëæ [050] 68 7C 86 D5 94 F4 A0 39 A7 D8 4B 9A B5 43 69 24 h|.Õ.ô 9 §ØK.µCi$ -- [2007/12/06 22:24:23, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 24 [2007/12/06 22:24:23, 10] libsmb/smb_signing.c:client_sign_outgoing_message(348) client_sign_outgoing_message: sent SMB signature of [2007/12/06 22:24:23, 10] lib/util.c:dump_data(2222) [000] F7 87 C8 10 49 79 1B E8 ÷.È.Iy.è [2007/12/06 22:24:23, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 25 mid = 14 [2007/12/06 22:24:23, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,238) [2007/12/06 22:24:23, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,238) wrote 238 [2007/12/06 22:24:23, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 232 [2007/12/06 22:24:23, 5] lib/util.c:show_msg(485) [2007/12/06 22:24:23, 5] lib/util.c:show_msg(495) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 -- [2007/12/06 22:24:23, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 B0 00 10 00 09 00 00 ........ .°...... [010] 00 80 00 00 00 00 00 00 00 B1 5C 45 60 9A E3 19 ........ .±\E`.ã. [020] 15 1D 5B 97 ED AA 46 D1 8B E5 2E 6F 4E ED 67 71 ..[.íªFÑ .å.oNígq [030] C1 84 4A B1 C4 DC 48 C6 AD 87 FE 0C EB 34 12 F4 Á.J±ÄÜHÆ ­.þ.ë4.ô [040] 49 99 E9 51 05 0D EE 38 DF F4 58 3B E7 B7 EA 6F I.éQ..î8 ßôX;ç·êo [050] 02 C2 F3 55 A3 B7 92 72 1B FC 6A 1D 9E FB 03 4F .ÂóU£·.r .üj..û.O -- [2007/12/06 22:24:23, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 25 mid = 14 [2007/12/06 22:24:23, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 25 [2007/12/06 22:24:23, 10] libsmb/smb_signing.c:client_check_incoming_message(428) client_check_incoming_message: seq 25: got good SMB signature of [2007/12/06 22:24:23, 10] lib/util.c:dump_data(2222) [000] 37 A1 15 64 78 40 89 42 7¡.dx@.B [2007/12/06 22:24:23, 5] lib/util.c:show_msg(485) [2007/12/06 22:24:23, 5] lib/util.c:show_msg(495) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 -- [2007/12/06 22:24:23, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 B0 00 10 00 09 00 00 ........ .°...... [010] 00 80 00 00 00 00 00 00 00 B1 5C 45 60 9A E3 19 ........ .±\E`.ã. [020] 15 1D 5B 97 ED AA 46 D1 8B E5 2E 6F 4E ED 67 71 ..[.íªFÑ .å.oNígq [030] C1 84 4A B1 C4 DC 48 C6 AD 87 FE 0C EB 34 12 F4 Á.J±ÄÜHÆ ­.þ.ë4.ô [040] 49 99 E9 51 05 0D EE 38 DF F4 58 3B E7 B7 EA 6F I.éQ..î8 ßôX;ç·êo [050] 02 C2 F3 55 A3 B7 92 72 1B FC 6A 1D 9E FB 03 4F .ÂóU£·.r .üj..û.O -- [2007/12/06 22:24:23, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 25 mid = 14 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 frag_len : 00b0 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a auth_len : 0010 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c call_id : 00000009 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 alloc_hint: 00000080 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 context_id: 0000 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_debug(84) 000098 smb_io_rpc_hdr_auth hdr_auth [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0098 auth_type : 09 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0099 auth_level : 06 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009a auth_pad_len : 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009b auth_reserved: 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 009c auth_context_id: 00000001 [2007/12/06 22:24:23, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(310) ntlmssp_unseal_data: seal [2007/12/06 22:24:23, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(223) ntlmssp_check_packet: NTLMSSP signature OK ! [2007/12/06 22:24:23, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 176, data_len 128, ss_len 0 [2007/12/06 22:24:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 176 at offset 0 [2007/12/06 22:24:23, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine ADS1 pipe \lsarpc fnum 0x17 returned 256 bytes. [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_lookup_names [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0000 ptr_dom_ref: 00020000 [2007/12/06 22:24:23, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_dom_r_ref [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0004 num_ref_doms_1: 00000001 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0008 ptr_ref_dom : 00020004 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c max_entries : 00000020 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 num_ref_doms_2: 00000001 [2007/12/06 22:24:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unihdr dom_ref[0] [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 uni_str_len: 0016 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0016 uni_max_len: 0018 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0018 buffer : 00020008 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 001c sid_ptr[0] : 0002000c [2007/12/06 22:24:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_unistr2 dom_ref[0] [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0020 uni_max_len: 0000000c [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0024 offset : 00000000 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0028 uni_str_len: 0000000b [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940) 002c buffer : D.A.T.A.S.Y.S.T.E.M.E. [2007/12/06 22:24:23, 7] rpc_parse/parse_prs.c:prs_debug(84) 000044 smb_io_dom_sid2 sid_ptr[0] [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0044 num_auths: 00000004 [2007/12/06 22:24:23, 8] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_dom_sid sid [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0048 sid_rev_num: 01 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0049 num_auths : 04 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004a id_auth[0] : 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004b id_auth[1] : 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004c id_auth[2] : 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004d id_auth[3] : 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004e id_auth[4] : 00 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004f id_auth[5] : 05 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32s(995) 0050 sub_auths : 00000015 2229ff1e 2f3535b1 6d2086cd [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0060 num_entries: 00000001 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0064 ptr_entries: 00020010 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0068 num_entries2: 00000001 [2007/12/06 22:24:23, 6] rpc_parse/parse_prs.c:prs_debug(84) 00006c smb_io_dom_rid [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint16(679) 006c type : 0002 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0070 rid : 000004cb [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0074 rid_idx: 00000000 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0078 mapped_count: 00000001 [2007/12/06 22:24:23, 5] rpc_parse/parse_prs.c:prs_ntstatus(767) 007c status : NT_STATUS_OK [2007/12/06 22:24:23, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(362) fetch_cache_seqnum: timeout [DOMAIN][3120792 @ 1196976217] [2007/12/06 22:24:23, 3] nsswitch/winbindd_ads.c:sequence_number(1018) ads: fetch sequence_number for DOMAIN [2007/12/06 22:24:23, 10] nsswitch/winbindd_ads.c:ads_cached_connection(43) ads_cached_connection [2007/12/06 22:24:23, 7] nsswitch/winbindd_ads.c:ads_cached_connection(51) Current tickets expire at 1197010868, time is now 1196976263 [2007/12/06 22:24:23, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:24:23, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(400) store_cache_seqnum: success [DOMAIN][3120795 @ 1196976263] [2007/12/06 22:24:23, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459) refresh_sequence_number: DOMAIN seq number is now 3120795 [2007/12/06 22:24:23, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(764) wcache_save_name_to_sid: DOMAIN\INETUSER -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:24:23, 10] nsswitch/winbindd_cache.c:wcache_save_sid_to_name(787) wcache_save_sid_to_name: S-1-5-21-573177630-792016305-1830848205-1227 -> inetuser [2007/12/06 22:24:23, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1227] [2007/12/06 22:24:23, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:24:23, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1227 of type 0x2 [2007/12/06 22:24:23, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:24:23, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:24:23, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3000 [2007/12/06 22:24:23, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3000 -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:24:23, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3000] [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(79) group SID S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:24:23, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1665) lookup_groupmem: [Cached] - doing backend query for info for domain DOMAIN [2007/12/06 22:24:23, 10] nsswitch/winbindd_ads.c:lookup_groupmem(879) ads: lookup_groupmem DOMAIN sid=S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:24:23, 10] nsswitch/winbindd_ads.c:ads_cached_connection(43) ads_cached_connection [2007/12/06 22:24:23, 7] nsswitch/winbindd_ads.c:ads_cached_connection(51) Current tickets expire at 1197010868, time is now 1196976263 [2007/12/06 22:24:23, 10] nsswitch/winbindd_ads.c:lookup_groupmem(919) Searching for attrs[0] = member, attrs[1] = usnChanged [2007/12/06 22:24:23, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\1E\FF\29\22\B1\35\35\2F\CD\86\20\6D\CB\04\00\00) gave 1 replies [2007/12/06 22:24:23, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:24:23, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:24:23, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:24:23, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:24:23, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:24:23, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:24:23, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:24:23, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:24:23, 3] nsswitch/winbindd_ads.c:lookup_groupmem(1003) ads lookup_groupmem for sid=S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:24:23, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(430) refresh_sequence_number: DOMAIN time ok [2007/12/06 22:24:23, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459) refresh_sequence_number: DOMAIN seq number is now 3120795 [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(111) looked up 4 names [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) kids S-1-5-21-573177630-792016305-1830848205-1621 1 [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) karen S-1-5-21-573177630-792016305-1830848205-1127 1 [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) ab S-1-5-21-573177630-792016305-1830848205-1125 1 [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) guru S-1-5-21-573177630-792016305-1830848205-1112 1 [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name kids [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 5 = 5 [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name karen [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 6 = 11 [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name ab [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 3 = 14 [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name guru [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 5 = 19 [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name kids [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending kids at ndx 4 [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name karen [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending karen at ndx 5 [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name ab [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending ab at ndx 2 [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name guru [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending guru at ndx 4 [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(188) num_mem = 4, len = 19, mem = kids,karen,ab,guru [2007/12/06 22:24:23, 10] nsswitch/winbindd_group.c:fill_grent_mem(195) fill_grent_mem returning 1 [2007/12/06 22:25:53, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:25:53, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=64 [2007/12/06 22:27:45, 6] nsswitch/winbindd.c:new_connection(601) Third Example: --------------- "wbinfo -r" successfully recognises the addition of user "usera" to group "inetuser" 1) # wbinfo -r usera 3001 [2007/12/06 22:27:45, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:27:45, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:27:45, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) [ 0]: request interface version [2007/12/06 22:27:45, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/12/06 22:27:45, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) [ 0]: request location of privileged pipe [2007/12/06 22:27:45, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 22 [2007/12/06 22:27:45, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETGROUPS [2007/12/06 22:27:45, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1017) [ 0]: getgroups usera [2007/12/06 22:27:45, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:27:45, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:27:45, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=45 [2007/12/06 22:27:45, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:27:45, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 22:27:45, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1088) Expanding our own local groups [2007/12/06 22:27:45, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20540 [2007/12/06 22:27:45, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 22:27:45, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1098) Expanding our own BUILTIN groups [2007/12/06 22:27:45, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20541 [2007/12/06 22:27:45, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 22:27:45, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-513] [2007/12/06 22:27:45, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:27:45, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-513 of type 0x2 [2007/12/06 22:27:45, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-513 -> GID 3001 [2007/12/06 22:27:45, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-513 -> GID 3001 [2007/12/06 22:27:45, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3001 [2007/12/06 22:27:45, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3001 -> S-1-5-21-573177630-792016305-1830848205-513 [2007/12/06 22:27:45, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3001] [2007/12/06 22:28:51, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:28:51, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:28:51, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) 2) # getent group inetuser inetuser:x:3000:kids,karen,ab [2007/12/06 22:28:51, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:28:51, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:28:51, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) [ 0]: request interface version [2007/12/06 22:28:51, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/12/06 22:28:51, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) [ 0]: request location of privileged pipe [2007/12/06 22:28:51, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 22 [2007/12/06 22:28:51, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETGRNAM [2007/12/06 22:28:51, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(220) [ 0]: getgrnam inetuser [2007/12/06 22:28:51, 10] nsswitch/winbindd_cache.c:name_to_sid(1289) name_to_sid: [Cached] - doing backend query for name for domain DOMAIN [2007/12/06 22:28:51, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(257) rpc: name_to_sid name=DOMAIN\inetuser [2007/12/06 22:28:51, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(265) name_to_sid [rpc] DOMAIN\inetuser for domain DOMAIN [2007/12/06 22:28:51, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1567) init_q_lookup_names [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_lookup_names [2007/12/06 22:28:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0000 data1: 00000000 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0004 data2: caad6fba [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 data3: 1c36 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a data4: 4165 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8s(855) 000c data5: 88 f9 e7 83 e5 86 10 6b [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0014 num_entries : 00000001 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0018 num_entries2 : 00000001 [2007/12/06 22:28:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unihdr hdr_name [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 001c uni_str_len: 0028 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 001e uni_max_len: 0028 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0020 buffer : 00000001 [2007/12/06 22:28:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 dom_name [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0024 uni_max_len: 00000014 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0028 offset : 00000000 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 002c uni_str_len: 00000014 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940) 0030 buffer : D.A.T.A.S.Y.S.T.E.M.E.\.i.n.e.t.u.s.e.r. [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0058 num_trans_entries : 00000000 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 005c ptr_trans_sids : 00000000 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0060 lookup_level : 0001 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0064 mapped_count : 00000000 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 frag_len : 0098 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a auth_len : 0010 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c call_id : 0000000a [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 alloc_hint: 00000068 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 context_id: 0000 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0016 opnum : 000e [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000080 smb_io_rpc_hdr_auth hdr_auth [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0080 auth_type : 09 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0081 auth_level : 06 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0082 auth_pad_len : 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0083 auth_reserved: 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0084 auth_context_id: 00000001 [2007/12/06 22:28:51, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(249) ntlmssp_seal_data: seal [2007/12/06 22:28:51, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine ADS1 pipe \lsarpc fnum 0x17 [2007/12/06 22:28:51, 5] lib/util.c:show_msg(485) [2007/12/06 22:28:51, 5] lib/util.c:show_msg(495) size=234 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 -- [2007/12/06 22:28:51, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 98 00 10 00 0A 00 00 00 68 ........ .......h [020] 00 00 00 00 00 0E 00 7C 99 F5 F1 D9 19 93 5C F5 .......| .õñÙ..\õ [030] 2A 1F 2B 75 2E AF 98 28 1D 22 73 9E E8 F5 4C F4 *.+u.¯.( ."s.èõLô [040] 91 B7 64 0B 1D 07 AB F7 55 01 D4 43 04 1C 8B E3 .·d...«÷ U.ÔC...ã [050] D0 2A A8 3B 28 E0 37 FF 79 F9 B9 73 E5 21 53 7E Ð*š;(à7ÿ yù¹så!S~ -- [2007/12/06 22:28:51, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 26 [2007/12/06 22:28:51, 10] libsmb/smb_signing.c:client_sign_outgoing_message(348) client_sign_outgoing_message: sent SMB signature of [2007/12/06 22:28:51, 10] lib/util.c:dump_data(2222) [000] D1 3A AC C3 EC F6 CE 86 Ñ:¬ÃìöÎ. [2007/12/06 22:28:51, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 27 mid = 15 [2007/12/06 22:28:51, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,238) [2007/12/06 22:28:51, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,238) wrote 238 [2007/12/06 22:28:51, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 232 [2007/12/06 22:28:51, 5] lib/util.c:show_msg(485) [2007/12/06 22:28:51, 5] lib/util.c:show_msg(495) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 -- [2007/12/06 22:28:51, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 B0 00 10 00 0A 00 00 ........ .°...... [010] 00 80 00 00 00 00 00 00 00 AA C2 7B 6A 73 CA DA ........ .ªÂ{jsÊÚ [020] 4D 78 64 13 C6 4E 6B 6B 05 C1 C6 89 E8 72 5F 05 Mxd.ÆNkk .ÁÆ.èr_. [030] 18 7A 6C 06 43 09 3E FA A5 A3 91 33 24 15 02 A9 .zl.C.>ú ¥£.3$..© [040] B1 AA 30 A8 09 E7 5D CD 6C 43 B8 38 3B 75 6F 52 ±ª0š.ç]Í lCž8;uoR [050] 54 2B 2A 3E 52 A1 FD CD C8 CE 3E 11 C4 2A E5 4C T+*>R¡ýÍ ÈÎ>.Ä*åL -- [2007/12/06 22:28:51, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 27 mid = 15 [2007/12/06 22:28:51, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 27 [2007/12/06 22:28:51, 10] libsmb/smb_signing.c:client_check_incoming_message(428) client_check_incoming_message: seq 27: got good SMB signature of [2007/12/06 22:28:51, 10] lib/util.c:dump_data(2222) [000] D8 32 C6 F7 64 83 F9 2D Ø2Æ÷d.ù- [2007/12/06 22:28:51, 5] lib/util.c:show_msg(485) [2007/12/06 22:28:51, 5] lib/util.c:show_msg(495) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 -- [2007/12/06 22:28:51, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 B0 00 10 00 0A 00 00 ........ .°...... [010] 00 80 00 00 00 00 00 00 00 AA C2 7B 6A 73 CA DA ........ .ªÂ{jsÊÚ [020] 4D 78 64 13 C6 4E 6B 6B 05 C1 C6 89 E8 72 5F 05 Mxd.ÆNkk .ÁÆ.èr_. [030] 18 7A 6C 06 43 09 3E FA A5 A3 91 33 24 15 02 A9 .zl.C.>ú ¥£.3$..© [040] B1 AA 30 A8 09 E7 5D CD 6C 43 B8 38 3B 75 6F 52 ±ª0š.ç]Í lCž8;uoR [050] 54 2B 2A 3E 52 A1 FD CD C8 CE 3E 11 C4 2A E5 4C T+*>R¡ýÍ ÈÎ>.Ä*åL -- [2007/12/06 22:28:51, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 27 mid = 15 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 frag_len : 00b0 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a auth_len : 0010 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c call_id : 0000000a [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 alloc_hint: 00000080 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 context_id: 0000 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000098 smb_io_rpc_hdr_auth hdr_auth [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0098 auth_type : 09 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0099 auth_level : 06 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009a auth_pad_len : 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009b auth_reserved: 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 009c auth_context_id: 00000001 [2007/12/06 22:28:51, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(310) ntlmssp_unseal_data: seal [2007/12/06 22:28:51, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(223) ntlmssp_check_packet: NTLMSSP signature OK ! [2007/12/06 22:28:51, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 176, data_len 128, ss_len 0 [2007/12/06 22:28:51, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 176 at offset 0 [2007/12/06 22:28:51, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine ADS1 pipe \lsarpc fnum 0x17 returned 256 bytes. [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_lookup_names [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0000 ptr_dom_ref: 00020000 [2007/12/06 22:28:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_dom_r_ref [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0004 num_ref_doms_1: 00000001 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0008 ptr_ref_dom : 00020004 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c max_entries : 00000020 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 num_ref_doms_2: 00000001 [2007/12/06 22:28:51, 7] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unihdr dom_ref[0] [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 uni_str_len: 0016 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0016 uni_max_len: 0018 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0018 buffer : 00020008 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 001c sid_ptr[0] : 0002000c [2007/12/06 22:28:51, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_unistr2 dom_ref[0] [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0020 uni_max_len: 0000000c [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0024 offset : 00000000 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0028 uni_str_len: 0000000b [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940) 002c buffer : D.A.T.A.S.Y.S.T.E.M.E. [2007/12/06 22:28:51, 7] rpc_parse/parse_prs.c:prs_debug(84) 000044 smb_io_dom_sid2 sid_ptr[0] [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0044 num_auths: 00000004 [2007/12/06 22:28:51, 8] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_dom_sid sid [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0048 sid_rev_num: 01 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0049 num_auths : 04 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004a id_auth[0] : 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004b id_auth[1] : 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004c id_auth[2] : 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004d id_auth[3] : 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004e id_auth[4] : 00 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004f id_auth[5] : 05 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32s(995) 0050 sub_auths : 00000015 2229ff1e 2f3535b1 6d2086cd [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0060 num_entries: 00000001 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0064 ptr_entries: 00020010 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0068 num_entries2: 00000001 [2007/12/06 22:28:51, 6] rpc_parse/parse_prs.c:prs_debug(84) 00006c smb_io_dom_rid [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint16(679) 006c type : 0002 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0070 rid : 000004cb [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0074 rid_idx: 00000000 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0078 mapped_count: 00000001 [2007/12/06 22:28:51, 5] rpc_parse/parse_prs.c:prs_ntstatus(767) 007c status : NT_STATUS_OK [2007/12/06 22:28:51, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(362) fetch_cache_seqnum: timeout [DOMAIN][3120802 @ 1196976465] [2007/12/06 22:28:51, 3] nsswitch/winbindd_ads.c:sequence_number(1018) ads: fetch sequence_number for DOMAIN [2007/12/06 22:28:51, 10] nsswitch/winbindd_ads.c:ads_cached_connection(43) ads_cached_connection [2007/12/06 22:28:51, 7] nsswitch/winbindd_ads.c:ads_cached_connection(51) Current tickets expire at 1197010868, time is now 1196976531 [2007/12/06 22:28:51, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:28:51, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(400) store_cache_seqnum: success [DOMAIN][3120802 @ 1196976531] [2007/12/06 22:28:51, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459) refresh_sequence_number: DOMAIN seq number is now 3120802 [2007/12/06 22:28:51, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(764) wcache_save_name_to_sid: DOMAIN\INETUSER -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:28:51, 10] nsswitch/winbindd_cache.c:wcache_save_sid_to_name(787) wcache_save_sid_to_name: S-1-5-21-573177630-792016305-1830848205-1227 -> inetuser [2007/12/06 22:28:51, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1227] [2007/12/06 22:28:51, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:28:51, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1227 of type 0x2 [2007/12/06 22:28:51, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:28:51, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:28:51, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3000 [2007/12/06 22:28:51, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3000 -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:28:51, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3000] [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(79) group SID S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:28:51, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1665) lookup_groupmem: [Cached] - doing backend query for info for domain DOMAIN [2007/12/06 22:28:51, 10] nsswitch/winbindd_ads.c:lookup_groupmem(879) ads: lookup_groupmem DOMAIN sid=S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:28:51, 10] nsswitch/winbindd_ads.c:ads_cached_connection(43) ads_cached_connection [2007/12/06 22:28:51, 7] nsswitch/winbindd_ads.c:ads_cached_connection(51) Current tickets expire at 1197010868, time is now 1196976531 [2007/12/06 22:28:51, 10] nsswitch/winbindd_ads.c:lookup_groupmem(919) Searching for attrs[0] = member, attrs[1] = usnChanged [2007/12/06 22:28:51, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\1E\FF\29\22\B1\35\35\2F\CD\86\20\6D\CB\04\00\00) gave 1 replies [2007/12/06 22:28:51, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:28:51, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:28:51, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:28:51, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:28:51, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:28:51, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:28:51, 3] nsswitch/winbindd_ads.c:lookup_groupmem(1003) ads lookup_groupmem for sid=S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:28:51, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(430) refresh_sequence_number: DOMAIN time ok [2007/12/06 22:28:51, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459) refresh_sequence_number: DOMAIN seq number is now 3120802 [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(111) looked up 3 names [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) kids S-1-5-21-573177630-792016305-1830848205-1621 1 [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) karen S-1-5-21-573177630-792016305-1830848205-1127 1 [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) ab S-1-5-21-573177630-792016305-1830848205-1125 1 [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name kids [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 5 = 5 [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name karen [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 6 = 11 [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name ab [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 3 = 14 [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name kids [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending kids at ndx 4 [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name karen [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending karen at ndx 5 [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name ab [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending ab at ndx 2 [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(188) num_mem = 3, len = 14, mem = kids,karen,ab [2007/12/06 22:28:51, 10] nsswitch/winbindd_group.c:fill_grent_mem(195) fill_grent_mem returning 1 [2007/12/06 22:30:26, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:30:26, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:30:26, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) 3) Add "usera" to group "inetuser" on ADS 4) # wbinfo -r usera 3001 3000 [2007/12/06 22:30:26, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:30:26, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:30:26, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) [ 0]: request interface version [2007/12/06 22:30:26, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/12/06 22:30:26, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) [ 0]: request location of privileged pipe [2007/12/06 22:30:26, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 22 [2007/12/06 22:30:26, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETGROUPS [2007/12/06 22:30:26, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1017) [ 0]: getgroups usera [2007/12/06 22:30:26, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:30:26, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:30:26, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=90 [2007/12/06 22:30:26, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:30:26, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 22:30:26, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1088) Expanding our own local groups [2007/12/06 22:30:26, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20540 [2007/12/06 22:30:26, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 22:30:26, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1098) Expanding our own BUILTIN groups [2007/12/06 22:30:26, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20541 [2007/12/06 22:30:26, 10] nsswitch/winbindd_async.c:getsidaliases_recv(839) getsidaliases return 0 SIDs [2007/12/06 22:30:26, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-513] [2007/12/06 22:30:26, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:30:26, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-513 of type 0x2 [2007/12/06 22:30:26, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-513 -> GID 3001 [2007/12/06 22:30:26, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-513 -> GID 3001 [2007/12/06 22:30:26, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3001 [2007/12/06 22:30:26, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3001 -> S-1-5-21-573177630-792016305-1830848205-513 [2007/12/06 22:30:26, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3001] [2007/12/06 22:30:26, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1227] [2007/12/06 22:30:26, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:30:26, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1227 of type 0x2 [2007/12/06 22:30:26, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:30:26, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:30:26, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3000 [2007/12/06 22:30:26, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3000 -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:30:26, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3000] [2007/12/06 22:30:56, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:30:56, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=64 [2007/12/06 22:31:47, 6] nsswitch/winbindd.c:new_connection(601) 5) # getent group inetuser inetuser:x:3000:kids,usera,karen,ab [2007/12/06 22:31:47, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 18 [2007/12/06 22:31:47, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn INTERFACE_VERSION [2007/12/06 22:31:47, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483) [ 0]: request interface version [2007/12/06 22:31:47, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2007/12/06 22:31:47, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516) [ 0]: request location of privileged pipe [2007/12/06 22:31:47, 6] nsswitch/winbindd.c:new_connection(601) accepted socket 22 [2007/12/06 22:31:47, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETGRNAM [2007/12/06 22:31:47, 3] nsswitch/winbindd_group.c:winbindd_getgrnam(220) [ 0]: getgrnam inetuser [2007/12/06 22:31:47, 10] nsswitch/winbindd_cache.c:name_to_sid(1289) name_to_sid: [Cached] - doing backend query for name for domain DOMAIN [2007/12/06 22:31:47, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(257) rpc: name_to_sid name=DOMAIN\inetuser [2007/12/06 22:31:47, 3] nsswitch/winbindd_rpc.c:msrpc_name_to_sid(265) name_to_sid [rpc] DOMAIN\inetuser for domain DOMAIN [2007/12/06 22:31:47, 5] rpc_parse/parse_lsa.c:init_q_lookup_names(1567) init_q_lookup_names [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_q_lookup_names [2007/12/06 22:31:47, 6] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_pol_hnd [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0000 data1: 00000000 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0004 data2: caad6fba [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 data3: 1c36 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a data4: 4165 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8s(855) 000c data5: 88 f9 e7 83 e5 86 10 6b [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0014 num_entries : 00000001 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0018 num_entries2 : 00000001 [2007/12/06 22:31:47, 6] rpc_parse/parse_prs.c:prs_debug(84) 00001c smb_io_unihdr hdr_name [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 001c uni_str_len: 0028 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 001e uni_max_len: 0028 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0020 buffer : 00000001 [2007/12/06 22:31:47, 6] rpc_parse/parse_prs.c:prs_debug(84) 000024 smb_io_unistr2 dom_name [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0024 uni_max_len: 00000014 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0028 offset : 00000000 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 002c uni_str_len: 00000014 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940) 0030 buffer : D.A.T.A.S.Y.S.T.E.M.E.\.i.n.e.t.u.s.e.r. [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0058 num_trans_entries : 00000000 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 005c ptr_trans_sids : 00000000 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0060 lookup_level : 0001 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0064 mapped_count : 00000000 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr hdr [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 frag_len : 0098 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a auth_len : 0010 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c call_id : 0000000b [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_req hdr_req [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 alloc_hint: 00000068 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 context_id: 0000 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0016 opnum : 000e [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_debug(84) 000080 smb_io_rpc_hdr_auth hdr_auth [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0080 auth_type : 09 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0081 auth_level : 06 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0082 auth_pad_len : 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0083 auth_reserved: 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0084 auth_context_id: 00000001 [2007/12/06 22:31:47, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(249) ntlmssp_seal_data: seal [2007/12/06 22:31:47, 5] rpc_client/cli_pipe.c:rpc_api_pipe(770) rpc_api_pipe: Remote machine ADS1 pipe \lsarpc fnum 0x17 [2007/12/06 22:31:47, 5] lib/util.c:show_msg(485) [2007/12/06 22:31:47, 5] lib/util.c:show_msg(495) size=234 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 -- [2007/12/06 22:31:47, 10] lib/util.c:dump_data(2222) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 98 00 10 00 0B 00 00 00 68 ........ .......h [020] 00 00 00 00 00 0E 00 F6 5D 86 91 71 68 06 5C 95 .......ö ]..qh.\. [030] 32 3D 72 C6 53 95 05 DB 40 9B 92 64 59 F4 A4 5A 2=rÆS..Û @..dYô€Z [040] 82 E8 65 FD 08 6D B1 B8 8A 6D 6F CB 74 CA DA E6 .èeý.m±ž .moËtÊÚæ [050] 26 AE A9 D3 8B 2A 8D 9B 8D 83 CA 63 29 7B 97 5B &®©Ó.*.. ..Êc){.[ -- [2007/12/06 22:31:47, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 28 [2007/12/06 22:31:47, 10] libsmb/smb_signing.c:client_sign_outgoing_message(348) client_sign_outgoing_message: sent SMB signature of [2007/12/06 22:31:47, 10] lib/util.c:dump_data(2222) [000] DF ED 74 17 0F F9 29 41 ßít..ù)A [2007/12/06 22:31:47, 10] libsmb/smb_signing.c:store_sequence_for_reply(68) store_sequence_for_reply: stored seq = 29 mid = 16 [2007/12/06 22:31:47, 6] libsmb/clientgen.c:write_socket(132) write_socket(17,238) [2007/12/06 22:31:47, 6] libsmb/clientgen.c:write_socket(135) write_socket(17,238) wrote 238 [2007/12/06 22:31:47, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) got smb length of 232 [2007/12/06 22:31:47, 5] lib/util.c:show_msg(485) [2007/12/06 22:31:47, 5] lib/util.c:show_msg(495) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 -- [2007/12/06 22:31:47, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 B0 00 10 00 0B 00 00 ........ .°...... [010] 00 80 00 00 00 00 00 00 00 5F AD B6 ED CD B0 04 ........ ._­¶íÍ°. [020] 9C FD 70 E6 53 80 7F 22 0D 82 A6 63 7B 48 3D 53 .ýpæS.." ..Šc{H=S [030] FB 03 2E 61 05 8D 44 21 8F 3A 5B 8E F0 E2 11 CA û..a..D! .:[.ðâ.Ê [040] 75 ED B0 55 B1 83 2B C4 F7 58 CE A6 2B D2 BA 66 uí°U±.+Ä ÷XΊ+Òºf [050] 79 63 30 A1 F7 7C E3 B0 F7 62 77 97 FD 3F 32 6C yc0¡÷|ã° ÷bw.ý?2l -- [2007/12/06 22:31:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 29 mid = 16 [2007/12/06 22:31:47, 10] libsmb/smb_signing.c:simple_packet_signature(283) simple_packet_signature: sequence number 29 [2007/12/06 22:31:47, 10] libsmb/smb_signing.c:client_check_incoming_message(428) client_check_incoming_message: seq 29: got good SMB signature of [2007/12/06 22:31:47, 10] lib/util.c:dump_data(2222) [000] 64 FE 72 3E D7 DF 77 1F dþr>×ßw. [2007/12/06 22:31:47, 5] lib/util.c:show_msg(485) [2007/12/06 22:31:47, 5] lib/util.c:show_msg(495) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 -- [2007/12/06 22:31:47, 10] lib/util.c:dump_data(2222) [000] 00 05 00 02 03 10 00 00 00 B0 00 10 00 0B 00 00 ........ .°...... [010] 00 80 00 00 00 00 00 00 00 5F AD B6 ED CD B0 04 ........ ._­¶íÍ°. [020] 9C FD 70 E6 53 80 7F 22 0D 82 A6 63 7B 48 3D 53 .ýpæS.." ..Šc{H=S [030] FB 03 2E 61 05 8D 44 21 8F 3A 5B 8E F0 E2 11 CA û..a..D! .:[.ðâ.Ê [040] 75 ED B0 55 B1 83 2B C4 F7 58 CE A6 2B D2 BA 66 uí°U±.+Ä ÷XΊ+Òºf [050] 79 63 30 A1 F7 7C E3 B0 F7 62 77 97 FD 3F 32 6C yc0¡÷|ã° ÷bw.ý?2l -- [2007/12/06 22:31:47, 10] libsmb/smb_signing.c:get_sequence_for_reply(81) get_sequence_for_reply: found seq = 29 mid = 16 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 smb_io_rpc_hdr rpc_hdr [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0000 major : 05 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0001 minor : 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0002 pkt_type : 02 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0003 flags : 03 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0004 pack_type0: 10 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0005 pack_type1: 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0006 pack_type2: 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0007 pack_type3: 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0008 frag_len : 00b0 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 000a auth_len : 0010 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c call_id : 0000000b [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_debug(84) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 alloc_hint: 00000080 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 context_id: 0000 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0016 cancel_ct : 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0017 reserved : 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_debug(84) 000098 smb_io_rpc_hdr_auth hdr_auth [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0098 auth_type : 09 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0099 auth_level : 06 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009a auth_pad_len : 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 009b auth_reserved: 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 009c auth_context_id: 00000001 [2007/12/06 22:31:47, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(310) ntlmssp_unseal_data: seal [2007/12/06 22:31:47, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(223) ntlmssp_check_packet: NTLMSSP signature OK ! [2007/12/06 22:31:47, 10] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(577) cli_pipe_validate_current_pdu: got pdu len 176, data_len 128, ss_len 0 [2007/12/06 22:31:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843) rpc_api_pipe: got PDU len of 176 at offset 0 [2007/12/06 22:31:47, 10] rpc_client/cli_pipe.c:rpc_api_pipe(894) rpc_api_pipe: Remote machine ADS1 pipe \lsarpc fnum 0x17 returned 256 bytes. [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 lsa_io_r_lookup_names [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0000 ptr_dom_ref: 00020000 [2007/12/06 22:31:47, 6] rpc_parse/parse_prs.c:prs_debug(84) 000004 lsa_io_dom_r_ref [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0004 num_ref_doms_1: 00000001 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0008 ptr_ref_dom : 00020004 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 000c max_entries : 00000020 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0010 num_ref_doms_2: 00000001 [2007/12/06 22:31:47, 7] rpc_parse/parse_prs.c:prs_debug(84) 000014 smb_io_unihdr dom_ref[0] [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0014 uni_str_len: 0016 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 0016 uni_max_len: 0018 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0018 buffer : 00020008 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 001c sid_ptr[0] : 0002000c [2007/12/06 22:31:47, 7] rpc_parse/parse_prs.c:prs_debug(84) 000020 smb_io_unistr2 dom_ref[0] [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0020 uni_max_len: 0000000c [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0024 offset : 00000000 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0028 uni_str_len: 0000000b [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:dbg_rw_punival(940) 002c buffer : D.A.T.A.S.Y.S.T.E.M.E. [2007/12/06 22:31:47, 7] rpc_parse/parse_prs.c:prs_debug(84) 000044 smb_io_dom_sid2 sid_ptr[0] [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0044 num_auths: 00000004 [2007/12/06 22:31:47, 8] rpc_parse/parse_prs.c:prs_debug(84) 000048 smb_io_dom_sid sid [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0048 sid_rev_num: 01 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 0049 num_auths : 04 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004a id_auth[0] : 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004b id_auth[1] : 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004c id_auth[2] : 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004d id_auth[3] : 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004e id_auth[4] : 00 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint8(615) 004f id_auth[5] : 05 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32s(995) 0050 sub_auths : 00000015 2229ff1e 2f3535b1 6d2086cd [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0060 num_entries: 00000001 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0064 ptr_entries: 00020010 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0068 num_entries2: 00000001 [2007/12/06 22:31:47, 6] rpc_parse/parse_prs.c:prs_debug(84) 00006c smb_io_dom_rid [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint16(679) 006c type : 0002 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0070 rid : 000004cb [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0074 rid_idx: 00000000 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_uint32(708) 0078 mapped_count: 00000001 [2007/12/06 22:31:47, 5] rpc_parse/parse_prs.c:prs_ntstatus(767) 007c status : NT_STATUS_OK [2007/12/06 22:31:47, 10] nsswitch/winbindd_cache.c:fetch_cache_seqnum(362) fetch_cache_seqnum: timeout [DOMAIN][3120807 @ 1196976656] [2007/12/06 22:31:47, 3] nsswitch/winbindd_ads.c:sequence_number(1018) ads: fetch sequence_number for DOMAIN [2007/12/06 22:31:47, 10] nsswitch/winbindd_ads.c:ads_cached_connection(43) ads_cached_connection [2007/12/06 22:31:47, 7] nsswitch/winbindd_ads.c:ads_cached_connection(51) Current tickets expire at 1197010868, time is now 1196976707 [2007/12/06 22:31:47, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:31:47, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(400) store_cache_seqnum: success [DOMAIN][3120807 @ 1196976707] [2007/12/06 22:31:47, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459) refresh_sequence_number: DOMAIN seq number is now 3120807 [2007/12/06 22:31:47, 10] nsswitch/winbindd_cache.c:wcache_save_name_to_sid(764) wcache_save_name_to_sid: DOMAIN\INETUSER -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:31:47, 10] nsswitch/winbindd_cache.c:wcache_save_sid_to_name(787) wcache_save_sid_to_name: S-1-5-21-573177630-792016305-1830848205-1227 -> inetuser [2007/12/06 22:31:47, 10] sam/idmap_util.c:idmap_sid_to_gid(99) sid_to_gid: sid = [S-1-5-21-573177630-792016305-1830848205-1227] [2007/12/06 22:31:47, 10] sam/idmap_tdb.c:db_get_id_from_sid(277) db_get_id_from_sid [2007/12/06 22:31:47, 10] sam/idmap_tdb.c:internal_get_id_from_sid(183) internal_get_id_from_sid: fetching record S-1-5-21-573177630-792016305-1830848205-1227 of type 0x2 [2007/12/06 22:31:47, 10] sam/idmap_tdb.c:internal_get_id_from_sid(190) internal_get_id_from_sid: record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:31:47, 10] sam/idmap_tdb.c:internal_get_id_from_sid(224) internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-573177630-792016305-1830848205-1227 -> GID 3000 [2007/12/06 22:31:47, 10] sam/idmap_tdb.c:internal_get_sid_from_id(152) internal_get_sid_from_id: fetching record GID 3000 [2007/12/06 22:31:47, 10] sam/idmap_tdb.c:internal_get_sid_from_id(158) internal_get_sid_from_id: fetching record GID 3000 -> S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:31:47, 10] sam/idmap_util.c:idmap_sid_to_gid(107) idmap_sid_to_gid: gid = [3000] [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(79) group SID S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:31:47, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1665) lookup_groupmem: [Cached] - doing backend query for info for domain DOMAIN [2007/12/06 22:31:47, 10] nsswitch/winbindd_ads.c:lookup_groupmem(879) ads: lookup_groupmem DOMAIN sid=S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:31:47, 10] nsswitch/winbindd_ads.c:ads_cached_connection(43) ads_cached_connection [2007/12/06 22:31:47, 7] nsswitch/winbindd_ads.c:ads_cached_connection(51) Current tickets expire at 1197010868, time is now 1196976707 [2007/12/06 22:31:47, 10] nsswitch/winbindd_ads.c:lookup_groupmem(919) Searching for attrs[0] = member, attrs[1] = usnChanged [2007/12/06 22:31:47, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\1E\FF\29\22\B1\35\35\2F\CD\86\20\6D\CB\04\00\00) gave 1 replies [2007/12/06 22:31:47, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:31:47, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:31:47, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:31:47, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:31:47, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:31:47, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:31:47, 3] nsswitch/winbindd_ads.c:dn_lookup(421) ads: dn_lookup [2007/12/06 22:31:47, 5] libads/ldap_utils.c:ads_do_search_retry_internal(63) Search for (objectclass=*) gave 1 replies [2007/12/06 22:31:47, 3] nsswitch/winbindd_ads.c:lookup_groupmem(1003) ads lookup_groupmem for sid=S-1-5-21-573177630-792016305-1830848205-1227 [2007/12/06 22:31:47, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(430) refresh_sequence_number: DOMAIN time ok [2007/12/06 22:31:47, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(459) refresh_sequence_number: DOMAIN seq number is now 3120807 [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(111) looked up 4 names [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) kids S-1-5-21-573177630-792016305-1830848205-1621 1 [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) UserA S-1-5-21-573177630-792016305-1830848205-1235 1 [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) karen S-1-5-21-573177630-792016305-1830848205-1127 1 [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(117) ab S-1-5-21-573177630-792016305-1830848205-1125 1 [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name kids [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 5 = 5 [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name UserA [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 6 = 11 [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name karen [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 6 = 17 [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name ab [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(158) buf_len + 3 = 20 [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name kids [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending kids at ndx 4 [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name UserA [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending usera at ndx 5 [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name karen [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending karen at ndx 5 [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(134) processing name ab [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(160) appending ab at ndx 2 [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(188) num_mem = 4, len = 20, mem = kids,usera,karen,ab [2007/12/06 22:31:47, 10] nsswitch/winbindd_group.c:fill_grent_mem(195) fill_grent_mem returning 1 [2007/12/06 22:36:17, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2006) Retrieving response for pid 20530 [2007/12/06 22:36:17, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2028) Retrieving extra data length=64 [2007/12/06 22:39:12, 6] nsswitch/winbindd.c:new_connection(601)