[2009/03/10 11:50:57, 2] lib/interface.c:add_interface(337) added interface eth0 ip=fe80::20b:cdff:fef2:f15%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2009/03/10 11:50:57, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.60.3 bcast=192.168.60.255 netmask=255.255.255.0 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 16 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 16 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 16384 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 16 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 16 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 16384 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2009/03/10 11:50:57, 5] auth/auth_util.c:make_user_info_map(206) make_user_info_map: Mapping user [RK_KLBG]\[MONSTER$] from workstation [MONSTER] [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] auth/auth_util.c:is_trusted_domain(2055) is_trusted_domain: Checking for domain trust with [RK_KLBG] [2009/03/10 11:50:57, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823) ldapsam_get_trusteddom_pw called for domain RK_KLBG [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [sambaDomainName=RK_KLBG,sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=RK_KLBG))], scope => [2] [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_close(1103) The connection to the LDAP server was closed [2009/03/10 11:50:57, 10] lib/smbldap.c:smb_ldap_setup_conn(616) smb_ldap_setup_connection: ldap://ldap-master.intern.rk-klosterneuburg.at/ [2009/03/10 11:50:57, 2] lib/smbldap.c:smbldap_open_connection(796) smbldap_open_connection: connection opened [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_connect_system(961) ldap_connect_system: Binding to ldap server ldap://ldap-master.intern.rk-klosterneuburg.at/ as "cn=Manager,dc=rk-klbg,dc=at" [2009/03/10 11:50:57, 3] lib/smbldap.c:smbldap_connect_system(1007) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2009/03/10 11:50:57, 10] lib/events.c:event_add_timed(130) Added timed event "smbldap_idle_fn": 1697898 [2009/03/10 11:50:57, 4] lib/smbldap.c:smbldap_open(1083) The LDAP server is successfully connected [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_search_ext(1264) Failed search for base: sambaDomainName=RK_KLBG,sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at, error: 32 (No such object) (unknown) [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(194) Cache entry with key = TDOM/RK_KLBG couldn't be found [2009/03/10 11:50:57, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183) no entry for trusted domain RK_KLBG found. [2009/03/10 11:50:57, 5] auth/auth_util.c:make_user_info(120) attempting to make a user_info for MONSTER$ (MONSTER$) [2009/03/10 11:50:57, 5] auth/auth_util.c:make_user_info(130) making strings for MONSTER$'s user_info struct [2009/03/10 11:50:57, 5] auth/auth_util.c:make_user_info(162) making blobs for MONSTER$'s user_info struct [2009/03/10 11:50:57, 10] auth/auth_util.c:make_user_info(180) made an encrypted user_info for MONSTER$ (MONSTER$) [2009/03/10 11:50:57, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [RK_KLBG]\[MONSTER$]@[MONSTER] with the new password interface [2009/03/10 11:50:57, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [RK_KLBG]\[MONSTER$]@[MONSTER] [2009/03/10 11:50:57, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2009/03/10 11:50:57, 10] auth/auth.c:check_ntlm_password(234) challenge is: [2009/03/10 11:50:57, 5] lib/util.c:dump_data(2230) [000] 55 85 F5 0A B9 38 9B 33 U.õ.¹8.3 [2009/03/10 11:50:57, 10] auth/auth.c:check_ntlm_password(260) check_ntlm_password: guest had nothing to say [2009/03/10 11:50:57, 8] lib/util.c:is_myname(2105) is_myname("RK_KLBG") returns 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(uid=MONSTER$)(objectclass=sambaSamAccount))], scope => [2] [2009/03/10 11:50:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: monster$ [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username monster$, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username monster$, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\monster_, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning expired cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:50:57 2009 [2009/03/10 11:50:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845) ldapsam_get_account_policy_from_ldap [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at], filter => [(objectclass=*)], scope => [0] [2009/03/10 11:50:57, 10] lib/account_pol.c:cache_account_policy_set(395) cache_account_policy_set: updating account pol cache [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = ACCT_POL/password history; value = 0 and timeout = Tue Mar 10 11:51:57 2009 (60 seconds ahead) [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2009/03/10 11:50:57, 5] passdb/login_cache.c:login_cache_init(40) Opening cache file at /var/lib/samba/login_cache.tdb [2009/03/10 11:50:57, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user monster$ [2009/03/10 11:50:57, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2009/03/10 11:50:57, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning expired cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Mar 10 11:50:57 2009 [2009/03/10 11:50:57, 10] passdb/pdb_ldap.c:ldapsam_get_account_policy_from_ldap(3845) ldapsam_get_account_policy_from_ldap [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at], filter => [(objectclass=*)], scope => [0] [2009/03/10 11:50:57, 10] lib/account_pol.c:cache_account_policy_set(395) cache_account_policy_set: updating account pol cache [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_set(131) Adding cache entry with key = ACCT_POL/maximum password age; value = 4294967295 and timeout = Tue Mar 10 11:51:57 2009 (60 seconds ahead) [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user monster$ [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is monster$ [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [monster$]! [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2009/03/10 11:50:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 515 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_sid(950) lookup_sid called for SID 'S-1-5-21-181998944-1107627502-2274996074-515' [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:check_dom_sid_to_level(705) Accepting SID S-1-5-21-181998944-1107627502-2274996074 in level 1 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_rids(468) lookup_rids called for domain sid 'S-1-5-21-181998944-1107627502-2274996074' [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Users,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-515)))], scope => [2] [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-515)))], scope => [2] [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_sid(985) Sid S-1-5-21-181998944-1107627502-2274996074-515 -> RK_KLBG\Domain Computers(2) [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username monster$, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username monster$, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\monster_, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:50:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 from rid 3912 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 4] libsmb/ntlm_check.c:ntlm_password_check(328) ntlm_password_check: Checking NT MD4 password [2009/03/10 11:50:57, 4] auth/auth_sam.c:sam_account_ok(137) sam_account_ok: Checking SMB password for user monster$ [2009/03/10 11:50:57, 5] auth/auth_sam.c:logon_hours_ok(119) logon_hours_ok: user monster$ allowed to logon at this time (Tue Mar 10 10:50:57 2009 ) [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(uid=monster$))], scope => [2] [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=posixGroup)(|(memberUid=monster$)(gidNumber=515)))], scope => [2] [2009/03/10 11:50:57, 5] auth/auth_util.c:make_server_info_sam(650) make_server_info_sam: made server info for user monster$ -> monster$ [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: sam authentication for user [MONSTER$] succeeded [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 5] auth/auth.c:check_ntlm_password(295) check_ntlm_password: PAM Account for user [monster$] succeeded [2009/03/10 11:50:57, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [MONSTER$] -> [MONSTER$] -> [monster$] succeeded [2009/03/10 11:50:57, 5] auth/auth_util.c:free_user_info(1985) attempting to free (and zero) a user_info structure [2009/03/10 11:50:57, 10] auth/auth_util.c:free_user_info(1989) structure was created for MONSTER$ [2009/03/10 11:50:57, 10] auth/token_util.c:create_local_nt_token(304) Create local NT token for S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-544 -> gid 804 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-545 -> gid 100 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-3912)(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-515)))], scope => [2] [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-3912)(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-515)))], scope => [2] [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-181998944-1107627502-2274996074-3912] [2009/03/10 11:50:57, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-181998944-1107627502-2274996074-515] [2009/03/10 11:50:57, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:50:57, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2009/03/10 11:50:57, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-11] [2009/03/10 11:50:57, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-22-2-515] [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-181998944-1107627502-2274996074-515 -> gid 515 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-1-0 [2009/03/10 11:50:57, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-1-0 to gid, ignoring it [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-2 [2009/03/10 11:50:57, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-5-2 to gid, ignoring it [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-11 [2009/03/10 11:50:57, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-5-11 to gid, ignoring it [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:sid_to_gid(1413) sid S-1-22-2-515 -> gid 515 [2009/03/10 11:50:57, 10] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:50:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2009/03/10 11:50:57, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(811) ntlmssp_server_auth: Created NTLM2 session key. [2009/03/10 11:50:57, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2009/03/10 11:50:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/03/10 11:50:57, 10] smbd/password.c:register_existing_vuid(316) register_existing_vuid: (1456,515) monster$ MONSTER$ RK_KLBG guest=0 [2009/03/10 11:50:57, 3] smbd/password.c:register_existing_vuid(320) register_existing_vuid: User name: monster$ Real name: Computer [2009/03/10 11:50:57, 3] smbd/password.c:register_existing_vuid(332) register_existing_vuid: UNIX uid 1456 is UNIX user monster$, and will be vuid 100 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 49442F31343330312F31 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x175f420 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 49442F31343330312F31 [2009/03/10 11:50:57, 7] param/loadparm.c:lp_servicenumber(9002) lp_servicenumber: couldn't find monster$ [2009/03/10 11:50:57, 3] smbd/password.c:register_existing_vuid(353) Adding homes service for user 'monster$' using home directory: '/dev/null' [2009/03/10 11:50:57, 8] param/loadparm.c:add_a_service(5760) add_a_service: Creating snum = 18 for monster$ [2009/03/10 11:50:57, 10] param/loadparm.c:hash_a_service(5807) hash_a_service: hashing index 18 for service name monster$ [2009/03/10 11:50:57, 3] param/loadparm.c:lp_add_home(5856) adding home's share [monster$] for user 'monster$' at '/dev/null' [2009/03/10 11:50:57, 6] param/loadparm.c:lp_file_list_changed(6699) lp_file_list_changed() file /etc/samba/smb-%m.conf -> /etc/samba/smb-monster.conf last mod_time: Tue Mar 10 11:49:02 2009 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Mar 10 10:39:07 2009 [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=128 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=10199 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=85 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ¡.0. ... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 32 00 2E 00 38 00 2D 00 30 00 2E 00 32 ...2...8 .-.0...2 [030] 00 36 00 6C 00 65 00 6F 00 2E 00 66 00 63 00 31 .6.l.e.o ...f.c.1 [040] 00 30 00 00 00 52 00 4B 00 5F 00 4B 00 4C 00 42 .0...R.K ._.K.L.B [050] 00 47 00 00 00 .G... [2009/03/10 11:50:57, 5] printing/print_cups.c:cups_async_callback(415) cups_async_callback: callback received for printer data. fd = 20 [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 74 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x4a [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 3 of length 78 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=74 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=10199 smb_uid=100 smb_mid=4 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=31 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 5C 00 53 00 41 00 4D 00 42 00 41 00 5C .\.\.S.A .M.B.A.\ [010] 00 49 00 50 00 43 00 24 00 00 00 49 50 43 00 .I.P.C.$ ...IPC. [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtconX (pid 14301) conn 0x0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:50:57, 4] smbd/reply.c:reply_tcon_and_X(687) Client requested device type [IPC] for share [IPC$] [2009/03/10 11:50:57, 5] smbd/service.c:make_connection(1380) making a connection to 'normal' service ipc$ [2009/03/10 11:50:57, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user monster$ [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user monster$ [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is monster$ [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [monster$]! [2009/03/10 11:50:57, 10] smbd/service.c:set_conn_connectpath(157) set_conn_connectpath: service IPC$, connectpath = /tmp [2009/03/10 11:50:57, 3] smbd/service.c:make_connection_snum(940) Connect path is '/tmp' for service [IPC$] [2009/03/10 11:50:57, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2009/03/10 11:50:57, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-181998944-1107627502-2274996074-3912. [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(249) [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-181998944-1107627502-2274996074-3912 se_access_check: also S-1-5-21-181998944-1107627502-2274996074-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-515 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2009/03/10 11:50:57, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2009/03/10 11:50:57, 3] smbd/vfs.c:vfs_init_default(96) Initialising default vfs hooks [2009/03/10 11:50:57, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend '/[Default VFS]/' [2009/03/10 11:50:57, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for posixacl [2009/03/10 11:50:57, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend 'posixacl' [2009/03/10 11:50:57, 3] smbd/vfs.c:vfs_init_custom(130) Initialising custom vfs hooks from [/[Default VFS]/] [2009/03/10 11:50:57, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/connection.c:claim_connection(142) claiming [IPC$] [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key DD370000010000004950 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x175a608 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key DD370000010000004950 [2009/03/10 11:50:57, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user monster$ [2009/03/10 11:50:57, 10] smbd/share_access.c:is_share_read_only_for_token(275) is_share_read_only_for_user: share IPC$ is read-only for unix user monster$ [2009/03/10 11:50:57, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2009/03/10 11:50:57, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-181998944-1107627502-2274996074-3912. [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(249) [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-181998944-1107627502-2274996074-3912 se_access_check: also S-1-5-21-181998944-1107627502-2274996074-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-515 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2009/03/10 11:50:57, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (1) granted. [2009/03/10 11:50:57, 3] lib/util_sid.c:string_to_sid(228) string_to_sid: Sid smbadmin does not start with 'S-'. [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_name(69) lookup_name: RK_KLBG\smbadmin => RK_KLBG (domain), smbadmin (name) [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_name(70) lookup_name: flags = 0x073 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(uid=smbadmin)(objectclass=sambaSamAccount))], scope => [2] [2009/03/10 11:50:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: smbadmin [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute displayName does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name smbadmin, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\smbadmin, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2009/03/10 11:50:57, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user smbadmin [2009/03/10 11:50:57, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2009/03/10 11:50:57, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user smbadmin [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is smbadmin [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [smbadmin]! [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=800))], scope => [2] [2009/03/10 11:50:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 800 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_sid(950) lookup_sid called for SID 'S-1-5-21-181998944-1107627502-2274996074-512' [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:check_dom_sid_to_level(705) Accepting SID S-1-5-21-181998944-1107627502-2274996074 in level 1 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_rids(468) lookup_rids called for domain sid 'S-1-5-21-181998944-1107627502-2274996074' [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Users,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-512)))], scope => [2] [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-512)))], scope => [2] [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_sid(985) Sid S-1-5-21-181998944-1107627502-2274996074-512 -> RK_KLBG\Domain Admins(2) [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:50:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 from rid 3022 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] lib/util_sid.c:string_to_sid(228) string_to_sid: Sid RK_KLBG\smbadmin does not start with 'S-'. [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_name(69) lookup_name: RK_KLBG\smbadmin => RK_KLBG (domain), smbadmin (name) [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_name(70) lookup_name: flags = 0x073 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(uid=smbadmin)(objectclass=sambaSamAccount))], scope => [2] [2009/03/10 11:50:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: smbadmin [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute displayName does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name smbadmin, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\smbadmin, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2009/03/10 11:50:57, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user smbadmin [2009/03/10 11:50:57, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2009/03/10 11:50:57, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user smbadmin [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is smbadmin [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [smbadmin]! [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=800))], scope => [2] [2009/03/10 11:50:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 800 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_sid(950) lookup_sid called for SID 'S-1-5-21-181998944-1107627502-2274996074-512' [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:check_dom_sid_to_level(705) Accepting SID S-1-5-21-181998944-1107627502-2274996074 in level 1 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_rids(468) lookup_rids called for domain sid 'S-1-5-21-181998944-1107627502-2274996074' [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Users,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-512)))], scope => [2] [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-512)))], scope => [2] [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_sid(985) Sid S-1-5-21-181998944-1107627502-2274996074-512 -> RK_KLBG\Domain Admins(2) [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:50:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 from rid 3022 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 1456 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2009/03/10 11:50:57, 5] smbd/uid.c:change_to_user(322) change_to_user uid=(0,1456) gid=(0,515) [2009/03/10 11:50:57, 3] smbd/service.c:make_connection_snum(1194) monster (::ffff:192.168.60.4) connect to service IPC$ initially as user monster$ (uid=1456, gid=515) (pid 14301) [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:50:57, 3] smbd/reply.c:reply_tcon_and_X(761) tconX service=IPC$ [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=4 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 49 50 43 00 00 00 00 IPC.... [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 100 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x64 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 4 of length 104 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=5 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 18 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 14301) conn 0x1763128 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 1456 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2009/03/10 11:50:57, 5] smbd/uid.c:change_to_user(322) change_to_user uid=(0,1456) gid=(0,515) [2009/03/10 11:50:57, 4] smbd/vfs.c:vfs_ChDir(739) vfs_ChDir to /tmp [2009/03/10 11:50:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc [2009/03/10 11:50:57, 4] smbd/nttrans.c:nt_open_pipe(295) nt_open_pipe: Opening pipe \lsarpc. [2009/03/10 11:50:57, 3] smbd/nttrans.c:nt_open_pipe(320) nt_open_pipe: Known pipe lsarpc opening. [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested lsarpc (pipes_open=0) [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested lsarpc [2009/03/10 11:50:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2009/03/10 11:50:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe lsarpc (pipes_open=0) [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe lsarpc with handle 71cc (pipes_open=1) [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name lsarpc pnum=71cc [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F313433 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x17639b0 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F313433 [2009/03/10 11:50:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408) do_ntcreate_pipe_open: open pipe = \lsarpc [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=52224 (0xCC00) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 154 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x9a [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 5 of length 158 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29132 (0x71CC) smb_bcc=87 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A .¸...... .......j [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9.±Ð.. ¨.ÀOÙ.õ. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=72 params=0 setup=2 [2009/03/10 11:50:57, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:57, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:57, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71cc [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71cc (pipes_open=1) [2009/03/10 11:50:57, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71cc) [2009/03/10 11:50:57, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x175e2e8 max_trans_reply: 4280 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71cc name: lsarpc open: Yes len: 72 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 3919286a [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : b10c [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : 11d0 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : 9b a8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 00 c0 4f d9 2e f5 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000000 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\lsarpc [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\lsarpc. [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71cc name: lsarpc len: 4280 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2009/03/10 11:50:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] (align 0) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 108 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x6c [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 6 of length 112 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29132 (0x71CC) smb_bcc=41 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ [020] 00 00 00 00 00 00 00 01 00 ........ . [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=26 params=0 setup=2 [2009/03/10 11:50:57, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:57, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:57, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71cc [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71cc (pipes_open=1) [2009/03/10 11:50:57, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71cc) [2009/03/10 11:50:57, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x175e2e8 max_trans_reply: 4280 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71cc name: lsarpc open: Yes len: 26 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 26 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 10 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 001a [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 10 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000002 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0000 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 70 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION [2009/03/10 11:50:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[0].fn == 0x467340 dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation in: struct dssetup_DsRoleGetPrimaryDomainInformation level : DS_ROLE_BASIC_INFORMATION (1) [2009/03/10 11:50:57, 10] rpc_server/srv_dssetup_nt.c:fill_dsrole_dominfo_basic(40) fill_dsrole_dominfo_basic: enter dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation out: struct dssetup_DsRoleGetPrimaryDomainInformation info : * info : union dssetup_DsRoleInfo(case 1) basic: struct dssetup_DsRolePrimaryDomInfoBasic role : DS_ROLE_PRIMARY_DC (5) flags : 0x01000000 (16777216) 0: DS_ROLE_PRIMARY_DS_RUNNING 0: DS_ROLE_PRIMARY_DS_MIXED_MODE 0: DS_ROLE_UPGRADE_IN_PROGRESS 1: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT domain : * domain : 'RK_KLBG' dns_domain : NULL forest : NULL domain_guid : ae45f612-4b89-4acc-9584-efd6b3b8d3b2 result : WERR_OK [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 36 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 10 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71cc name: lsarpc len: 4280 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0064 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000004c [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:50:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..100] (align 0) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 02 00 00 ........ .d...... [010] 00 4C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .L...... ........ [020] 00 05 00 00 00 00 00 00 01 04 00 02 00 00 00 00 ........ ........ [030] 00 00 00 00 00 12 F6 45 AE 89 4B CC 4A 95 84 EF ......öE ®.KÌJ..ï [040] D6 B3 B8 D3 B2 08 00 00 00 00 00 00 00 08 00 00 Ö³¸Ó²... ........ [050] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 00 .R.K._.K .L.B.G.. [060] 00 00 00 00 00 ..... [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 41 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x29 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 7 of length 45 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=8 smt_wct=3 smb_vwv[ 0]=29132 (0x71CC) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 14301) conn 0x1763128 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71cc [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71cc (pipes_open=1) [2009/03/10 11:50:57, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:71cc [2009/03/10 11:50:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name lsarpc pnum=71cc (pipes_open=0) [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F313433 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x16994c8 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F313433 [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=8 smt_wct=0 smb_bcc=0 [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 100 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x64 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 8 of length 104 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=9 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 14301) conn 0x1763128 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc [2009/03/10 11:50:57, 4] smbd/nttrans.c:nt_open_pipe(295) nt_open_pipe: Opening pipe \lsarpc. [2009/03/10 11:50:57, 3] smbd/nttrans.c:nt_open_pipe(320) nt_open_pipe: Known pipe lsarpc opening. [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested lsarpc (pipes_open=0) [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested lsarpc [2009/03/10 11:50:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2009/03/10 11:50:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe lsarpc (pipes_open=0) [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe lsarpc with handle 71cd (pipes_open=1) [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name lsarpc pnum=71cd [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F313433 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x17639b0 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F313433 [2009/03/10 11:50:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408) do_ntcreate_pipe_open: open pipe = \lsarpc [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=9 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=52480 (0xCD00) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 154 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x9a [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 9 of length 158 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29133 (0x71CD) smb_bcc=87 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.Í«ï ..#Eg.«. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=72 params=0 setup=2 [2009/03/10 11:50:57, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:57, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:57, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71cd [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71cd (pipes_open=1) [2009/03/10 11:50:57, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71cd) [2009/03/10 11:50:57, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1757628 max_trans_reply: 4280 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71cd name: lsarpc open: Yes len: 72 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345778 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 89 ab [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000000 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\lsarpc checking \PIPE\lsarpc [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\lsarpc. [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71cd name: lsarpc len: 4280 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2009/03/10 11:50:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] (align 0) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 162 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0xa2 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 10 of length 166 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=162 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29133 (0x71CD) smb_bcc=95 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 50 00 00 00 04 00 00 00 38 .......P .......8 [020] 00 00 00 00 00 2C 00 00 00 02 00 01 00 00 00 00 .....,.. ........ [030] 00 00 00 01 00 00 00 00 00 00 00 18 00 00 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 ........ ........ [050] 00 02 00 0C 00 00 00 02 00 01 00 00 00 00 02 ........ ....... [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=80 params=0 setup=2 [2009/03/10 11:50:57, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:57, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:57, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71cd [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71cd (pipes_open=1) [2009/03/10 11:50:57, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71cd) [2009/03/10 11:50:57, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1757628 max_trans_reply: 4280 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71cd name: lsarpc open: Yes len: 80 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 80 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 64 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0050 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000004 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 64 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000038 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 002c [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 70 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[44].fn == 0x458bd0 lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : '' attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2009/03/10 11:50:57, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-5-21-181998944-1107627502-2274996074-3912. [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(249) [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-181998944-1107627502-2274996074-3912 se_access_check: also S-1-5-21-181998944-1107627502-2274996074-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-515 [2009/03/10 11:50:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B6 49 11 46 ........ ....¶I.F [010] DD 37 00 00 Ý7.. lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-b649-1146dd370000 result : NT_STATUS_OK [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 820 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 64 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71cd name: lsarpc len: 4280 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000004 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:50:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 B6 49 11 46 DD 37 00 00 00 00 00 .....¶I. FÝ7..... [030] 00 . [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 128 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x80 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 11 of length 132 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29133 (0x71CD) smb_bcc=61 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ [020] 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 B6 49 11 46 DD 37 00 00 0C 00 ...¶I.FÝ 7.... [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=46 params=0 setup=2 [2009/03/10 11:50:57, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:57, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:57, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71cd [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71cd (pipes_open=1) [2009/03/10 11:50:57, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71cd) [2009/03/10 11:50:57, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1757628 max_trans_reply: 4280 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71cd name: lsarpc open: Yes len: 46 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 46 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 30 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002e [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000005 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 30 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000016 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 002e [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x2e - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[46].fn == 0x4587a0 lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-b649-1146dd370000 level : LSA_POLICY_INFO_DNS (12) [2009/03/10 11:50:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2339) api_rpcTNP: rng fault return [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 23 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0020 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000005 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_hdr_fault fault [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(807) 0018 status : DCERPC_FAULT_OP_RNG_ERROR [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 001c reserved: 00000000 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 30 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71cd name: lsarpc len: 4280 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2009/03/10 11:50:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] (align 0) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 150 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x96 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 12 of length 154 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29133 (0x71CD) smb_bcc=83 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 06 00 00 00 2C .......D ......., [020] 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=68 params=0 setup=2 [2009/03/10 11:50:57, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:57, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:57, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71cd [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71cd (pipes_open=1) [2009/03/10 11:50:57, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71cd) [2009/03/10 11:50:57, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1757628 max_trans_reply: 4280 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71cd name: lsarpc open: Yes len: 68 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 68 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 52 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000006 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 52 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 52, incoming data = 52 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000002c [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0006 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2009/03/10 11:50:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[6].fn == 0x45da30 lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2009/03/10 11:50:57, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-5-21-181998944-1107627502-2274996074-3912. [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(249) [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-181998944-1107627502-2274996074-3912 se_access_check: also S-1-5-21-181998944-1107627502-2274996074-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-515 [2009/03/10 11:50:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B6 49 11 46 ........ ....¶I.F [010] DD 37 00 00 Ý7.. lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-b649-1146dd370000 result : NT_STATUS_OK [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 820 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 52 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71cd name: lsarpc len: 4280 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000006 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:50:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 B6 49 11 46 DD 37 00 00 00 00 00 .....¶I. FÝ7..... [030] 00 . [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 128 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x80 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 13 of length 132 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29133 (0x71CD) smb_bcc=61 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 07 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ [030] 00 00 00 B6 49 11 46 DD 37 00 00 05 00 ...¶I.FÝ 7.... [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=46 params=0 setup=2 [2009/03/10 11:50:57, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:57, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:57, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71cd [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71cd (pipes_open=1) [2009/03/10 11:50:57, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71cd) [2009/03/10 11:50:57, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1757628 max_trans_reply: 4280 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71cd name: lsarpc open: Yes len: 46 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 46 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 30 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002e [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000007 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 30 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000016 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0007 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2009/03/10 11:50:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[7].fn == 0x45d810 lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-b649-1146dd370000 level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) [2009/03/10 11:50:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B6 49 11 46 ........ ....¶I.F [010] DD 37 00 00 Ý7.. lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 5) account_domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : * string : 'RK_KLBG' sid : * sid : S-1-5-21-181998944-1107627502-2274996074 result : NT_STATUS_OK [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 44 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 30 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71cd name: lsarpc len: 4280 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0068 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000007 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000050 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:50:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..104] (align 0) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 07 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .P...... ........ [020] 00 0E 00 10 00 04 00 02 00 08 00 02 00 08 00 00 ........ ........ [030] 00 00 00 00 00 07 00 00 00 52 00 4B 00 5F 00 4B ........ .R.K._.K [040] 00 4C 00 42 00 47 00 00 00 04 00 00 00 01 04 00 .L.B.G.. ........ [050] 00 00 00 00 05 15 00 00 00 60 15 D9 0A EE 0D 05 ........ .`.Ù.î.. [060] 42 6A AF 99 87 00 00 00 00 Bj¯..... . [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 41 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x29 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 14 of length 45 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=15 smt_wct=3 smb_vwv[ 0]=29133 (0x71CD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 14301) conn 0x1763128 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71cd [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71cd (pipes_open=1) [2009/03/10 11:50:57, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:71cd [2009/03/10 11:50:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B6 49 11 46 ........ ....¶I.F [010] DD 37 00 00 Ý7.. [2009/03/10 11:50:57, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2009/03/10 11:50:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B6 49 11 46 ........ ....¶I.F [010] DD 37 00 00 Ý7.. [2009/03/10 11:50:57, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2009/03/10 11:50:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name lsarpc pnum=71cd (pipes_open=0) [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F313433 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x16994c8 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F313433 [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=15 smt_wct=0 smb_bcc=0 [2009/03/10 11:50:57, 2] lib/interface.c:add_interface(337) added interface eth0 ip=fe80::20b:cdff:fef2:f15%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2009/03/10 11:50:57, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.60.3 bcast=192.168.60.255 netmask=255.255.255.0 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 16 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 16 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 16384 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 16 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 16 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 16384 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2009/03/10 11:50:57, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2009/03/10 11:50:57, 5] auth/auth_util.c:make_user_info_map(206) make_user_info_map: Mapping user [RK_KLBG]\[MONSTER$] from workstation [MONSTER] [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] auth/auth_util.c:is_trusted_domain(2055) is_trusted_domain: Checking for domain trust with [RK_KLBG] [2009/03/10 11:50:57, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823) ldapsam_get_trusteddom_pw called for domain RK_KLBG [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [sambaDomainName=RK_KLBG,sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=RK_KLBG))], scope => [2] [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_close(1103) The connection to the LDAP server was closed [2009/03/10 11:50:57, 10] lib/smbldap.c:smb_ldap_setup_conn(616) smb_ldap_setup_connection: ldap://ldap-master.intern.rk-klosterneuburg.at/ [2009/03/10 11:50:57, 2] lib/smbldap.c:smbldap_open_connection(796) smbldap_open_connection: connection opened [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_connect_system(961) ldap_connect_system: Binding to ldap server ldap://ldap-master.intern.rk-klosterneuburg.at/ as "cn=Manager,dc=rk-klbg,dc=at" [2009/03/10 11:50:57, 3] lib/smbldap.c:smbldap_connect_system(1007) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2009/03/10 11:50:57, 10] lib/events.c:event_add_timed(130) Added timed event "smbldap_idle_fn": 1697898 [2009/03/10 11:50:57, 4] lib/smbldap.c:smbldap_open(1083) The LDAP server is successfully connected [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_search_ext(1264) Failed search for base: sambaDomainName=RK_KLBG,sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at, error: 32 (No such object) (unknown) [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(194) Cache entry with key = TDOM/RK_KLBG couldn't be found [2009/03/10 11:50:57, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183) no entry for trusted domain RK_KLBG found. [2009/03/10 11:50:57, 5] auth/auth_util.c:make_user_info(120) attempting to make a user_info for MONSTER$ (MONSTER$) [2009/03/10 11:50:57, 5] auth/auth_util.c:make_user_info(130) making strings for MONSTER$'s user_info struct [2009/03/10 11:50:57, 5] auth/auth_util.c:make_user_info(162) making blobs for MONSTER$'s user_info struct [2009/03/10 11:50:57, 10] auth/auth_util.c:make_user_info(180) made an encrypted user_info for MONSTER$ (MONSTER$) [2009/03/10 11:50:57, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [RK_KLBG]\[MONSTER$]@[MONSTER] with the new password interface [2009/03/10 11:50:57, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [RK_KLBG]\[MONSTER$]@[MONSTER] [2009/03/10 11:50:57, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2009/03/10 11:50:57, 10] auth/auth.c:check_ntlm_password(234) challenge is: [2009/03/10 11:50:57, 5] lib/util.c:dump_data(2230) [000] 80 8A B8 05 F1 10 29 6C ..¸.ñ.)l [2009/03/10 11:50:57, 10] auth/auth.c:check_ntlm_password(260) check_ntlm_password: guest had nothing to say [2009/03/10 11:50:57, 8] lib/util.c:is_myname(2105) is_myname("RK_KLBG") returns 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(uid=MONSTER$)(objectclass=sambaSamAccount))], scope => [2] [2009/03/10 11:50:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: monster$ [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username monster$, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username monster$, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\monster_, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2009/03/10 11:50:57, 5] passdb/login_cache.c:login_cache_init(40) Opening cache file at /var/lib/samba/login_cache.tdb [2009/03/10 11:50:57, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user monster$ [2009/03/10 11:50:57, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2009/03/10 11:50:57, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user monster$ [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is monster$ [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [monster$]! [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2009/03/10 11:50:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 515 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_sid(950) lookup_sid called for SID 'S-1-5-21-181998944-1107627502-2274996074-515' [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:check_dom_sid_to_level(705) Accepting SID S-1-5-21-181998944-1107627502-2274996074 in level 1 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_rids(468) lookup_rids called for domain sid 'S-1-5-21-181998944-1107627502-2274996074' [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Users,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-515)))], scope => [2] [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-515)))], scope => [2] [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_sid(985) Sid S-1-5-21-181998944-1107627502-2274996074-515 -> RK_KLBG\Domain Computers(2) [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username monster$, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username monster$, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\monster_, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:50:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 from rid 3912 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 4] libsmb/ntlm_check.c:ntlm_password_check(328) ntlm_password_check: Checking NT MD4 password [2009/03/10 11:50:57, 4] auth/auth_sam.c:sam_account_ok(137) sam_account_ok: Checking SMB password for user monster$ [2009/03/10 11:50:57, 5] auth/auth_sam.c:logon_hours_ok(119) logon_hours_ok: user monster$ allowed to logon at this time (Tue Mar 10 10:50:57 2009 ) [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(uid=monster$))], scope => [2] [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=posixGroup)(|(memberUid=monster$)(gidNumber=515)))], scope => [2] [2009/03/10 11:50:57, 5] auth/auth_util.c:make_server_info_sam(650) make_server_info_sam: made server info for user monster$ -> monster$ [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: sam authentication for user [MONSTER$] succeeded [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 5] auth/auth.c:check_ntlm_password(295) check_ntlm_password: PAM Account for user [monster$] succeeded [2009/03/10 11:50:57, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [MONSTER$] -> [MONSTER$] -> [monster$] succeeded [2009/03/10 11:50:57, 5] auth/auth_util.c:free_user_info(1985) attempting to free (and zero) a user_info structure [2009/03/10 11:50:57, 10] auth/auth_util.c:free_user_info(1989) structure was created for MONSTER$ [2009/03/10 11:50:57, 10] auth/token_util.c:create_local_nt_token(304) Create local NT token for S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-544 -> gid 804 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-545 -> gid 100 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-3912)(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-515)))], scope => [2] [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-3912)(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-515)))], scope => [2] [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-181998944-1107627502-2274996074-3912] [2009/03/10 11:50:57, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-181998944-1107627502-2274996074-515] [2009/03/10 11:50:57, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:50:57, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2009/03/10 11:50:57, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-11] [2009/03/10 11:50:57, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-22-2-515] [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-181998944-1107627502-2274996074-515 -> gid 515 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-1-0 [2009/03/10 11:50:57, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-1-0 to gid, ignoring it [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-2 [2009/03/10 11:50:57, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-5-2 to gid, ignoring it [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-11 [2009/03/10 11:50:57, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-5-11 to gid, ignoring it [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:sid_to_gid(1413) sid S-1-22-2-515 -> gid 515 [2009/03/10 11:50:57, 10] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:50:57, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2009/03/10 11:50:57, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(811) ntlmssp_server_auth: Created NTLM2 session key. [2009/03/10 11:50:57, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2009/03/10 11:50:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/03/10 11:50:57, 10] smbd/password.c:register_existing_vuid(316) register_existing_vuid: (1456,515) monster$ MONSTER$ RK_KLBG guest=0 [2009/03/10 11:50:57, 3] smbd/password.c:register_existing_vuid(320) register_existing_vuid: User name: monster$ Real name: Computer [2009/03/10 11:50:57, 3] smbd/password.c:register_existing_vuid(332) register_existing_vuid: UNIX uid 1456 is UNIX user monster$, and will be vuid 100 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 49442F31343330342F31 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x175f880 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 49442F31343330342F31 [2009/03/10 11:50:57, 7] param/loadparm.c:lp_servicenumber(9002) lp_servicenumber: couldn't find monster$ [2009/03/10 11:50:57, 3] smbd/password.c:register_existing_vuid(353) Adding homes service for user 'monster$' using home directory: '/dev/null' [2009/03/10 11:50:57, 8] param/loadparm.c:add_a_service(5760) add_a_service: Creating snum = 18 for monster$ [2009/03/10 11:50:57, 10] param/loadparm.c:hash_a_service(5807) hash_a_service: hashing index 18 for service name monster$ [2009/03/10 11:50:57, 3] param/loadparm.c:lp_add_home(5856) adding home's share [monster$] for user 'monster$' at '/dev/null' [2009/03/10 11:50:57, 6] param/loadparm.c:lp_file_list_changed(6699) lp_file_list_changed() file /etc/samba/smb-%m.conf -> /etc/samba/smb-monster.conf last mod_time: Tue Mar 10 11:49:02 2009 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Mar 10 10:39:07 2009 [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=128 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=10198 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=85 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ¡.0. ... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 32 00 2E 00 38 00 2D 00 30 00 2E 00 32 ...2...8 .-.0...2 [030] 00 36 00 6C 00 65 00 6F 00 2E 00 66 00 63 00 31 .6.l.e.o ...f.c.1 [040] 00 30 00 00 00 52 00 4B 00 5F 00 4B 00 4C 00 42 .0...R.K ._.K.L.B [050] 00 47 00 00 00 .G... [2009/03/10 11:50:57, 5] printing/print_cups.c:cups_async_callback(415) cups_async_callback: callback received for printer data. fd = 20 [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 74 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x4a [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 3 of length 78 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=74 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=10198 smb_uid=100 smb_mid=4 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=31 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 5C 00 53 00 41 00 4D 00 42 00 41 00 5C .\.\.S.A .M.B.A.\ [010] 00 49 00 50 00 43 00 24 00 00 00 49 50 43 00 .I.P.C.$ ...IPC. [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtconX (pid 14304) conn 0x0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:50:57, 4] smbd/reply.c:reply_tcon_and_X(687) Client requested device type [IPC] for share [IPC$] [2009/03/10 11:50:57, 5] smbd/service.c:make_connection(1380) making a connection to 'normal' service ipc$ [2009/03/10 11:50:57, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user monster$ [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user monster$ [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is monster$ [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [monster$]! [2009/03/10 11:50:57, 10] smbd/service.c:set_conn_connectpath(157) set_conn_connectpath: service IPC$, connectpath = /tmp [2009/03/10 11:50:57, 3] smbd/service.c:make_connection_snum(940) Connect path is '/tmp' for service [IPC$] [2009/03/10 11:50:57, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2009/03/10 11:50:57, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-181998944-1107627502-2274996074-3912. [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(249) [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-181998944-1107627502-2274996074-3912 se_access_check: also S-1-5-21-181998944-1107627502-2274996074-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-515 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2009/03/10 11:50:57, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2009/03/10 11:50:57, 3] smbd/vfs.c:vfs_init_default(96) Initialising default vfs hooks [2009/03/10 11:50:57, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend '/[Default VFS]/' [2009/03/10 11:50:57, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for posixacl [2009/03/10 11:50:57, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend 'posixacl' [2009/03/10 11:50:57, 3] smbd/vfs.c:vfs_init_custom(130) Initialising custom vfs hooks from [/[Default VFS]/] [2009/03/10 11:50:57, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ [2009/03/10 11:50:57, 5] smbd/connection.c:claim_connection(142) claiming [IPC$] [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key E0370000010000004950 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x175a608 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key E0370000010000004950 [2009/03/10 11:50:57, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user monster$ [2009/03/10 11:50:57, 10] smbd/share_access.c:is_share_read_only_for_token(275) is_share_read_only_for_user: share IPC$ is read-only for unix user monster$ [2009/03/10 11:50:57, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2009/03/10 11:50:57, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-181998944-1107627502-2274996074-3912. [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(249) [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-181998944-1107627502-2274996074-3912 se_access_check: also S-1-5-21-181998944-1107627502-2274996074-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-515 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2009/03/10 11:50:57, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (1) granted. [2009/03/10 11:50:57, 3] lib/util_sid.c:string_to_sid(228) string_to_sid: Sid smbadmin does not start with 'S-'. [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_name(69) lookup_name: RK_KLBG\smbadmin => RK_KLBG (domain), smbadmin (name) [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_name(70) lookup_name: flags = 0x073 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(uid=smbadmin)(objectclass=sambaSamAccount))], scope => [2] [2009/03/10 11:50:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: smbadmin [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute displayName does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name smbadmin, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\smbadmin, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2009/03/10 11:50:57, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user smbadmin [2009/03/10 11:50:57, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2009/03/10 11:50:57, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user smbadmin [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is smbadmin [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [smbadmin]! [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=800))], scope => [2] [2009/03/10 11:50:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 800 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_sid(950) lookup_sid called for SID 'S-1-5-21-181998944-1107627502-2274996074-512' [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:check_dom_sid_to_level(705) Accepting SID S-1-5-21-181998944-1107627502-2274996074 in level 1 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_rids(468) lookup_rids called for domain sid 'S-1-5-21-181998944-1107627502-2274996074' [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Users,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-512)))], scope => [2] [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-512)))], scope => [2] [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_sid(985) Sid S-1-5-21-181998944-1107627502-2274996074-512 -> RK_KLBG\Domain Admins(2) [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:50:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 from rid 3022 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] lib/util_sid.c:string_to_sid(228) string_to_sid: Sid RK_KLBG\smbadmin does not start with 'S-'. [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_name(69) lookup_name: RK_KLBG\smbadmin => RK_KLBG (domain), smbadmin (name) [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_name(70) lookup_name: flags = 0x073 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(uid=smbadmin)(objectclass=sambaSamAccount))], scope => [2] [2009/03/10 11:50:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: smbadmin [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute displayName does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name smbadmin, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\smbadmin, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2009/03/10 11:50:57, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user smbadmin [2009/03/10 11:50:57, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2009/03/10 11:50:57, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user smbadmin [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is smbadmin [2009/03/10 11:50:57, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [smbadmin]! [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=800))], scope => [2] [2009/03/10 11:50:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 800 [2009/03/10 11:50:57, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_sid(950) lookup_sid called for SID 'S-1-5-21-181998944-1107627502-2274996074-512' [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:check_dom_sid_to_level(705) Accepting SID S-1-5-21-181998944-1107627502-2274996074 in level 1 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_rids(468) lookup_rids called for domain sid 'S-1-5-21-181998944-1107627502-2274996074' [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Users,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-512)))], scope => [2] [2009/03/10 11:50:57, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-512)))], scope => [2] [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/lookup_sid.c:lookup_sid(985) Sid S-1-5-21-181998944-1107627502-2274996074-512 -> RK_KLBG\Domain Admins(2) [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\smbadmin, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:57, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:50:57, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 from rid 3022 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 1456 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2009/03/10 11:50:57, 5] smbd/uid.c:change_to_user(322) change_to_user uid=(0,1456) gid=(0,515) [2009/03/10 11:50:57, 3] smbd/service.c:make_connection_snum(1194) monster (::ffff:192.168.60.4) connect to service IPC$ initially as user monster$ (uid=1456, gid=515) (pid 14304) [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:57, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:50:57, 3] smbd/reply.c:reply_tcon_and_X(761) tconX service=IPC$ [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=4 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 49 50 43 00 00 00 00 IPC.... [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 100 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x64 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 4 of length 104 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=5 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 18 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 14304) conn 0x1675be8 [2009/03/10 11:50:57, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:50:57, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 1456 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2009/03/10 11:50:57, 5] smbd/uid.c:change_to_user(322) change_to_user uid=(0,1456) gid=(0,515) [2009/03/10 11:50:57, 4] smbd/vfs.c:vfs_ChDir(739) vfs_ChDir to /tmp [2009/03/10 11:50:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc [2009/03/10 11:50:57, 4] smbd/nttrans.c:nt_open_pipe(295) nt_open_pipe: Opening pipe \lsarpc. [2009/03/10 11:50:57, 3] smbd/nttrans.c:nt_open_pipe(320) nt_open_pipe: Known pipe lsarpc opening. [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested lsarpc (pipes_open=0) [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested lsarpc [2009/03/10 11:50:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2009/03/10 11:50:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe lsarpc (pipes_open=0) [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe lsarpc with handle 71f1 (pipes_open=1) [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name lsarpc pnum=71f1 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F313433 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x1760fb0 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F313433 [2009/03/10 11:50:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408) do_ntcreate_pipe_open: open pipe = \lsarpc [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=61696 (0xF100) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 154 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x9a [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 5 of length 158 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29169 (0x71F1) smb_bcc=87 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 6A .¸...... .......j [030] 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E F5 00 (.9.±Ð.. ¨.ÀOÙ.õ. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14304) conn 0x1675be8 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=72 params=0 setup=2 [2009/03/10 11:50:57, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:57, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:57, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71f1 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71f1 (pipes_open=1) [2009/03/10 11:50:57, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71f1) [2009/03/10 11:50:57, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x170a750 max_trans_reply: 4280 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71f1 name: lsarpc open: Yes len: 72 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 3919286a [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : b10c [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : 11d0 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : 9b a8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 00 c0 4f d9 2e f5 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000000 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\lsarpc [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\lsarpc. [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000001 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71f1 name: lsarpc len: 4280 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2009/03/10 11:50:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] (align 0) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 108 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x6c [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 6 of length 112 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29169 (0x71F1) smb_bcc=41 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 1A 00 00 00 02 00 00 00 02 ........ ........ [020] 00 00 00 00 00 00 00 01 00 ........ . [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14304) conn 0x1675be8 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=26 params=0 setup=2 [2009/03/10 11:50:57, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:57, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:57, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71f1 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71f1 (pipes_open=1) [2009/03/10 11:50:57, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71f1) [2009/03/10 11:50:57, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x170a750 max_trans_reply: 4280 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71f1 name: lsarpc open: Yes len: 26 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 26 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 10 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 001a [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 10 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000002 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0000 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 70 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION [2009/03/10 11:50:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[0].fn == 0x467340 dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation in: struct dssetup_DsRoleGetPrimaryDomainInformation level : DS_ROLE_BASIC_INFORMATION (1) [2009/03/10 11:50:57, 10] rpc_server/srv_dssetup_nt.c:fill_dsrole_dominfo_basic(40) fill_dsrole_dominfo_basic: enter dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation out: struct dssetup_DsRoleGetPrimaryDomainInformation info : * info : union dssetup_DsRoleInfo(case 1) basic: struct dssetup_DsRolePrimaryDomInfoBasic role : DS_ROLE_PRIMARY_DC (5) flags : 0x01000000 (16777216) 0: DS_ROLE_PRIMARY_DS_RUNNING 0: DS_ROLE_PRIMARY_DS_MIXED_MODE 0: DS_ROLE_UPGRADE_IN_PROGRESS 1: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT domain : * domain : 'RK_KLBG' dns_domain : NULL forest : NULL domain_guid : ae45f612-4b89-4acc-9584-efd6b3b8d3b2 result : WERR_OK [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 36 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 10 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71f1 name: lsarpc len: 4280 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0064 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000002 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 0000004c [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:50:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..100] (align 0) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 05 00 02 03 10 00 00 00 64 00 00 00 02 00 00 ........ .d...... [010] 00 4C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .L...... ........ [020] 00 05 00 00 00 00 00 00 01 04 00 02 00 00 00 00 ........ ........ [030] 00 00 00 00 00 12 F6 45 AE 89 4B CC 4A 95 84 EF ......öE ®.KÌJ..ï [040] D6 B3 B8 D3 B2 08 00 00 00 00 00 00 00 08 00 00 Ö³¸Ó²... ........ [050] 00 52 00 4B 00 5F 00 4B 00 4C 00 42 00 47 00 00 .R.K._.K .L.B.G.. [060] 00 00 00 00 00 ..... [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 41 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x29 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 7 of length 45 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=8 smt_wct=3 smb_vwv[ 0]=29169 (0x71F1) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 14304) conn 0x1675be8 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71f1 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71f1 (pipes_open=1) [2009/03/10 11:50:57, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:71f1 [2009/03/10 11:50:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name lsarpc pnum=71f1 (pipes_open=0) [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F313433 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x1757308 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F313433 [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=8 smt_wct=0 smb_bcc=0 [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 100 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x64 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 8 of length 104 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=9 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 14304) conn 0x1675be8 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc [2009/03/10 11:50:57, 4] smbd/nttrans.c:nt_open_pipe(295) nt_open_pipe: Opening pipe \lsarpc. [2009/03/10 11:50:57, 3] smbd/nttrans.c:nt_open_pipe(320) nt_open_pipe: Known pipe lsarpc opening. [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested lsarpc (pipes_open=0) [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested lsarpc [2009/03/10 11:50:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2009/03/10 11:50:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe lsarpc (pipes_open=0) [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe lsarpc with handle 71f2 (pipes_open=1) [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name lsarpc pnum=71f2 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F313433 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x1692668 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F313433 [2009/03/10 11:50:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408) do_ntcreate_pipe_open: open pipe = \lsarpc [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=9 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=61952 (0xF200) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 154 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x9a [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 9 of length 158 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=154 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=10 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29170 (0x71F2) smb_bcc=87 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 48 00 00 00 03 00 00 00 B8 .......H .......¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.Í«ï ..#Eg.«. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 .H`.... [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14304) conn 0x1675be8 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=72 params=0 setup=2 [2009/03/10 11:50:57, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:57, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:57, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71f2 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71f2 (pipes_open=1) [2009/03/10 11:50:57, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71f2) [2009/03/10 11:50:57, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1763b48 max_trans_reply: 4280 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71f2 name: lsarpc open: Yes len: 72 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 72 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 56 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345778 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 89 ab [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000000 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\lsarpc checking \PIPE\lsarpc [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\lsarpc. [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2009/03/10 11:50:57, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2009/03/10 11:50:57, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000003 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 56 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71f2 name: lsarpc len: 4280 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2009/03/10 11:50:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..68] (align 0) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=10 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 03 00 00 ........ .D...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 `.... [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 162 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0xa2 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 10 of length 166 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=162 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=11 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29170 (0x71F2) smb_bcc=95 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 50 00 00 00 04 00 00 00 38 .......P .......8 [020] 00 00 00 00 00 2C 00 00 00 02 00 01 00 00 00 00 .....,.. ........ [030] 00 00 00 01 00 00 00 00 00 00 00 18 00 00 00 00 ........ ........ [040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 ........ ........ [050] 00 02 00 0C 00 00 00 02 00 01 00 00 00 00 02 ........ ....... [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14304) conn 0x1675be8 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=80 params=0 setup=2 [2009/03/10 11:50:57, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:57, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:57, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71f2 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71f2 (pipes_open=1) [2009/03/10 11:50:57, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71f2) [2009/03/10 11:50:57, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1763b48 max_trans_reply: 4280 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71f2 name: lsarpc open: Yes len: 80 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 80 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 64 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0050 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000004 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 64 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000038 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 002c [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 70 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[44].fn == 0x458bd0 lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : '' attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2009/03/10 11:50:57, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-5-21-181998944-1107627502-2274996074-3912. [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(249) [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-181998944-1107627502-2274996074-3912 se_access_check: also S-1-5-21-181998944-1107627502-2274996074-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-515 [2009/03/10 11:50:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B6 49 11 46 ........ ....¶I.F [010] E0 37 00 00 à7.. lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-b649-1146e0370000 result : NT_STATUS_OK [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 820 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 64 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71f2 name: lsarpc len: 4280 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000004 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:50:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=11 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [020] 00 00 00 00 00 B6 49 11 46 E0 37 00 00 00 00 00 .....¶I. Fà7..... [030] 00 . [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 128 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x80 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 11 of length 132 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=12 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29170 (0x71F2) smb_bcc=61 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 00 16 ........ ........ [020] 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 00 00 ........ ........ [030] 00 00 00 B6 49 11 46 E0 37 00 00 0C 00 ...¶I.Fà 7.... [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14304) conn 0x1675be8 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=46 params=0 setup=2 [2009/03/10 11:50:57, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:57, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:57, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71f2 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71f2 (pipes_open=1) [2009/03/10 11:50:57, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71f2) [2009/03/10 11:50:57, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1763b48 max_trans_reply: 4280 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71f2 name: lsarpc open: Yes len: 46 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 46 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 30 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002e [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000005 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 30 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000016 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 002e [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x2e - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[46].fn == 0x4587a0 lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-b649-1146e0370000 level : LSA_POLICY_INFO_DNS (12) [2009/03/10 11:50:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2339) api_rpcTNP: rng fault return [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 23 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0020 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000005 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000018 smb_io_rpc_hdr_fault fault [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_dcerpc_status(807) 0018 status : DCERPC_FAULT_OP_RNG_ERROR [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 001c reserved: 00000000 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 30 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71f2 name: lsarpc len: 4280 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2009/03/10 11:50:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..32] (align 0) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=12 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 05 00 03 23 10 00 00 00 20 00 00 00 05 00 00 ....#... . ...... [010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [020] 00 . [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 150 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x96 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 12 of length 154 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=150 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=13 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 68 (0x44) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29170 (0x71F2) smb_bcc=83 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 44 00 00 00 06 00 00 00 2C .......D ......., [020] 00 00 00 00 00 06 00 00 00 02 00 5C 00 00 00 18 ........ ...\.... [030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [040] 00 00 00 04 00 02 00 0C 00 00 00 02 00 01 00 00 ........ ........ [050] 00 00 02 ... [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14304) conn 0x1675be8 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=68 params=0 setup=2 [2009/03/10 11:50:57, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:57, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:57, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71f2 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71f2 (pipes_open=1) [2009/03/10 11:50:57, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71f2) [2009/03/10 11:50:57, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1763b48 max_trans_reply: 4280 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71f2 name: lsarpc open: Yes len: 68 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 68 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 68 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 68, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 52 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 52 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0044 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000006 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 52 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 52, incoming data = 52 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000002c [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0006 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2009/03/10 11:50:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[6].fn == 0x45da30 lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2009/03/10 11:50:57, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-5-21-181998944-1107627502-2274996074-3912. [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(249) [2009/03/10 11:50:57, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-181998944-1107627502-2274996074-3912 se_access_check: also S-1-5-21-181998944-1107627502-2274996074-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-515 [2009/03/10 11:50:57, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B6 49 11 46 ........ ....¶I.F [010] E0 37 00 00 à7.. lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-b649-1146e0370000 result : NT_STATUS_OK [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 820 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 52 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71f2 name: lsarpc len: 4280 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0030 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000006 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:50:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=13 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [020] 00 00 00 00 00 B6 49 11 46 E0 37 00 00 00 00 00 .....¶I. Fà7..... [030] 00 . [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 128 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x80 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 13 of length 132 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=14 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29170 (0x71F2) smb_bcc=61 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 2E 00 00 00 07 00 00 00 16 ........ ........ [020] 00 00 00 00 00 07 00 00 00 00 00 02 00 00 00 00 ........ ........ [030] 00 00 00 B6 49 11 46 E0 37 00 00 05 00 ...¶I.Fà 7.... [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14304) conn 0x1675be8 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=46 params=0 setup=2 [2009/03/10 11:50:57, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:57, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:57, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71f2 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71f2 (pipes_open=1) [2009/03/10 11:50:57, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71f2) [2009/03/10 11:50:57, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1763b48 max_trans_reply: 4280 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71f2 name: lsarpc open: Yes len: 46 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 46 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 30 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 002e [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000007 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 30 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000016 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0007 [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2009/03/10 11:50:57, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[7].fn == 0x45d810 lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-b649-1146e0370000 level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) [2009/03/10 11:50:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B6 49 11 46 ........ ....¶I.F [010] E0 37 00 00 à7.. lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 5) account_domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : * string : 'RK_KLBG' sid : * sid : S-1-5-21-181998944-1107627502-2274996074 result : NT_STATUS_OK [2009/03/10 11:50:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2009/03/10 11:50:57, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 44 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 30 [2009/03/10 11:50:57, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71f2 name: lsarpc len: 4280 [2009/03/10 11:50:57, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0068 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000007 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000050 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:50:57, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:50:57, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..104] (align 0) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=14 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 05 00 02 03 10 00 00 00 68 00 00 00 07 00 00 ........ .h...... [010] 00 50 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .P...... ........ [020] 00 0E 00 10 00 04 00 02 00 08 00 02 00 08 00 00 ........ ........ [030] 00 00 00 00 00 07 00 00 00 52 00 4B 00 5F 00 4B ........ .R.K._.K [040] 00 4C 00 42 00 47 00 00 00 04 00 00 00 01 04 00 .L.B.G.. ........ [050] 00 00 00 00 05 15 00 00 00 60 15 D9 0A EE 0D 05 ........ .`.Ù.î.. [060] 42 6A AF 99 87 00 00 00 00 Bj¯..... . [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 41 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x29 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 14 of length 45 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=15 smt_wct=3 smb_vwv[ 0]=29170 (0x71F2) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 14304) conn 0x1675be8 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71f2 [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71f2 (pipes_open=1) [2009/03/10 11:50:57, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:71f2 [2009/03/10 11:50:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 B6 49 11 46 ........ ....¶I.F [010] E0 37 00 00 à7.. [2009/03/10 11:50:57, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2009/03/10 11:50:57, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B6 49 11 46 ........ ....¶I.F [010] E0 37 00 00 à7.. [2009/03/10 11:50:57, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2009/03/10 11:50:57, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name lsarpc pnum=71f2 (pipes_open=0) [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F313433 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x1757308 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F313433 [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10198 smb_uid=100 smb_mid=15 smt_wct=0 smb_bcc=0 [2009/03/10 11:50:57, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 100 [2009/03/10 11:50:57, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x64 [2009/03/10 11:50:57, 3] smbd/process.c:process_smb(1550) Transaction 15 of length 104 (0 toread) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=16 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=17 [2009/03/10 11:50:57, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [010] 00 . [2009/03/10 11:50:57, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 14301) conn 0x1763128 [2009/03/10 11:50:57, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:57, 10] smbd/nttrans.c:reply_ntcreate_and_X(488) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = lsarpc [2009/03/10 11:50:57, 4] smbd/nttrans.c:nt_open_pipe(295) nt_open_pipe: Opening pipe \lsarpc. [2009/03/10 11:50:57, 3] smbd/nttrans.c:nt_open_pipe(320) nt_open_pipe: Known pipe lsarpc opening. [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested lsarpc (pipes_open=0) [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested lsarpc [2009/03/10 11:50:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe lsarpc [2009/03/10 11:50:57, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe lsarpc [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe lsarpc (pipes_open=0) [2009/03/10 11:50:57, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe lsarpc with handle 71ce (pipes_open=1) [2009/03/10 11:50:57, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name lsarpc pnum=71ce [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F313433 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x17639b0 [2009/03/10 11:50:57, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F313433 [2009/03/10 11:50:57, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408) do_ntcreate_pipe_open: open pipe = \lsarpc [2009/03/10 11:50:57, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:57, 5] lib/util.c:show_msg(652) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=16 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=52736 (0xCE00) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/03/10 11:50:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 242 [2009/03/10 11:50:58, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0xf2 [2009/03/10 11:50:58, 3] smbd/process.c:process_smb(1550) Transaction 16 of length 246 (0 toread) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) size=242 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=17 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 160 (0xA0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 160 (0xA0) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29134 (0x71CE) smb_bcc=175 [2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 A0 00 50 00 08 00 00 00 B8 .......  .P.....¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.Í«ï ..#Eg.«. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 60 .H`..... .......` [060] 4E 06 06 2B 06 01 05 05 02 A0 44 30 42 A0 0E 30 N..+.... . D0B .0 [070] 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 30 04 ...+.... .7...¢0. [080] 2E 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 08 .NTLMSSP .....5.. [090] 60 07 00 07 00 20 00 00 00 07 00 07 00 27 00 00 `.... .. .....'.. [0A0] 00 52 4B 5F 4B 4C 42 47 4D 4F 4E 53 54 45 52 .RK_KLBG MONSTER [2009/03/10 11:50:58, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:50:58, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:58, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=160 params=0 setup=2 [2009/03/10 11:50:58, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:58, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:58, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:58, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71ce [2009/03/10 11:50:58, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71ce (pipes_open=1) [2009/03/10 11:50:58, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71ce) [2009/03/10 11:50:58, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1757628 max_trans_reply: 4280 [2009/03/10 11:50:58, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71ce name: lsarpc open: Yes len: 160 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 160 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 144 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00a0 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0050 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2009/03/10 11:50:58, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 144 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2009/03/10 11:50:58, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2009/03/10 11:50:58, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2009/03/10 11:50:58, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2009/03/10 11:50:58, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2009/03/10 11:50:58, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345778 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 89 ab [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000000 [2009/03/10 11:50:58, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2009/03/10 11:50:58, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2009/03/10 11:50:58, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 09 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/03/10 11:50:58, 3] rpc_server/srv_pipe.c:pipe_spnego_auth_bind_negotiate(1140) pipe_spnego_auth_bind_negotiate: Got OID 1 3 6 1 4 1 311 2 2 10 [2009/03/10 11:50:58, 3] rpc_server/srv_pipe.c:pipe_spnego_auth_bind_negotiate(1143) pipe_spnego_auth_bind_negotiate: Got secblob of size 46 [2009/03/10 11:50:58, 5] auth/auth.c:make_auth_context_subsystem(485) Making default auth method list for DC, security=user, encrypt passwords = yes [2009/03/10 11:50:58, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match guest [2009/03/10 11:50:58, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method guest has a valid init [2009/03/10 11:50:58, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match sam [2009/03/10 11:50:58, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method sam has a valid init [2009/03/10 11:50:58, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2009/03/10 11:50:58, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match trustdomain [2009/03/10 11:50:58, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method trustdomain has a valid init [2009/03/10 11:50:58, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method winbind has a valid init [2009/03/10 11:50:58, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/03/10 11:50:58, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module guest did not want to specify a challenge [2009/03/10 11:50:58, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module sam did not want to specify a challenge [2009/03/10 11:50:58, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module winbind did not want to specify a challenge [2009/03/10 11:50:58, 5] auth/auth.c:get_ntlm_challenge(136) auth_context challenge created by random [2009/03/10 11:50:58, 5] auth/auth.c:get_ntlm_challenge(137) challenge is: [2009/03/10 11:50:58, 5] lib/util.c:dump_data(2230) [000] C2 56 52 54 64 55 B4 D6 ÂVRTdU´Ö [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_auth [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 auth_type : 09 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 auth_level : 06 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 auth_pad_len : 08 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 auth_reserved: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 auth_context_id: 00000001 [2009/03/10 11:50:58, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\lsarpc checking \PIPE\lsarpc [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2009/03/10 11:50:58, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2009/03/10 11:50:58, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000d [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\lsarpc. [2009/03/10 11:50:58, 6] rpc_parse/parse_prs.c:prs_debug(88) 000017 smb_io_rpc_results [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2009/03/10 11:50:58, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2009/03/10 11:50:58, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 014d [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0101 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 144 [2009/03/10 11:50:58, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71ce name: lsarpc len: 4280 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: lsarpc: current_pdu_len = 333, current_pdu_sent = 0 returning 333 bytes. [2009/03/10 11:50:58, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..333] (align 0) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) size=389 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=17 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 333 (0x14D) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 333 (0x14D) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=334 [2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) [000] 00 05 00 0C 03 10 00 00 00 4D 01 01 01 08 00 00 ........ .M...... [010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 FE `....... .....¡.þ [050] 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0.û .... ¡...+... [060] 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E 54 4C 4D ..7...¢. å..âNTLM [070] 53 53 50 00 02 00 00 00 0E 00 0E 00 30 00 00 00 SSP..... ....0... [080] 35 82 89 60 C2 56 52 54 64 55 B4 D6 00 00 00 00 5..`ÂVRT dU´Ö.... [090] 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 00 4B 00 ....¤.¤. >...R.K. [0A0] 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E 00 52 00 _.K.L.B. G.....R. [0B0] 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 00 0A 00 K._.K.L. B.G..... [0C0] 53 00 41 00 4D 00 42 00 41 00 04 00 36 00 69 00 S.A.M.B. A...6.i. [0D0] 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 00 6B 00 n.t.e.r. n...r.k. [0E0] 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 00 72 00 -.k.l.o. s.t.e.r. [0F0] 6E 00 65 00 75 00 62 00 75 00 72 00 67 00 2E 00 n.e.u.b. u.r.g... [100] 61 00 74 00 03 00 42 00 73 00 61 00 6D 00 62 00 a.t...B. s.a.m.b. [110] 61 00 2E 00 69 00 6E 00 74 00 65 00 72 00 6E 00 a...i.n. t.e.r.n. [120] 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 ..r.k.-. k.l.o.s. [130] 74 00 65 00 72 00 6E 00 65 00 75 00 62 00 75 00 t.e.r.n. e.u.b.u. [140] 72 00 67 00 2E 00 61 00 74 00 00 00 00 00 r.g...a. t..... [2009/03/10 11:50:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 346 [2009/03/10 11:50:58, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x15a [2009/03/10 11:50:58, 3] smbd/process.c:process_smb(1550) Transaction 17 of length 350 (0 toread) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) size=346 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=18 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 264 (0x108) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 264 (0x108) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29134 (0x71CE) smb_bcc=279 [2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0E 03 10 00 00 00 08 01 B8 00 08 00 00 00 B8 ........ .¸.....¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 W4.4.Í«ï ..#Eg.«. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 .H`..... .......¡ [060] 81 B5 30 81 B2 A2 81 AF 04 81 AC 4E 54 4C 4D 53 .µ0.²¢.¯ ..¬NTLMS [070] 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 18 SP...... ...@.... [080] 00 18 00 58 00 00 00 0E 00 0E 00 70 00 00 00 10 ...X.... ...p.... [090] 00 10 00 7E 00 00 00 0E 00 0E 00 8E 00 00 00 10 ...~.... ........ [0A0] 00 10 00 9C 00 00 00 35 82 08 60 8E AE 80 3E DF .......5 ..`.®.>ß [0B0] FB 21 C0 00 00 00 00 00 00 00 00 00 00 00 00 00 û!À..... ........ [0C0] 00 00 00 60 7F 49 27 B1 95 B3 07 4F 83 55 9F F0 ...`.I'± .³.O.U.ð [0D0] D5 10 E7 30 97 11 3D C6 15 7B D5 52 00 4B 00 5F Õ.ç0..=Æ .{ÕR.K._ [0E0] 00 4B 00 4C 00 42 00 47 00 4D 00 4F 00 4E 00 53 .K.L.B.G .M.O.N.S [0F0] 00 54 00 45 00 52 00 24 00 4D 00 4F 00 4E 00 53 .T.E.R.$ .M.O.N.S [100] 00 54 00 45 00 52 00 EE 3F 1B 44 FA 5E 2C E2 09 .T.E.R.î ?.Dú^,â. [110] C1 1F 7D 4C 70 97 5B Á.}Lp.[ [2009/03/10 11:50:58, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:50:58, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:58, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=264 params=0 setup=2 [2009/03/10 11:50:58, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:58, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:58, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:58, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71ce [2009/03/10 11:50:58, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71ce (pipes_open=1) [2009/03/10 11:50:58, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71ce) [2009/03/10 11:50:58, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1757628 max_trans_reply: 4280 [2009/03/10 11:50:58, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71ce name: lsarpc open: Yes len: 264 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 264 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 264 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 264, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 248 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 248 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0e [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0108 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 00b8 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2009/03/10 11:50:58, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 14, flags = 3 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 248 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 248, incoming data = 248 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 14 [2009/03/10 11:50:58, 5] rpc_server/srv_pipe.c:api_pipe_alter_context(1827) api_pipe_alter_context: decode request. 1827 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2009/03/10 11:50:58, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2009/03/10 11:50:58, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2009/03/10 11:50:58, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345778 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 89 ab [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000000 [2009/03/10 11:50:58, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2009/03/10 11:50:58, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2009/03/10 11:50:58, 5] rpc_server/srv_pipe.c:api_pipe_alter_context(1841) api_pipe_alter_context: make response. 1841 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 09 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/03/10 11:50:58, 5] rpc_server/srv_pipe.c:pipe_ntlmssp_verify_final(613) pipe_ntlmssp_verify_final: pipe lsarpc checking user details [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(1456, 515) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:58, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(745) Got user=[MONSTER$] domain=[RK_KLBG] workstation=[MONSTER] len1=24 len2=24 [2009/03/10 11:50:58, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(68) auth_context challenge set by NTLMSSP callback (NTLM2) [2009/03/10 11:50:58, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(69) challenge is: [2009/03/10 11:50:58, 5] lib/util.c:dump_data(2230) [000] 91 18 9B E5 4F A7 FB B4 ...åO§û´ [2009/03/10 11:50:58, 6] param/loadparm.c:lp_file_list_changed(6699) lp_file_list_changed() file /etc/samba/smb-%m.conf -> /etc/samba/smb-monster.conf last mod_time: Tue Mar 10 11:49:02 2009 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Mar 10 10:39:07 2009 [2009/03/10 11:50:58, 5] auth/auth_util.c:make_user_info_map(206) make_user_info_map: Mapping user [RK_KLBG]\[MONSTER$] from workstation [MONSTER] [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:58, 5] auth/auth_util.c:is_trusted_domain(2055) is_trusted_domain: Checking for domain trust with [RK_KLBG] [2009/03/10 11:50:58, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823) ldapsam_get_trusteddom_pw called for domain RK_KLBG [2009/03/10 11:50:58, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [sambaDomainName=RK_KLBG,sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=RK_KLBG))], scope => [2] [2009/03/10 11:50:58, 10] lib/smbldap.c:smbldap_search_ext(1264) Failed search for base: sambaDomainName=RK_KLBG,sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at, error: 32 (No such object) (unknown) [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 10] lib/gencache.c:gencache_get(194) Cache entry with key = TDOM/RK_KLBG couldn't be found [2009/03/10 11:50:58, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183) no entry for trusted domain RK_KLBG found. [2009/03/10 11:50:58, 5] auth/auth_util.c:make_user_info(120) attempting to make a user_info for MONSTER$ (MONSTER$) [2009/03/10 11:50:58, 5] auth/auth_util.c:make_user_info(130) making strings for MONSTER$'s user_info struct [2009/03/10 11:50:58, 5] auth/auth_util.c:make_user_info(162) making blobs for MONSTER$'s user_info struct [2009/03/10 11:50:58, 10] auth/auth_util.c:make_user_info(180) made an encrypted user_info for MONSTER$ (MONSTER$) [2009/03/10 11:50:58, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [RK_KLBG]\[MONSTER$]@[MONSTER] with the new password interface [2009/03/10 11:50:58, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [RK_KLBG]\[MONSTER$]@[MONSTER] [2009/03/10 11:50:58, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2009/03/10 11:50:58, 10] auth/auth.c:check_ntlm_password(234) challenge is: [2009/03/10 11:50:58, 5] lib/util.c:dump_data(2230) [000] 91 18 9B E5 4F A7 FB B4 ...åO§û´ [2009/03/10 11:50:58, 10] auth/auth.c:check_ntlm_password(260) check_ntlm_password: guest had nothing to say [2009/03/10 11:50:58, 8] lib/util.c:is_myname(2105) is_myname("RK_KLBG") returns 0 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:58, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(uid=MONSTER$)(objectclass=sambaSamAccount))], scope => [2] [2009/03/10 11:50:58, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: monster$ [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username monster$, was [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username monster$, was [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:50:58, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2009/03/10 11:50:58, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2009/03/10 11:50:58, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2009/03/10 11:50:58, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:50:58, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\monster_, was [2009/03/10 11:50:58, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:50:58, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:50:58, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2009/03/10 11:50:58, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:50:58, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:58, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2009/03/10 11:50:58, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2009/03/10 11:50:58, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2009/03/10 11:50:58, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user monster$ [2009/03/10 11:50:58, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2009/03/10 11:50:58, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:50:58, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:58, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user monster$ [2009/03/10 11:50:58, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is monster$ [2009/03/10 11:50:58, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [monster$]! [2009/03/10 11:50:58, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2009/03/10 11:50:58, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 515 [2009/03/10 11:50:58, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2009/03/10 11:50:58, 10] passdb/lookup_sid.c:lookup_sid(950) lookup_sid called for SID 'S-1-5-21-181998944-1107627502-2274996074-515' [2009/03/10 11:50:58, 10] passdb/lookup_sid.c:check_dom_sid_to_level(705) Accepting SID S-1-5-21-181998944-1107627502-2274996074 in level 1 [2009/03/10 11:50:58, 10] passdb/lookup_sid.c:lookup_rids(468) lookup_rids called for domain sid 'S-1-5-21-181998944-1107627502-2274996074' [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:50:58, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:58, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Users,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-515)))], scope => [2] [2009/03/10 11:50:58, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-515)))], scope => [2] [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 10] passdb/lookup_sid.c:lookup_sid(985) Sid S-1-5-21-181998944-1107627502-2274996074-515 -> RK_KLBG\Domain Computers(2) [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:50:58, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:58, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username monster$, was [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username monster$, was [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\monster_, was [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:50:58, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:58, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:50:58, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 from rid 3912 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 4] libsmb/ntlm_check.c:ntlm_password_check(328) ntlm_password_check: Checking NT MD4 password [2009/03/10 11:50:58, 4] auth/auth_sam.c:sam_account_ok(137) sam_account_ok: Checking SMB password for user monster$ [2009/03/10 11:50:58, 5] auth/auth_sam.c:logon_hours_ok(119) logon_hours_ok: user monster$ allowed to logon at this time (Tue Mar 10 10:50:58 2009 ) [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:58, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:58, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(uid=monster$))], scope => [2] [2009/03/10 11:50:58, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=posixGroup)(|(memberUid=monster$)(gidNumber=515)))], scope => [2] [2009/03/10 11:50:58, 5] auth/auth_util.c:make_server_info_sam(650) make_server_info_sam: made server info for user monster$ -> monster$ [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: sam authentication for user [MONSTER$] succeeded [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 5] auth/auth.c:check_ntlm_password(295) check_ntlm_password: PAM Account for user [monster$] succeeded [2009/03/10 11:50:58, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [MONSTER$] -> [MONSTER$] -> [monster$] succeeded [2009/03/10 11:50:58, 5] auth/auth_util.c:free_user_info(1985) attempting to free (and zero) a user_info structure [2009/03/10 11:50:58, 10] auth/auth_util.c:free_user_info(1989) structure was created for MONSTER$ [2009/03/10 11:50:58, 10] auth/token_util.c:create_local_nt_token(304) Create local NT token for S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:50:58, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-544 -> gid 804 [2009/03/10 11:50:58, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-545 -> gid 100 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:58, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-3912)(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-515)))], scope => [2] [2009/03/10 11:50:58, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-3912)(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-515)))], scope => [2] [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-181998944-1107627502-2274996074-3912] [2009/03/10 11:50:58, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-181998944-1107627502-2274996074-515] [2009/03/10 11:50:58, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:50:58, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2009/03/10 11:50:58, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-11] [2009/03/10 11:50:58, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-22-2-515] [2009/03/10 11:50:58, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-181998944-1107627502-2274996074-515 -> gid 515 [2009/03/10 11:50:58, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-1-0 [2009/03/10 11:50:58, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-1-0 to gid, ignoring it [2009/03/10 11:50:58, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-2 [2009/03/10 11:50:58, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-5-2 to gid, ignoring it [2009/03/10 11:50:58, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-11 [2009/03/10 11:50:58, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-5-11 to gid, ignoring it [2009/03/10 11:50:58, 10] passdb/lookup_sid.c:sid_to_gid(1413) sid S-1-22-2-515 -> gid 515 [2009/03/10 11:50:58, 10] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:50:58, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2009/03/10 11:50:58, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(811) ntlmssp_server_auth: Created NTLM2 session key. [2009/03/10 11:50:58, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2009/03/10 11:50:58, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:58, 5] rpc_server/srv_pipe.c:pipe_ntlmssp_verify_final(666) pipe_ntlmssp_verify_final: OK: user: MONSTER$ domain: RK_KLBG workstation: MONSTER [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_auth [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 auth_type : 09 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 auth_level : 06 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 auth_pad_len : 08 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 auth_reserved: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 auth_context_id: 00000001 [2009/03/10 11:50:58, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\lsarpc checking \PIPE\lsarpc [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2009/03/10 11:50:58, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2009/03/10 11:50:58, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 0001 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: . [2009/03/10 11:50:58, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000b smb_io_rpc_results [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000c num_results: 01 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 result : 0000 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 reason : 0000 [2009/03/10 11:50:58, 6] rpc_parse/parse_prs.c:prs_debug(88) 000014 smb_io_rpc_iface [2009/03/10 11:50:58, 7] rpc_parse/parse_prs.c:prs_debug(88) 000014 smb_io_uuid uuid [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 data : 8a885d04 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 data : 1ceb [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001a data : 11c9 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001c data : 9f e8 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001e data : 08 00 2b 10 48 60 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 version: 00000002 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0f [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0057 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0017 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000008 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 248 [2009/03/10 11:50:58, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71ce name: lsarpc len: 4280 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: lsarpc: current_pdu_len = 87, current_pdu_sent = 0 returning 87 bytes. [2009/03/10 11:50:58, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..87] (align 0) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) size=143 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=18 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 87 (0x57) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 87 (0x57) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=88 [2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 08 00 00 ........ .W...... [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 .¸.¸.ðS. ........ [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 .¡.0. .. ..¡...+. [050] 01 04 01 82 37 02 02 0A ....7... [2009/03/10 11:50:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 178 [2009/03/10 11:50:58, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0xb2 [2009/03/10 11:50:58, 3] smbd/process.c:process_smb(1550) Transaction 18 of length 182 (0 toread) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=19 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 96 (0x60) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 96 (0x60) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29134 (0x71CE) smb_bcc=111 [2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 60 00 10 00 09 00 00 00 2C .......` ......., [020] 00 00 00 00 00 06 00 28 7A 6A 98 29 5E 38 96 DD .......( zj.)^8.Ý [030] 37 72 9F 43 8D 14 EC DC 4E 59 0E 6E EC 0D 48 97 7r.C..ìÜ NY.nì.H. [040] AC C9 91 D7 9B FF F9 24 55 3A 0B 26 C4 FC 67 E1 ¬É.×.ÿù$ U:.&Äügá [050] 5A FB CD A2 EA 29 9E 09 06 04 00 01 00 00 00 01 ZûÍ¢ê).. ........ [060] 00 00 00 9E AA 11 73 12 10 C1 B9 00 00 00 00 ....ª.s. .Á¹.... [2009/03/10 11:50:58, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:50:58, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:58, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=96 params=0 setup=2 [2009/03/10 11:50:58, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:58, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:58, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:58, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71ce [2009/03/10 11:50:58, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71ce (pipes_open=1) [2009/03/10 11:50:58, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71ce) [2009/03/10 11:50:58, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1757628 max_trans_reply: 4280 [2009/03/10 11:50:58, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71ce name: lsarpc open: Yes len: 96 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 96 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 96 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 96, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 80 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 80 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0060 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000009 [2009/03/10 11:50:58, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 80 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 80, incoming data = 80 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000002c [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0006 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth hdr_auth [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 09 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 04 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/03/10 11:50:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2009/03/10 11:50:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2009/03/10 11:50:58, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 118 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(1456, 515) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1456, 515) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 1456 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2009/03/10 11:50:58, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2009/03/10 11:50:58, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0x6 - api_rpcTNP: rpc command: LSA_OPENPOLICY [2009/03/10 11:50:58, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[6].fn == 0x45da30 lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES [2009/03/10 11:50:58, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x02000000, for NT token with 6 entries and first sid S-1-5-21-181998944-1107627502-2274996074-3912. [2009/03/10 11:50:58, 3] lib/util_seaccess.c:se_access_check(249) [2009/03/10 11:50:58, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-181998944-1107627502-2274996074-3912 se_access_check: also S-1-5-21-181998944-1107627502-2274996074-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-515 [2009/03/10 11:50:58, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[1] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B6 49 12 46 ........ ....¶I.F [010] DD 37 00 00 Ý7.. lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-b649-1246dd370000 result : NT_STATUS_OK [2009/03/10 11:50:58, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:58, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 820 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 80 [2009/03/10 11:50:58, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71ce name: lsarpc len: 4280 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000009 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 09 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/10 11:50:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2009/03/10 11:50:58, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..72] (align 0) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=19 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 09 00 00 ........ .H...... [010] 00 18 00 00 00 00 00 00 00 91 E4 9B AB 2A 1F F2 ........ ..ä.«*.ò [020] DF 88 4E 37 02 A9 EA 5B 32 DF D3 31 C4 7C 01 BD ß.N7.©ê[ 2ßÓ1Ä|.½ [030] E8 09 06 00 00 01 00 00 00 01 00 00 00 57 66 2F è....... .....Wf/ [040] 0A C3 6D EF 2E 00 00 00 00 .Ãmï.... . [2009/03/10 11:50:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 162 [2009/03/10 11:50:58, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0xa2 [2009/03/10 11:50:58, 3] smbd/process.c:process_smb(1550) Transaction 19 of length 166 (0 toread) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) size=162 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=20 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29134 (0x71CE) smb_bcc=95 [2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 50 00 10 00 0A 00 00 00 1C .......P ........ [020] 00 00 00 00 00 0D 00 00 AA 9C B1 4F A0 4B 4A 2E ........ ª.±O KJ. [030] 33 B9 2E 3D D1 4B 23 42 3B F7 3B C8 D4 4E 1B B3 3¹.=ÑK#B ;÷;ÈÔN.³ [040] D9 C2 3D 1E E5 FD 49 09 06 04 00 01 00 00 00 01 ÙÂ=.åýI. ........ [050] 00 00 00 EC B3 C9 AD E9 F6 90 8F 01 00 00 00 ...ì³É­é ö...... [2009/03/10 11:50:58, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:50:58, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:50:58, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=80 params=0 setup=2 [2009/03/10 11:50:58, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:50:58, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:50:58, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:50:58, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71ce [2009/03/10 11:50:58, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71ce (pipes_open=1) [2009/03/10 11:50:58, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "lsarpc" (pnum 71ce) [2009/03/10 11:50:58, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1757628 max_trans_reply: 4280 [2009/03/10 11:50:58, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71ce name: lsarpc open: Yes len: 80 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 80 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 64 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0050 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000a [2009/03/10 11:50:58, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 64 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 0000001c [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 000d [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000028 smb_io_rpc_hdr_auth hdr_auth [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 auth_type : 09 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0029 auth_level : 06 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 002a auth_pad_len : 04 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 002b auth_reserved: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 002c auth_context_id: 00000001 [2009/03/10 11:50:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2009/03/10 11:50:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2009/03/10 11:50:58, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(1456, 515) : sec_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1456, 515) - sec_ctx_stack_ndx = 1 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 1456 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2009/03/10 11:50:58, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\lsarpc [2009/03/10 11:50:58, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: lsarpc op 0xd - api_rpcTNP: rpc command: LSA_ENUMTRUSTDOM [2009/03/10 11:50:58, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[13].fn == 0x45cb90 lsa_EnumTrustDom: struct lsa_EnumTrustDom in: struct lsa_EnumTrustDom handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-b649-1246dd370000 resume_handle : * resume_handle : 0x00000000 (0) max_size : 0xffffffff (4294967295) [2009/03/10 11:50:58, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B6 49 12 46 ........ ....¶I.F [010] DD 37 00 00 Ý7.. [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(1456, 515) : sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:50:58, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:50:58, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:50:58, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at], filter => [(objectClass=sambaTrustedDomainPassword)], scope => [2] [2009/03/10 11:50:58, 5] passdb/pdb_ldap.c:ldapsam_enum_trusteddoms(6054) ldapsam_enum_trusteddoms: got 0 domains [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (1456, 515) - sec_ctx_stack_ndx = 1 lsa_EnumTrustDom: struct lsa_EnumTrustDom out: struct lsa_EnumTrustDom resume_handle : * resume_handle : 0xffffffff (4294967295) domains : * domains: struct lsa_DomainList count : 0x00000000 (0) domains : * domains: ARRAY(0) result : NT_STATUS_NO_MORE_ENTRIES [2009/03/10 11:50:58, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called lsarpc successfully [2009/03/10 11:50:58, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:50:58, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 4 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 64 [2009/03/10 11:50:58, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71ce name: lsarpc len: 4280 [2009/03/10 11:50:58, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 20. [2009/03/10 11:50:58, 10] rpc_server/srv_pipe.c:create_next_pdu_ntlmssp(135) create_next_pdu_ntlmssp: adding sign/seal padding of 4 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000a [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000014 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 09 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 04 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/10 11:50:58, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/10 11:50:58, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2009/03/10 11:50:58, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..72] (align 0) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(642) [2009/03/10 11:50:58, 5] lib/util.c:show_msg(652) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=20 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/03/10 11:50:58, 10] lib/util.c:dump_data(2230) [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0A 00 00 ........ .H...... [010] 00 14 00 00 00 00 00 00 00 56 54 E0 91 FF CD 23 ........ .VTà.ÿÍ# [020] 28 4F 2D B4 0F 17 4E 44 E9 6E 8D 41 58 60 63 40 (O-´..ND én.AX`c@ [030] 07 09 06 04 00 01 00 00 00 01 00 00 00 50 7E 88 ........ .....P~. [040] 2F 2B B3 7C F4 01 00 00 00 /+³|ô... . [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 96 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x60 [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 20 of length 100 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=21 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=13 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 14301) conn 0x1763128 [2009/03/10 11:51:10, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:51:10, 10] smbd/nttrans.c:reply_ntcreate_and_X(488) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = samr [2009/03/10 11:51:10, 4] smbd/nttrans.c:nt_open_pipe(295) nt_open_pipe: Opening pipe \samr. [2009/03/10 11:51:10, 3] smbd/nttrans.c:nt_open_pipe(320) nt_open_pipe: Known pipe samr opening. [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested samr (pipes_open=1) [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(195) open_rpc_pipe_p: name lsarpc pnum=71ce [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested samr [2009/03/10 11:51:10, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 2 for pipe samr [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe samr (pipes_open=1) [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe samr with handle 71cf (pipes_open=2) [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name samr pnum=71cf [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name lsarpc pnum=71ce [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 73616D722F3134333031 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x1673c40 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 73616D722F3134333031 [2009/03/10 11:51:10, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408) do_ntcreate_pipe_open: open pipe = \samr [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=21 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=52992 (0xCF00) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 242 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0xf2 [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 21 of length 246 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=242 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=22 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 160 (0xA0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 160 (0xA0) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29135 (0x71CF) smb_bcc=175 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 A0 00 50 00 0B 00 00 00 B8 .......  .P.....¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.Í«ï ..#Eg.¬. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 60 .H`..... .......` [060] 4E 06 06 2B 06 01 05 05 02 A0 44 30 42 A0 0E 30 N..+.... . D0B .0 [070] 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 30 04 ...+.... .7...¢0. [080] 2E 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 08 .NTLMSSP .....5.. [090] 60 07 00 07 00 20 00 00 00 07 00 07 00 27 00 00 `.... .. .....'.. [0A0] 00 52 4B 5F 4B 4C 42 47 4D 4F 4E 53 54 45 52 .RK_KLBG MONSTER [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:51:10, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:51:10, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=160 params=0 setup=2 [2009/03/10 11:51:10, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:51:10, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:51:10, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71cf [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=71cf (pipes_open=2) [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71ce (pipes_open=2) [2009/03/10 11:51:10, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 71cf) [2009/03/10 11:51:10, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1696160 max_trans_reply: 4280 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71cf name: samr open: Yes len: 160 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 160 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 144 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00a0 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0050 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 144 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2009/03/10 11:51:10, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\samr -> \PIPE\samr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345778 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 89 ac [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/03/10 11:51:10, 3] rpc_server/srv_pipe.c:pipe_spnego_auth_bind_negotiate(1140) pipe_spnego_auth_bind_negotiate: Got OID 1 3 6 1 4 1 311 2 2 10 [2009/03/10 11:51:10, 3] rpc_server/srv_pipe.c:pipe_spnego_auth_bind_negotiate(1143) pipe_spnego_auth_bind_negotiate: Got secblob of size 46 [2009/03/10 11:51:10, 5] auth/auth.c:make_auth_context_subsystem(485) Making default auth method list for DC, security=user, encrypt passwords = yes [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match guest [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method guest has a valid init [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match sam [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method sam has a valid init [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match trustdomain [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method trustdomain has a valid init [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method winbind has a valid init [2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/03/10 11:51:10, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module guest did not want to specify a challenge [2009/03/10 11:51:10, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module sam did not want to specify a challenge [2009/03/10 11:51:10, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module winbind did not want to specify a challenge [2009/03/10 11:51:10, 5] auth/auth.c:get_ntlm_challenge(136) auth_context challenge created by random [2009/03/10 11:51:10, 5] auth/auth.c:get_ntlm_challenge(137) challenge is: [2009/03/10 11:51:10, 5] lib/util.c:dump_data(2230) [000] 92 DE 84 97 37 5A 24 78 .Þ..7Z$x [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 auth_pad_len : 08 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 auth_context_id: 00000001 [2009/03/10 11:51:10, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\samr checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000b [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\samr. [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000015 smb_io_rpc_results [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 014d [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0101 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 144 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71cf name: samr len: 4280 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: samr: current_pdu_len = 333, current_pdu_sent = 0 returning 333 bytes. [2009/03/10 11:51:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..333] (align 0) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=389 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=22 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 333 (0x14D) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 333 (0x14D) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=334 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 05 00 0C 03 10 00 00 00 4D 01 01 01 0B 00 00 ........ .M...... [010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 FE `....... .....¡.þ [050] 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0.û .... ¡...+... [060] 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E 54 4C 4D ..7...¢. å..âNTLM [070] 53 53 50 00 02 00 00 00 0E 00 0E 00 30 00 00 00 SSP..... ....0... [080] 35 82 89 60 92 DE 84 97 37 5A 24 78 00 00 00 00 5..`.Þ.. 7Z$x.... [090] 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 00 4B 00 ....¤.¤. >...R.K. [0A0] 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E 00 52 00 _.K.L.B. G.....R. [0B0] 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 00 0A 00 K._.K.L. B.G..... [0C0] 53 00 41 00 4D 00 42 00 41 00 04 00 36 00 69 00 S.A.M.B. A...6.i. [0D0] 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 00 6B 00 n.t.e.r. n...r.k. [0E0] 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 00 72 00 -.k.l.o. s.t.e.r. [0F0] 6E 00 65 00 75 00 62 00 75 00 72 00 67 00 2E 00 n.e.u.b. u.r.g... [100] 61 00 74 00 03 00 42 00 73 00 61 00 6D 00 62 00 a.t...B. s.a.m.b. [110] 61 00 2E 00 69 00 6E 00 74 00 65 00 72 00 6E 00 a...i.n. t.e.r.n. [120] 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 ..r.k.-. k.l.o.s. [130] 74 00 65 00 72 00 6E 00 65 00 75 00 62 00 75 00 t.e.r.n. e.u.b.u. [140] 72 00 67 00 2E 00 61 00 74 00 00 00 00 00 r.g...a. t..... [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 346 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x15a [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 22 of length 350 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=346 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=23 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 264 (0x108) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 264 (0x108) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29135 (0x71CF) smb_bcc=279 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0E 03 10 00 00 00 08 01 B8 00 0B 00 00 00 B8 ........ .¸.....¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.Í«ï ..#Eg.¬. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 .H`..... .......¡ [060] 81 B5 30 81 B2 A2 81 AF 04 81 AC 4E 54 4C 4D 53 .µ0.²¢.¯ ..¬NTLMS [070] 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 18 SP...... ...@.... [080] 00 18 00 58 00 00 00 0E 00 0E 00 70 00 00 00 10 ...X.... ...p.... [090] 00 10 00 7E 00 00 00 0E 00 0E 00 8E 00 00 00 10 ...~.... ........ [0A0] 00 10 00 9C 00 00 00 35 82 08 60 74 D5 F7 95 01 .......5 ..`tÕ÷.. [0B0] E5 72 D9 00 00 00 00 00 00 00 00 00 00 00 00 00 årÙ..... ........ [0C0] 00 00 00 23 B0 1C 9C A0 DC 86 12 58 78 D6 EE B4 ...#°..  Ü..XxÖî´ [0D0] 53 79 DC 3B 0A B1 16 2E 34 45 3B 52 00 4B 00 5F SyÜ;.±.. 4E;R.K._ [0E0] 00 4B 00 4C 00 42 00 47 00 4D 00 4F 00 4E 00 53 .K.L.B.G .M.O.N.S [0F0] 00 54 00 45 00 52 00 24 00 4D 00 4F 00 4E 00 53 .T.E.R.$ .M.O.N.S [100] 00 54 00 45 00 52 00 F9 4C 93 F0 03 8D BC 9E A5 .T.E.R.ù L.ð..¼.¥ [110] D5 B9 78 AA F2 DE 1C Õ¹xªòÞ. [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:51:10, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:51:10, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=264 params=0 setup=2 [2009/03/10 11:51:10, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:51:10, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:51:10, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71cf [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=71cf (pipes_open=2) [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71ce (pipes_open=2) [2009/03/10 11:51:10, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 71cf) [2009/03/10 11:51:10, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1696160 max_trans_reply: 4280 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71cf name: samr open: Yes len: 264 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 264 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 264 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 264, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 248 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 248 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0e [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0108 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 00b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 14, flags = 3 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 248 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 248, incoming data = 248 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 14 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_pipe_alter_context(1827) api_pipe_alter_context: decode request. 1827 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345778 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 89 ac [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_pipe_alter_context(1841) api_pipe_alter_context: make response. 1841 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:pipe_ntlmssp_verify_final(613) pipe_ntlmssp_verify_final: pipe samr checking user details [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(1456, 515) : sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(745) Got user=[MONSTER$] domain=[RK_KLBG] workstation=[MONSTER] len1=24 len2=24 [2009/03/10 11:51:10, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(68) auth_context challenge set by NTLMSSP callback (NTLM2) [2009/03/10 11:51:10, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(69) challenge is: [2009/03/10 11:51:10, 5] lib/util.c:dump_data(2230) [000] E9 F6 B1 09 66 2D F4 19 éö±.f-ô. [2009/03/10 11:51:10, 6] param/loadparm.c:lp_file_list_changed(6699) lp_file_list_changed() file /etc/samba/smb-%m.conf -> /etc/samba/smb-monster.conf last mod_time: Tue Mar 10 11:49:02 2009 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Mar 10 10:39:07 2009 [2009/03/10 11:51:10, 5] auth/auth_util.c:make_user_info_map(206) make_user_info_map: Mapping user [RK_KLBG]\[MONSTER$] from workstation [MONSTER] [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] auth/auth_util.c:is_trusted_domain(2055) is_trusted_domain: Checking for domain trust with [RK_KLBG] [2009/03/10 11:51:10, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823) ldapsam_get_trusteddom_pw called for domain RK_KLBG [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [sambaDomainName=RK_KLBG,sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=RK_KLBG))], scope => [2] [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_search_ext(1264) Failed search for base: sambaDomainName=RK_KLBG,sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at, error: 32 (No such object) (unknown) [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(194) Cache entry with key = TDOM/RK_KLBG couldn't be found [2009/03/10 11:51:10, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183) no entry for trusted domain RK_KLBG found. [2009/03/10 11:51:10, 5] auth/auth_util.c:make_user_info(120) attempting to make a user_info for MONSTER$ (MONSTER$) [2009/03/10 11:51:10, 5] auth/auth_util.c:make_user_info(130) making strings for MONSTER$'s user_info struct [2009/03/10 11:51:10, 5] auth/auth_util.c:make_user_info(162) making blobs for MONSTER$'s user_info struct [2009/03/10 11:51:10, 10] auth/auth_util.c:make_user_info(180) made an encrypted user_info for MONSTER$ (MONSTER$) [2009/03/10 11:51:10, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [RK_KLBG]\[MONSTER$]@[MONSTER] with the new password interface [2009/03/10 11:51:10, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [RK_KLBG]\[MONSTER$]@[MONSTER] [2009/03/10 11:51:10, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2009/03/10 11:51:10, 10] auth/auth.c:check_ntlm_password(234) challenge is: [2009/03/10 11:51:10, 5] lib/util.c:dump_data(2230) [000] E9 F6 B1 09 66 2D F4 19 éö±.f-ô. [2009/03/10 11:51:10, 10] auth/auth.c:check_ntlm_password(260) check_ntlm_password: guest had nothing to say [2009/03/10 11:51:10, 8] lib/util.c:is_myname(2105) is_myname("RK_KLBG") returns 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(uid=MONSTER$)(objectclass=sambaSamAccount))], scope => [2] [2009/03/10 11:51:10, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: monster$ [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username monster$, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username monster$, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\monster_, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2009/03/10 11:51:10, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user monster$ [2009/03/10 11:51:10, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2009/03/10 11:51:10, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user monster$ [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is monster$ [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [monster$]! [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2009/03/10 11:51:10, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 515 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_sid(950) lookup_sid called for SID 'S-1-5-21-181998944-1107627502-2274996074-515' [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:check_dom_sid_to_level(705) Accepting SID S-1-5-21-181998944-1107627502-2274996074 in level 1 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_rids(468) lookup_rids called for domain sid 'S-1-5-21-181998944-1107627502-2274996074' [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Users,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-515)))], scope => [2] [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-515)))], scope => [2] [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_sid(985) Sid S-1-5-21-181998944-1107627502-2274996074-515 -> RK_KLBG\Domain Computers(2) [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username monster$, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username monster$, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\monster_, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:51:10, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 from rid 3912 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 4] libsmb/ntlm_check.c:ntlm_password_check(328) ntlm_password_check: Checking NT MD4 password [2009/03/10 11:51:10, 4] auth/auth_sam.c:sam_account_ok(137) sam_account_ok: Checking SMB password for user monster$ [2009/03/10 11:51:10, 5] auth/auth_sam.c:logon_hours_ok(119) logon_hours_ok: user monster$ allowed to logon at this time (Tue Mar 10 10:51:10 2009 ) [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(uid=monster$))], scope => [2] [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=posixGroup)(|(memberUid=monster$)(gidNumber=515)))], scope => [2] [2009/03/10 11:51:10, 5] auth/auth_util.c:make_server_info_sam(650) make_server_info_sam: made server info for user monster$ -> monster$ [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: sam authentication for user [MONSTER$] succeeded [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/auth.c:check_ntlm_password(295) check_ntlm_password: PAM Account for user [monster$] succeeded [2009/03/10 11:51:10, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [MONSTER$] -> [MONSTER$] -> [monster$] succeeded [2009/03/10 11:51:10, 5] auth/auth_util.c:free_user_info(1985) attempting to free (and zero) a user_info structure [2009/03/10 11:51:10, 10] auth/auth_util.c:free_user_info(1989) structure was created for MONSTER$ [2009/03/10 11:51:10, 10] auth/token_util.c:create_local_nt_token(304) Create local NT token for S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-544 -> gid 804 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-545 -> gid 100 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-3912)(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-515)))], scope => [2] [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-3912)(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-515)))], scope => [2] [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-181998944-1107627502-2274996074-3912] [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-181998944-1107627502-2274996074-515] [2009/03/10 11:51:10, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-11] [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-22-2-515] [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-181998944-1107627502-2274996074-515 -> gid 515 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-1-0 [2009/03/10 11:51:10, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-1-0 to gid, ignoring it [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-2 [2009/03/10 11:51:10, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-5-2 to gid, ignoring it [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-11 [2009/03/10 11:51:10, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-5-11 to gid, ignoring it [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1413) sid S-1-22-2-515 -> gid 515 [2009/03/10 11:51:10, 10] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:51:10, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2009/03/10 11:51:10, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(811) ntlmssp_server_auth: Created NTLM2 session key. [2009/03/10 11:51:10, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:pipe_ntlmssp_verify_final(666) pipe_ntlmssp_verify_final: OK: user: MONSTER$ domain: RK_KLBG workstation: MONSTER [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 auth_pad_len : 08 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 auth_context_id: 00000001 [2009/03/10 11:51:10, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\samr checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 0001 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: . [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000b smb_io_rpc_results [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000c num_results: 01 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 result : 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 reason : 0000 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000014 smb_io_rpc_iface [2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) 000014 smb_io_uuid uuid [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 data : 8a885d04 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 data : 1ceb [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001a data : 11c9 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001c data : 9f e8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001e data : 08 00 2b 10 48 60 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 version: 00000002 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0f [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0057 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0017 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000b [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 248 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71cf name: samr len: 4280 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: samr: current_pdu_len = 87, current_pdu_sent = 0 returning 87 bytes. [2009/03/10 11:51:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..87] (align 0) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=143 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=23 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 87 (0x57) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 87 (0x57) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=88 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 0B 00 00 ........ .W...... [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 .¸.¸.ðS. ........ [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 .¡.0. .. ..¡...+. [050] 01 04 01 82 37 02 02 0A ....7... [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 162 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0xa2 [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 23 of length 166 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=162 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=24 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29135 (0x71CF) smb_bcc=95 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 50 00 10 00 0C 00 00 00 20 .......P ....... [020] 00 00 00 00 00 39 00 31 B8 DE 34 39 D4 81 0A F3 .....9.1 ¸Þ49Ô..ó [030] FE 74 49 0D 26 62 BA B0 65 E2 26 DA 36 21 81 2D þtI.&bº° eâ&Ú6!.- [040] EB A8 60 5B 9A 7F 0D 09 06 00 00 01 00 00 00 01 ë¨`[.... ........ [050] 00 00 00 BA 50 DC 1D D3 50 28 D4 00 00 00 00 ...ºPÜ.Ó P(Ô.... [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:51:10, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:51:10, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=80 params=0 setup=2 [2009/03/10 11:51:10, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:51:10, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:51:10, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71cf [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=71cf (pipes_open=2) [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71ce (pipes_open=2) [2009/03/10 11:51:10, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 71cf) [2009/03/10 11:51:10, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1696160 max_trans_reply: 4280 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71cf name: samr open: Yes len: 80 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 80 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 64 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0050 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000c [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 64 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000020 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0039 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000028 smb_io_rpc_hdr_auth hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0029 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 002a auth_pad_len : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 002b auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 002c auth_context_id: 00000001 [2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2009/03/10 11:51:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 116 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(1456, 515) : sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1456, 515) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 1456 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\samr [2009/03/10 11:51:10, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: samr op 0x39 - api_rpcTNP: rpc command: SAMR_CONNECT2 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[57].fn == 0x4d2980 samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'SAMBA' access_mask : 0x02000000 (33554432) 0: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 0: SAMR_ACCESS_ENUM_DOMAINS 0: SAMR_ACCESS_OPEN_DOMAIN [2009/03/10 11:51:10, 5] rpc_server/srv_samr_nt.c:_samr_Connect2(3386) _samr_Connect2: 3386 [2009/03/10 11:51:10, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x80000000 to 0x00020010 [2009/03/10 11:51:10, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00020010, for NT token with 6 entries and first sid S-1-5-21-181998944-1107627502-2274996074-3912. [2009/03/10 11:51:10, 3] lib/util_seaccess.c:se_access_check(249) [2009/03/10 11:51:10, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-181998944-1107627502-2274996074-3912 se_access_check: also S-1-5-21-181998944-1107627502-2274996074-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-515 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20031, current desired = 20010 [2009/03/10 11:51:10, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (20010) granted. [2009/03/10 11:51:10, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(215) _samr_Connect2: access GRANTED (requested: 0x00020010, granted: 0x00020010) [2009/03/10 11:51:10, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(373) get_samr_info_by_sid: created new info for sid (NULL) [2009/03/10 11:51:10, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(378) get_samr_info_by_sid: created new info for NULL sid. [2009/03/10 11:51:10, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[2] [000] 00 00 00 00 04 00 00 00 00 00 00 00 B6 49 1E 46 ........ ....¶I.F [010] DD 37 00 00 Ý7.. [2009/03/10 11:51:10, 5] rpc_server/srv_samr_nt.c:_samr_Connect2(3417) _samr_Connect2: 3417 samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-b649-1e46dd370000 result : NT_STATUS_OK [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called samr successfully [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 984 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 64 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71cf name: samr len: 4280 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000c [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2009/03/10 11:51:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..72] (align 0) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=24 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0C 00 00 ........ .H...... [010] 00 18 00 00 00 00 00 00 00 8E 4A 83 67 F1 06 35 ........ ..J.gñ.5 [020] 2C 7B 18 8B 78 BA BD E2 46 CB C1 33 CC B0 ED 58 ,{..xº½â FËÁ3Ì°íX [030] 80 09 06 00 00 01 00 00 00 01 00 00 00 98 00 91 ........ ........ [040] 99 40 89 61 E0 00 00 00 00 .@.aà... . [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 186 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0xba [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 24 of length 190 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=186 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=25 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 104 (0x68) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29135 (0x71CF) smb_bcc=119 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 68 00 10 00 0D 00 00 00 34 .......h .......4 [020] 00 00 00 00 00 07 00 E8 7B 16 5B BE B8 13 6A 44 .......è {.[¾¸.jD [030] 8B 4B 76 A1 CE 95 55 13 B7 2C B0 11 DD 79 CA 66 .Kv¡Î.U. ·,°.ÝyÊf [040] F8 45 AB BB C0 B6 B8 3D E3 9B BB FD B9 06 4A 82 øE«»À¶¸= ã.»ý¹.J. [050] 66 00 EB 12 1F BB 88 36 08 74 A2 A4 41 09 E8 09 f.ë..».6 .t¢¤A.è. [060] 06 04 00 01 00 00 00 01 00 00 00 BE C8 16 57 6C ........ ...¾È.Wl [070] 47 AF A9 01 00 00 00 G¯©.... [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14301) conn 0x1763128 [2009/03/10 11:51:10, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:51:10, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=104 params=0 setup=2 [2009/03/10 11:51:10, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:51:10, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:51:10, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71cf [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=71cf (pipes_open=2) [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71ce (pipes_open=2) [2009/03/10 11:51:10, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 71cf) [2009/03/10 11:51:10, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x1696160 max_trans_reply: 4280 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71cf name: samr open: Yes len: 104 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 104 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 104 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 104, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 88 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 88 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0068 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000d [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 88 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 88, incoming data = 88 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000034 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0007 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000040 smb_io_rpc_hdr_auth hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0040 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0041 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0042 auth_pad_len : 04 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0043 auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 auth_context_id: 00000001 [2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2009/03/10 11:51:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(1456, 515) : sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1456, 515) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 1456 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\samr [2009/03/10 11:51:10, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPENDOMAIN [2009/03/10 11:51:10, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[7].fn == 0x4d9360 samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-b649-1e46dd370000 access_mask : 0x02000000 (33554432) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 0: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-181998944-1107627502-2274996074 [2009/03/10 11:51:10, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 B6 49 1E 46 ........ ....¶I.F [010] DD 37 00 00 Ý7.. [2009/03/10 11:51:10, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(227) _samr_OpenDomain: access check ((granted: 0x00020010; required: 0x00000020) [2009/03/10 11:51:10, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(246) _samr_OpenDomain: ACCESS DENIED (granted: 0x00020010; required: 0x00000020) samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_ACCESS_DENIED [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called samr successfully [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 88 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71cf name: samr len: 4280 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000d [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2009/03/10 11:51:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..72] (align 0) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=25 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0D 00 00 ........ .H...... [010] 00 18 00 00 00 00 00 00 00 74 12 56 7B 8F 0E D1 ........ .t.V{..Ñ [020] 11 89 80 4C 85 E3 7B D0 4F B3 18 6B 44 1B 69 62 ...L.ã{Ð O³.kD.ib [030] EF 09 06 00 00 01 00 00 00 01 00 00 00 1A 28 A2 ï....... ......(¢ [040] 2D FD 97 F9 FA 01 00 00 00 -ý.ùú... . [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 41 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x29 [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 25 of length 45 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=26 smt_wct=3 smb_vwv[ 0]=29135 (0x71CF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 14301) conn 0x1763128 [2009/03/10 11:51:10, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71cf [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=71cf (pipes_open=2) [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71ce (pipes_open=2) [2009/03/10 11:51:10, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:71cf [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name samr pnum=71cf (pipes_open=1) [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 73616D722F3134333031 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x176db78 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 73616D722F3134333031 [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=26 smt_wct=0 smb_bcc=0 [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 41 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x29 [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 26 of length 45 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=27 smt_wct=3 smb_vwv[ 0]=29134 (0x71CE) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 14301) conn 0x1763128 [2009/03/10 11:51:10, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71ce [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name lsarpc pnum=71ce (pipes_open=1) [2009/03/10 11:51:10, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:71ce [2009/03/10 11:51:10, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 B6 49 1E 46 ........ ....¶I.F [010] DD 37 00 00 Ý7.. [2009/03/10 11:51:10, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2009/03/10 11:51:10, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 03 00 00 00 00 00 00 00 B6 49 12 46 ........ ....¶I.F [010] DD 37 00 00 Ý7.. [2009/03/10 11:51:10, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2009/03/10 11:51:10, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe lsarpc [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name lsarpc pnum=71ce (pipes_open=0) [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 6C73617270632F313433 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x176b830 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 6C73617270632F313433 [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=27 smt_wct=0 smb_bcc=0 [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 35 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x23 [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 27 of length 39 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=28 smt_wct=0 smb_bcc=0 [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBtdis (pid 14301) conn 0x1763128 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:51:10, 3] smbd/service.c:close_cnum(1405) monster (::ffff:192.168.60.4) closed connection to service IPC$ [2009/03/10 11:51:10, 3] smbd/connection.c:yield_connection(31) Yielding connection to IPC$ [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key DD370000010000004950 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x1757ff8 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key DD370000010000004950 [2009/03/10 11:51:10, 4] smbd/vfs.c:vfs_ChDir(739) vfs_ChDir to / [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=28 smt_wct=0 smb_bcc=0 [2009/03/10 11:51:10, 5] lib/util_sock.c:read_socket_with_timeout(928) read_socket_with_timeout: blocking read. EOF from client. [2009/03/10 11:51:10, 10] smbd/process.c:receive_smb_raw_talloc(276) receive_smb_raw: NT_STATUS_END_OF_FILE [2009/03/10 11:51:10, 3] smbd/process.c:smbd_process(2036) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2009/03/10 11:51:10, 5] lib/gencache.c:gencache_shutdown(93) Closing cache file [2009/03/10 11:51:10, 5] libsmb/namecache.c:namecache_shutdown(81) namecache_shutdown: netbios namecache closed successfully. [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 49442F31343330312F31 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x1758d40 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 49442F31343330312F31 [2009/03/10 11:51:10, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key DD370000FFFFFFFF0000 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x1757ff8 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key DD370000FFFFFFFF0000 [2009/03/10 11:51:10, 3] smbd/server.c:exit_server_common(946) Server exit (normal exit) [2009/03/10 11:51:10, 2] lib/interface.c:add_interface(337) added interface eth0 ip=fe80::20b:cdff:fef2:f15%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2009/03/10 11:51:10, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.60.3 bcast=192.168.60.255 netmask=255.255.255.0 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 16 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 16 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 16384 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_KEEPALIVE = 1 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_REUSEADDR = 1 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_BROADCAST = 0 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_NODELAY = 1 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPCNT = 9 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPIDLE = 7200 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option TCP_KEEPINTVL = 75 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_LOWDELAY = 16 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option IPTOS_THROUGHPUT = 16 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDBUF = 16384 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVBUF = 16384 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDLOWAT = 1 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVLOWAT = 1 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_SNDTIMEO = 0 [2009/03/10 11:51:10, 5] lib/util_sock.c:print_socket_options(781) socket option SO_RCVTIMEO = 0 [2009/03/10 11:51:10, 5] auth/auth_util.c:make_user_info_map(206) make_user_info_map: Mapping user [RK_KLBG]\[MONSTER$] from workstation [MONSTER] [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] auth/auth_util.c:is_trusted_domain(2055) is_trusted_domain: Checking for domain trust with [RK_KLBG] [2009/03/10 11:51:10, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823) ldapsam_get_trusteddom_pw called for domain RK_KLBG [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [sambaDomainName=RK_KLBG,sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=RK_KLBG))], scope => [2] [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_close(1103) The connection to the LDAP server was closed [2009/03/10 11:51:10, 10] lib/smbldap.c:smb_ldap_setup_conn(616) smb_ldap_setup_connection: ldap://ldap-master.intern.rk-klosterneuburg.at/ [2009/03/10 11:51:10, 2] lib/smbldap.c:smbldap_open_connection(796) smbldap_open_connection: connection opened [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_connect_system(961) ldap_connect_system: Binding to ldap server ldap://ldap-master.intern.rk-klosterneuburg.at/ as "cn=Manager,dc=rk-klbg,dc=at" [2009/03/10 11:51:10, 3] lib/smbldap.c:smbldap_connect_system(1007) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2009/03/10 11:51:10, 10] lib/events.c:event_add_timed(130) Added timed event "smbldap_idle_fn": 1697898 [2009/03/10 11:51:10, 4] lib/smbldap.c:smbldap_open(1083) The LDAP server is successfully connected [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_search_ext(1264) Failed search for base: sambaDomainName=RK_KLBG,sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at, error: 32 (No such object) (unknown) [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(194) Cache entry with key = TDOM/RK_KLBG couldn't be found [2009/03/10 11:51:10, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183) no entry for trusted domain RK_KLBG found. [2009/03/10 11:51:10, 5] auth/auth_util.c:make_user_info(120) attempting to make a user_info for MONSTER$ (MONSTER$) [2009/03/10 11:51:10, 5] auth/auth_util.c:make_user_info(130) making strings for MONSTER$'s user_info struct [2009/03/10 11:51:10, 5] auth/auth_util.c:make_user_info(162) making blobs for MONSTER$'s user_info struct [2009/03/10 11:51:10, 10] auth/auth_util.c:make_user_info(180) made an encrypted user_info for MONSTER$ (MONSTER$) [2009/03/10 11:51:10, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [RK_KLBG]\[MONSTER$]@[MONSTER] with the new password interface [2009/03/10 11:51:10, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [RK_KLBG]\[MONSTER$]@[MONSTER] [2009/03/10 11:51:10, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2009/03/10 11:51:10, 10] auth/auth.c:check_ntlm_password(234) challenge is: [2009/03/10 11:51:10, 5] lib/util.c:dump_data(2230) [000] FA BE 19 CD B9 C0 24 91 ú¾.͹À$. [2009/03/10 11:51:10, 10] auth/auth.c:check_ntlm_password(260) check_ntlm_password: guest had nothing to say [2009/03/10 11:51:10, 8] lib/util.c:is_myname(2105) is_myname("RK_KLBG") returns 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(uid=MONSTER$)(objectclass=sambaSamAccount))], scope => [2] [2009/03/10 11:51:10, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: monster$ [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username monster$, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username monster$, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\monster_, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2009/03/10 11:51:10, 5] passdb/login_cache.c:login_cache_init(40) Opening cache file at /var/lib/samba/login_cache.tdb [2009/03/10 11:51:10, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user monster$ [2009/03/10 11:51:10, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2009/03/10 11:51:10, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user monster$ [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is monster$ [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [monster$]! [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2009/03/10 11:51:10, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 515 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_sid(950) lookup_sid called for SID 'S-1-5-21-181998944-1107627502-2274996074-515' [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:check_dom_sid_to_level(705) Accepting SID S-1-5-21-181998944-1107627502-2274996074 in level 1 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_rids(468) lookup_rids called for domain sid 'S-1-5-21-181998944-1107627502-2274996074' [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Users,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-515)))], scope => [2] [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-515)))], scope => [2] [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_sid(985) Sid S-1-5-21-181998944-1107627502-2274996074-515 -> RK_KLBG\Domain Computers(2) [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username monster$, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username monster$, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\monster_, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:51:10, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 from rid 3912 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 4] libsmb/ntlm_check.c:ntlm_password_check(328) ntlm_password_check: Checking NT MD4 password [2009/03/10 11:51:10, 4] auth/auth_sam.c:sam_account_ok(137) sam_account_ok: Checking SMB password for user monster$ [2009/03/10 11:51:10, 5] auth/auth_sam.c:logon_hours_ok(119) logon_hours_ok: user monster$ allowed to logon at this time (Tue Mar 10 10:51:10 2009 ) [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(uid=monster$))], scope => [2] [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=posixGroup)(|(memberUid=monster$)(gidNumber=515)))], scope => [2] [2009/03/10 11:51:10, 5] auth/auth_util.c:make_server_info_sam(650) make_server_info_sam: made server info for user monster$ -> monster$ [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: sam authentication for user [MONSTER$] succeeded [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] auth/auth.c:check_ntlm_password(295) check_ntlm_password: PAM Account for user [monster$] succeeded [2009/03/10 11:51:10, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [MONSTER$] -> [MONSTER$] -> [monster$] succeeded [2009/03/10 11:51:10, 5] auth/auth_util.c:free_user_info(1985) attempting to free (and zero) a user_info structure [2009/03/10 11:51:10, 10] auth/auth_util.c:free_user_info(1989) structure was created for MONSTER$ [2009/03/10 11:51:10, 10] auth/token_util.c:create_local_nt_token(304) Create local NT token for S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-544 -> gid 804 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-545 -> gid 100 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-3912)(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-515)))], scope => [2] [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-3912)(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-515)))], scope => [2] [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-181998944-1107627502-2274996074-3912] [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-181998944-1107627502-2274996074-515] [2009/03/10 11:51:10, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-11] [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-22-2-515] [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-181998944-1107627502-2274996074-515 -> gid 515 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-1-0 [2009/03/10 11:51:10, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-1-0 to gid, ignoring it [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-2 [2009/03/10 11:51:10, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-5-2 to gid, ignoring it [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-11 [2009/03/10 11:51:10, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-5-11 to gid, ignoring it [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1413) sid S-1-22-2-515 -> gid 515 [2009/03/10 11:51:10, 10] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:51:10, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2009/03/10 11:51:10, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(811) ntlmssp_server_auth: Created NTLM2 session key. [2009/03/10 11:51:10, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/03/10 11:51:10, 10] smbd/password.c:register_existing_vuid(316) register_existing_vuid: (1456,515) monster$ MONSTER$ RK_KLBG guest=0 [2009/03/10 11:51:10, 3] smbd/password.c:register_existing_vuid(320) register_existing_vuid: User name: monster$ Real name: Computer [2009/03/10 11:51:10, 3] smbd/password.c:register_existing_vuid(332) register_existing_vuid: UNIX uid 1456 is UNIX user monster$, and will be vuid 100 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 49442F31343331322F31 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x175f880 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 49442F31343331322F31 [2009/03/10 11:51:10, 7] param/loadparm.c:lp_servicenumber(9002) lp_servicenumber: couldn't find monster$ [2009/03/10 11:51:10, 3] smbd/password.c:register_existing_vuid(353) Adding homes service for user 'monster$' using home directory: '/dev/null' [2009/03/10 11:51:10, 8] param/loadparm.c:add_a_service(5760) add_a_service: Creating snum = 18 for monster$ [2009/03/10 11:51:10, 10] param/loadparm.c:hash_a_service(5807) hash_a_service: hashing index 18 for service name monster$ [2009/03/10 11:51:10, 3] param/loadparm.c:lp_add_home(5856) adding home's share [monster$] for user 'monster$' at '/dev/null' [2009/03/10 11:51:10, 6] param/loadparm.c:lp_file_list_changed(6699) lp_file_list_changed() file /etc/samba/smb-%m.conf -> /etc/samba/smb-monster.conf last mod_time: Tue Mar 10 11:49:02 2009 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Mar 10 10:39:07 2009 [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=128 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=10199 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=85 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ¡.0. ... .U.n.i.x [010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [020] 00 2E 00 32 00 2E 00 38 00 2D 00 30 00 2E 00 32 ...2...8 .-.0...2 [030] 00 36 00 6C 00 65 00 6F 00 2E 00 66 00 63 00 31 .6.l.e.o ...f.c.1 [040] 00 30 00 00 00 52 00 4B 00 5F 00 4B 00 4C 00 42 .0...R.K ._.K.L.B [050] 00 47 00 00 00 .G... [2009/03/10 11:51:10, 5] printing/print_cups.c:cups_async_callback(415) cups_async_callback: callback received for printer data. fd = 20 [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 74 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x4a [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 3 of length 78 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=74 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=10199 smb_uid=100 smb_mid=4 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=31 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 5C 00 53 00 41 00 4D 00 42 00 41 00 5C .\.\.S.A .M.B.A.\ [010] 00 49 00 50 00 43 00 24 00 00 00 49 50 43 00 .I.P.C.$ ...IPC. [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBtconX (pid 14312) conn 0x0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:51:10, 4] smbd/reply.c:reply_tcon_and_X(687) Client requested device type [IPC] for share [IPC$] [2009/03/10 11:51:10, 5] smbd/service.c:make_connection(1380) making a connection to 'normal' service ipc$ [2009/03/10 11:51:10, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user monster$ [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user monster$ [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is monster$ [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [monster$]! [2009/03/10 11:51:10, 10] smbd/service.c:set_conn_connectpath(157) set_conn_connectpath: service IPC$, connectpath = /tmp [2009/03/10 11:51:10, 3] smbd/service.c:make_connection_snum(940) Connect path is '/tmp' for service [IPC$] [2009/03/10 11:51:10, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2009/03/10 11:51:10, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-181998944-1107627502-2274996074-3912. [2009/03/10 11:51:10, 3] lib/util_seaccess.c:se_access_check(249) [2009/03/10 11:51:10, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-181998944-1107627502-2274996074-3912 se_access_check: also S-1-5-21-181998944-1107627502-2274996074-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-515 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2 [2009/03/10 11:51:10, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (2) granted. [2009/03/10 11:51:10, 3] smbd/vfs.c:vfs_init_default(96) Initialising default vfs hooks [2009/03/10 11:51:10, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend '/[Default VFS]/' [2009/03/10 11:51:10, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for posixacl [2009/03/10 11:51:10, 5] smbd/vfs.c:smb_register_vfs(86) Successfully added vfs backend 'posixacl' [2009/03/10 11:51:10, 3] smbd/vfs.c:vfs_init_custom(130) Initialising custom vfs hooks from [/[Default VFS]/] [2009/03/10 11:51:10, 10] smbd/vfs.c:vfs_find_backend_entry(48) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/vfs.c:vfs_init_custom(193) Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ [2009/03/10 11:51:10, 5] smbd/connection.c:claim_connection(142) claiming [IPC$] [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key E8370000010000004950 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x175a608 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key E8370000010000004950 [2009/03/10 11:51:10, 10] smbd/share_access.c:user_ok_token(231) user_ok_token: share IPC$ is ok for unix user monster$ [2009/03/10 11:51:10, 10] smbd/share_access.c:is_share_read_only_for_token(275) is_share_read_only_for_user: share IPC$ is read-only for unix user monster$ [2009/03/10 11:51:10, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2009/03/10 11:51:10, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00000001, for NT token with 6 entries and first sid S-1-5-21-181998944-1107627502-2274996074-3912. [2009/03/10 11:51:10, 3] lib/util_seaccess.c:se_access_check(249) [2009/03/10 11:51:10, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-181998944-1107627502-2274996074-3912 se_access_check: also S-1-5-21-181998944-1107627502-2274996074-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-515 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 1 [2009/03/10 11:51:10, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (1) granted. [2009/03/10 11:51:10, 3] lib/util_sid.c:string_to_sid(228) string_to_sid: Sid smbadmin does not start with 'S-'. [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_name(69) lookup_name: RK_KLBG\smbadmin => RK_KLBG (domain), smbadmin (name) [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_name(70) lookup_name: flags = 0x073 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(uid=smbadmin)(objectclass=sambaSamAccount))], scope => [2] [2009/03/10 11:51:10, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: smbadmin [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username smbadmin, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username smbadmin, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute displayName does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name smbadmin, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\smbadmin, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2009/03/10 11:51:10, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user smbadmin [2009/03/10 11:51:10, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2009/03/10 11:51:10, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user smbadmin [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is smbadmin [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [smbadmin]! [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=800))], scope => [2] [2009/03/10 11:51:10, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 800 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_sid(950) lookup_sid called for SID 'S-1-5-21-181998944-1107627502-2274996074-512' [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:check_dom_sid_to_level(705) Accepting SID S-1-5-21-181998944-1107627502-2274996074 in level 1 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_rids(468) lookup_rids called for domain sid 'S-1-5-21-181998944-1107627502-2274996074' [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Users,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-512)))], scope => [2] [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-512)))], scope => [2] [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_sid(985) Sid S-1-5-21-181998944-1107627502-2274996074-512 -> RK_KLBG\Domain Admins(2) [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username smbadmin, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username smbadmin, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name smbadmin, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\smbadmin, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:51:10, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 from rid 3022 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] lib/util_sid.c:string_to_sid(228) string_to_sid: Sid RK_KLBG\smbadmin does not start with 'S-'. [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_name(69) lookup_name: RK_KLBG\smbadmin => RK_KLBG (domain), smbadmin (name) [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_name(70) lookup_name: flags = 0x073 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(uid=smbadmin)(objectclass=sambaSamAccount))], scope => [2] [2009/03/10 11:51:10, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: smbadmin [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username smbadmin, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username smbadmin, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute displayName does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name smbadmin, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\smbadmin, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2009/03/10 11:51:10, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user smbadmin [2009/03/10 11:51:10, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2009/03/10 11:51:10, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user smbadmin [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is smbadmin [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [smbadmin]! [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=800))], scope => [2] [2009/03/10 11:51:10, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 800 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_sid(950) lookup_sid called for SID 'S-1-5-21-181998944-1107627502-2274996074-512' [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:check_dom_sid_to_level(705) Accepting SID S-1-5-21-181998944-1107627502-2274996074 in level 1 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_rids(468) lookup_rids called for domain sid 'S-1-5-21-181998944-1107627502-2274996074' [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Users,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-512)))], scope => [2] [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-512)))], scope => [2] [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_sid(985) Sid S-1-5-21-181998944-1107627502-2274996074-512 -> RK_KLBG\Domain Admins(2) [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username smbadmin, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username smbadmin, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name smbadmin, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\smbadmin, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 [2009/03/10 11:51:10, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3022 from rid 3022 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 1456 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2009/03/10 11:51:10, 5] smbd/uid.c:change_to_user(322) change_to_user uid=(0,1456) gid=(0,515) [2009/03/10 11:51:10, 3] smbd/service.c:make_connection_snum(1194) monster (::ffff:192.168.60.4) connect to service IPC$ initially as user monster$ (uid=1456, gid=515) (pid 14312) [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:51:10, 3] smbd/reply.c:reply_tcon_and_X(761) tconX service=IPC$ [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=56 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=4 smt_wct=7 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 511 (0x1FF) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 511 (0x1FF) smb_vwv[ 6]= 0 (0x0) smb_bcc=7 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 49 50 43 00 00 00 00 IPC.... [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 96 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x60 [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 4 of length 100 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=5 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=13 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 18 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 14312) conn 0x1675be8 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 1456 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2009/03/10 11:51:10, 5] smbd/uid.c:change_to_user(322) change_to_user uid=(0,1456) gid=(0,515) [2009/03/10 11:51:10, 4] smbd/vfs.c:vfs_ChDir(739) vfs_ChDir to /tmp [2009/03/10 11:51:10, 10] smbd/nttrans.c:reply_ntcreate_and_X(488) reply_ntcreate_and_X: flags = 0x0, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = samr [2009/03/10 11:51:10, 4] smbd/nttrans.c:nt_open_pipe(295) nt_open_pipe: Opening pipe \samr. [2009/03/10 11:51:10, 3] smbd/nttrans.c:nt_open_pipe(320) nt_open_pipe: Known pipe samr opening. [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(165) Open pipe requested samr (pipes_open=0) [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(275) Create pipe requested samr [2009/03/10 11:51:10, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(77) init_pipe_handles: created handle list for pipe samr [2009/03/10 11:51:10, 10] rpc_server/srv_lsa_hnd.c:init_pipe_handle_list(93) init_pipe_handles: pipe_handles ref count = 1 for pipe samr [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(356) Created internal pipe samr (pipes_open=0) [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(253) Opened pipe samr with handle 71f6 (pipes_open=1) [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(259) open pipes: name samr pnum=71f6 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 73616D722F3134333132 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x1760fb0 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 73616D722F3134333132 [2009/03/10 11:51:10, 5] smbd/nttrans.c:do_ntcreate_pipe_open(408) do_ntcreate_pipe_open: open pipe = \samr [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=103 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=5 smt_wct=34 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=62976 (0xF600) smb_vwv[ 3]= 369 (0x171) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]=32768 (0x8000) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_vwv[24]= 0 (0x0) smb_vwv[25]= 0 (0x0) smb_vwv[26]= 0 (0x0) smb_vwv[27]= 0 (0x0) smb_vwv[28]= 0 (0x0) smb_vwv[29]= 0 (0x0) smb_vwv[30]= 0 (0x0) smb_vwv[31]= 512 (0x200) smb_vwv[32]=65280 (0xFF00) smb_vwv[33]= 5 (0x5) smb_bcc=0 [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 242 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0xf2 [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 5 of length 246 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=242 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=6 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 160 (0xA0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 160 (0xA0) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29174 (0x71F6) smb_bcc=175 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0B 03 10 00 00 00 A0 00 50 00 0E 00 00 00 B8 .......  .P.....¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.Í«ï ..#Eg.¬. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 60 .H`..... .......` [060] 4E 06 06 2B 06 01 05 05 02 A0 44 30 42 A0 0E 30 N..+.... . D0B .0 [070] 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 30 04 ...+.... .7...¢0. [080] 2E 4E 54 4C 4D 53 53 50 00 01 00 00 00 35 82 08 .NTLMSSP .....5.. [090] 60 07 00 07 00 20 00 00 00 07 00 07 00 27 00 00 `.... .. .....'.. [0A0] 00 52 4B 5F 4B 4C 42 47 4D 4F 4E 53 54 45 52 .RK_KLBG MONSTER [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14312) conn 0x1675be8 [2009/03/10 11:51:10, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:51:10, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=160 params=0 setup=2 [2009/03/10 11:51:10, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:51:10, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:51:10, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71f6 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=71f6 (pipes_open=1) [2009/03/10 11:51:10, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 71f6) [2009/03/10 11:51:10, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x16757a0 max_trans_reply: 4280 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71f6 name: samr open: Yes len: 160 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 160 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 144 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0b [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 00a0 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0050 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000e [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 11, flags = 3 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 144 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 11 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1553) api_pipe_bind_req: decode request. 1553 [2009/03/10 11:51:10, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(1564) api_pipe_bind_req: \PIPE\samr -> \PIPE\samr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345778 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 89 ac [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(1608) api_pipe_bind_req: make response. 1608 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/03/10 11:51:10, 3] rpc_server/srv_pipe.c:pipe_spnego_auth_bind_negotiate(1140) pipe_spnego_auth_bind_negotiate: Got OID 1 3 6 1 4 1 311 2 2 10 [2009/03/10 11:51:10, 3] rpc_server/srv_pipe.c:pipe_spnego_auth_bind_negotiate(1143) pipe_spnego_auth_bind_negotiate: Got secblob of size 46 [2009/03/10 11:51:10, 5] auth/auth.c:make_auth_context_subsystem(485) Making default auth method list for DC, security=user, encrypt passwords = yes [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match guest [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method guest has a valid init [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match sam [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method sam has a valid init [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(387) load_auth_module: Attempting to find an auth method to match trustdomain [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method trustdomain has a valid init [2009/03/10 11:51:10, 5] auth/auth.c:load_auth_module(412) load_auth_module: auth method winbind has a valid init [2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/03/10 11:51:10, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module guest did not want to specify a challenge [2009/03/10 11:51:10, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module sam did not want to specify a challenge [2009/03/10 11:51:10, 5] auth/auth.c:get_ntlm_challenge(96) auth_get_challenge: module winbind did not want to specify a challenge [2009/03/10 11:51:10, 5] auth/auth.c:get_ntlm_challenge(136) auth_context challenge created by random [2009/03/10 11:51:10, 5] auth/auth.c:get_ntlm_challenge(137) challenge is: [2009/03/10 11:51:10, 5] lib/util.c:dump_data(2230) [000] F9 89 AD 59 AC 78 C4 0D ù.­Y¬xÄ. [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 auth_pad_len : 08 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 auth_context_id: 00000001 [2009/03/10 11:51:10, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\samr checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 000b [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: \PIPE\samr. [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000015 smb_io_rpc_results [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0018 num_results: 01 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001c result : 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001e reason : 0000 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_rpc_iface [2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) 000020 smb_io_uuid uuid [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 data : 8a885d04 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0024 data : 1ceb [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0026 data : 11c9 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0028 data : 9f e8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002a data : 08 00 2b 10 48 60 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0030 version: 00000002 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0c [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 014d [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0101 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000e [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 144 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71f6 name: samr len: 4280 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: samr: current_pdu_len = 333, current_pdu_sent = 0 returning 333 bytes. [2009/03/10 11:51:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..333] (align 0) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=389 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=6 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 333 (0x14D) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 333 (0x14D) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=334 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 05 00 0C 03 10 00 00 00 4D 01 01 01 0E 00 00 ........ .M...... [010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 .¸.¸.ðS. ...\PIPE [020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ [030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..ë.É ..è..+.H [040] 60 02 00 00 00 09 06 08 00 01 00 00 00 A1 81 FE `....... .....¡.þ [050] 30 81 FB A0 03 0A 01 01 A1 0C 06 0A 2B 06 01 04 0.û .... ¡...+... [060] 01 82 37 02 02 0A A2 81 E5 04 81 E2 4E 54 4C 4D ..7...¢. å..âNTLM [070] 53 53 50 00 02 00 00 00 0E 00 0E 00 30 00 00 00 SSP..... ....0... [080] 35 82 89 60 F9 89 AD 59 AC 78 C4 0D 00 00 00 00 5..`ù.­Y ¬xÄ..... [090] 00 00 00 00 A4 00 A4 00 3E 00 00 00 52 00 4B 00 ....¤.¤. >...R.K. [0A0] 5F 00 4B 00 4C 00 42 00 47 00 02 00 0E 00 52 00 _.K.L.B. G.....R. [0B0] 4B 00 5F 00 4B 00 4C 00 42 00 47 00 01 00 0A 00 K._.K.L. B.G..... [0C0] 53 00 41 00 4D 00 42 00 41 00 04 00 36 00 69 00 S.A.M.B. A...6.i. [0D0] 6E 00 74 00 65 00 72 00 6E 00 2E 00 72 00 6B 00 n.t.e.r. n...r.k. [0E0] 2D 00 6B 00 6C 00 6F 00 73 00 74 00 65 00 72 00 -.k.l.o. s.t.e.r. [0F0] 6E 00 65 00 75 00 62 00 75 00 72 00 67 00 2E 00 n.e.u.b. u.r.g... [100] 61 00 74 00 03 00 42 00 73 00 61 00 6D 00 62 00 a.t...B. s.a.m.b. [110] 61 00 2E 00 69 00 6E 00 74 00 65 00 72 00 6E 00 a...i.n. t.e.r.n. [120] 2E 00 72 00 6B 00 2D 00 6B 00 6C 00 6F 00 73 00 ..r.k.-. k.l.o.s. [130] 74 00 65 00 72 00 6E 00 65 00 75 00 62 00 75 00 t.e.r.n. e.u.b.u. [140] 72 00 67 00 2E 00 61 00 74 00 00 00 00 00 r.g...a. t..... [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 346 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x15a [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 6 of length 350 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=346 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=7 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 264 (0x108) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 264 (0x108) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29174 (0x71F6) smb_bcc=279 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 0E 03 10 00 00 00 08 01 B8 00 0E 00 00 00 B8 ........ .¸.....¸ [020] 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 00 78 .¸...... .......x [030] 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 W4.4.Í«ï ..#Eg.¬. [040] 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B ....]..ë .É..è..+ [050] 10 48 60 02 00 00 00 09 06 00 00 01 00 00 00 A1 .H`..... .......¡ [060] 81 B5 30 81 B2 A2 81 AF 04 81 AC 4E 54 4C 4D 53 .µ0.²¢.¯ ..¬NTLMS [070] 53 50 00 03 00 00 00 18 00 18 00 40 00 00 00 18 SP...... ...@.... [080] 00 18 00 58 00 00 00 0E 00 0E 00 70 00 00 00 10 ...X.... ...p.... [090] 00 10 00 7E 00 00 00 0E 00 0E 00 8E 00 00 00 10 ...~.... ........ [0A0] 00 10 00 9C 00 00 00 35 82 08 60 78 72 D1 CF A8 .......5 ..`xrÑϨ [0B0] 1D F5 95 00 00 00 00 00 00 00 00 00 00 00 00 00 .õ...... ........ [0C0] 00 00 00 86 A7 83 56 4E 4C D3 EE 98 96 8C 17 34 ....§.VN LÓî....4 [0D0] B2 C0 F9 15 6C 13 11 87 D7 8E F0 52 00 4B 00 5F ²Àù.l... ×.ðR.K._ [0E0] 00 4B 00 4C 00 42 00 47 00 4D 00 4F 00 4E 00 53 .K.L.B.G .M.O.N.S [0F0] 00 54 00 45 00 52 00 24 00 4D 00 4F 00 4E 00 53 .T.E.R.$ .M.O.N.S [100] 00 54 00 45 00 52 00 A7 29 05 6F 33 BD 57 96 C2 .T.E.R.§ ).o3½W. [110] D4 4B E3 A5 84 85 C2 ÔKã¥.. [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14312) conn 0x1675be8 [2009/03/10 11:51:10, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:51:10, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=264 params=0 setup=2 [2009/03/10 11:51:10, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:51:10, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:51:10, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71f6 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=71f6 (pipes_open=1) [2009/03/10 11:51:10, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 71f6) [2009/03/10 11:51:10, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x16757a0 max_trans_reply: 4280 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71f6 name: samr open: Yes len: 264 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 264 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 264 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 264, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 248 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 248 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0e [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0108 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 00b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000e [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 14, flags = 3 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 248 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 248, incoming data = 248 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 14 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_pipe_alter_context(1827) api_pipe_alter_context: decode request. 1827 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_rb [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 00000000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0008 num_contexts: 01 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000c context_id : 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000e num_transfer_syntaxes: 01 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000f smb_io_rpc_iface [2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_uuid uuid [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 data : 12345778 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 data : 1234 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0016 data : abcd [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 0018 data : ef 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001a data : 01 23 45 67 89 ac [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0020 version: 00000001 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_rpc_iface [2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) 000024 smb_io_uuid uuid [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 data : 8a885d04 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0028 data : 1ceb [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 002a data : 11c9 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002c data : 9f e8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 002e data : 08 00 2b 10 48 60 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 version: 00000002 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_pipe_alter_context(1841) api_pipe_alter_context: make response. 1841 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000038 smb_io_rpc_hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0038 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0039 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003a auth_pad_len : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 003b auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 003c auth_context_id: 00000001 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:pipe_ntlmssp_verify_final(613) pipe_ntlmssp_verify_final: pipe samr checking user details [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(1456, 515) : sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(745) Got user=[MONSTER$] domain=[RK_KLBG] workstation=[MONSTER] len1=24 len2=24 [2009/03/10 11:51:10, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(68) auth_context challenge set by NTLMSSP callback (NTLM2) [2009/03/10 11:51:10, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(69) challenge is: [2009/03/10 11:51:10, 5] lib/util.c:dump_data(2230) [000] E0 93 B2 0B BC E0 52 07 à.².¼àR. [2009/03/10 11:51:10, 6] param/loadparm.c:lp_file_list_changed(6699) lp_file_list_changed() file /etc/samba/smb-%m.conf -> /etc/samba/smb-monster.conf last mod_time: Tue Mar 10 11:49:02 2009 file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Mar 10 10:39:07 2009 [2009/03/10 11:51:10, 5] auth/auth_util.c:make_user_info_map(206) make_user_info_map: Mapping user [RK_KLBG]\[MONSTER$] from workstation [MONSTER] [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] auth/auth_util.c:is_trusted_domain(2055) is_trusted_domain: Checking for domain trust with [RK_KLBG] [2009/03/10 11:51:10, 10] passdb/pdb_ldap.c:ldapsam_get_trusteddom_pw(5823) ldapsam_get_trusteddom_pw called for domain RK_KLBG [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [sambaDomainName=RK_KLBG,sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaTrustedDomainPassword)(sambaDomainName=RK_KLBG))], scope => [2] [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_search_ext(1264) Failed search for base: sambaDomainName=RK_KLBG,sambaDomainName=RK_KLBG,dc=rk-klbg,dc=at, error: 32 (No such object) (unknown) [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(194) Cache entry with key = TDOM/RK_KLBG couldn't be found [2009/03/10 11:51:10, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(183) no entry for trusted domain RK_KLBG found. [2009/03/10 11:51:10, 5] auth/auth_util.c:make_user_info(120) attempting to make a user_info for MONSTER$ (MONSTER$) [2009/03/10 11:51:10, 5] auth/auth_util.c:make_user_info(130) making strings for MONSTER$'s user_info struct [2009/03/10 11:51:10, 5] auth/auth_util.c:make_user_info(162) making blobs for MONSTER$'s user_info struct [2009/03/10 11:51:10, 10] auth/auth_util.c:make_user_info(180) made an encrypted user_info for MONSTER$ (MONSTER$) [2009/03/10 11:51:10, 3] auth/auth.c:check_ntlm_password(220) check_ntlm_password: Checking password for unmapped user [RK_KLBG]\[MONSTER$]@[MONSTER] with the new password interface [2009/03/10 11:51:10, 3] auth/auth.c:check_ntlm_password(223) check_ntlm_password: mapped user is: [RK_KLBG]\[MONSTER$]@[MONSTER] [2009/03/10 11:51:10, 10] auth/auth.c:check_ntlm_password(232) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2009/03/10 11:51:10, 10] auth/auth.c:check_ntlm_password(234) challenge is: [2009/03/10 11:51:10, 5] lib/util.c:dump_data(2230) [000] E0 93 B2 0B BC E0 52 07 à.².¼àR. [2009/03/10 11:51:10, 10] auth/auth.c:check_ntlm_password(260) check_ntlm_password: guest had nothing to say [2009/03/10 11:51:10, 8] lib/util.c:is_myname(2105) is_myname("RK_KLBG") returns 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(uid=MONSTER$)(objectclass=sambaSamAccount))], scope => [2] [2009/03/10 11:51:10, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: monster$ [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username monster$, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username monster$, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid_from_string(522) pdb_set_user_sid_from_string: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonTime does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogoffTime does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaKickoffTime does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomeDrive does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaHomePath does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\monster_, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonScript does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaProfilePath does not exist [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaUserWorkstations does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaMungedDial does not exist [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordCount does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaBadPasswordTime does not exist [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute sambaLogonHours does not exist [2009/03/10 11:51:10, 7] passdb/login_cache.c:login_cache_read(86) Looking up login cache for user monster$ [2009/03/10 11:51:10, 7] passdb/login_cache.c:login_cache_read(100) No cache entry found [2009/03/10 11:51:10, 9] passdb/pdb_ldap.c:init_sam_from_ldap(1054) No cache entry, bad count = 0, bad time = 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_alloc(133) Finding user monster$ [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_internals(77) Trying _Get_Pwnam(), username as lowercase is monster$ [2009/03/10 11:51:10, 5] lib/username.c:Get_Pwnam_internals(110) Get_Pwnam_internals did find user [monster$]! [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2009/03/10 11:51:10, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344) init_group_from_ldap: Entry found for group: 515 [2009/03/10 11:51:10, 10] lib/smbldap.c:smbldap_talloc_single_attribute(309) attribute description does not exist [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_sid(950) lookup_sid called for SID 'S-1-5-21-181998944-1107627502-2274996074-515' [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:check_dom_sid_to_level(705) Accepting SID S-1-5-21-181998944-1107627502-2274996074 in level 1 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_rids(468) lookup_rids called for domain sid 'S-1-5-21-181998944-1107627502-2274996074' [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Users,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-515)))], scope => [2] [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaGroupMapping)(|(sambaSid=S-1-5-21-181998944-1107627502-2274996074-515)))], scope => [2] [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:lookup_sid(985) Sid S-1-5-21-181998944-1107627502-2274996074-515 -> RK_KLBG\Domain Computers(2) [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_username(580) pdb_set_username: setting username monster$, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_domain(603) pdb_set_domain: setting domain RK_KLBG, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_nt_username(626) pdb_set_nt_username: setting nt username monster$, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_fullname(649) pdb_set_full_name: setting full name Computer, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_homedir(742) pdb_set_homedir: setting home dir \\samba\monster_, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(718) pdb_set_dir_drive: setting dir drive z:, was NULL [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_logon_script(672) pdb_set_logon_script: setting logon script LOGON.BAT, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_profile_path(695) pdb_set_profile_path: setting profile path \\samba\Profile, was [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_workstations(785) pdb_set_workstations: setting workstations , was [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 10] passdb/pdb_get_set.c:pdb_set_user_sid(509) pdb_set_user_sid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:51:10, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(72) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-181998944-1107627502-2274996074-3912 from rid 3912 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 4] libsmb/ntlm_check.c:ntlm_password_check(328) ntlm_password_check: Checking NT MD4 password [2009/03/10 11:51:10, 4] auth/auth_sam.c:sam_account_ok(137) sam_account_ok: Checking SMB password for user monster$ [2009/03/10 11:51:10, 5] auth/auth_sam.c:logon_hours_ok(119) logon_hours_ok: user monster$ allowed to logon at this time (Tue Mar 10 10:51:10 2009 ) [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 10] lib/gencache.c:gencache_get(208) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Mar 10 11:51:57 2009 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [dc=rk-klbg,dc=at], filter => [(&(objectClass=sambaSamAccount)(uid=monster$))], scope => [2] [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(objectClass=posixGroup)(|(memberUid=monster$)(gidNumber=515)))], scope => [2] [2009/03/10 11:51:10, 5] auth/auth_util.c:make_server_info_sam(650) make_server_info_sam: made server info for user monster$ -> monster$ [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] auth/auth.c:check_ntlm_password(269) check_ntlm_password: sam authentication for user [MONSTER$] succeeded [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/auth.c:check_ntlm_password(295) check_ntlm_password: PAM Account for user [monster$] succeeded [2009/03/10 11:51:10, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [MONSTER$] -> [MONSTER$] -> [monster$] succeeded [2009/03/10 11:51:10, 5] auth/auth_util.c:free_user_info(1985) attempting to free (and zero) a user_info structure [2009/03/10 11:51:10, 10] auth/auth_util.c:free_user_info(1989) structure was created for MONSTER$ [2009/03/10 11:51:10, 10] auth/token_util.c:create_local_nt_token(304) Create local NT token for S-1-5-21-181998944-1107627502-2274996074-3912 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-544 -> gid 804 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-32-545 -> gid 100 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 3] smbd/uid.c:push_conn_ctx(407) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-3912)(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-515)))], scope => [2] [2009/03/10 11:51:10, 5] lib/smbldap.c:smbldap_search_ext(1200) smbldap_search_ext: base => [ou=Groups,dc=rk-klbg,dc=at], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-3912)(sambaSIDList=S-1-5-21-181998944-1107627502-2274996074-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-515)))], scope => [2] [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-181998944-1107627502-2274996074-3912] [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-21-181998944-1107627502-2274996074-515] [2009/03/10 11:51:10, 5] lib/privileges.c:get_privileges_for_sids(128) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-2] [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-5-11] [2009/03/10 11:51:10, 3] lib/privileges.c:get_privileges(63) get_privileges: No privileges assigned to SID [S-1-22-2-515] [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1431) sid S-1-5-21-181998944-1107627502-2274996074-515 -> gid 515 [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-1-0 [2009/03/10 11:51:10, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-1-0 to gid, ignoring it [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-2 [2009/03/10 11:51:10, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-5-2 to gid, ignoring it [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1426) winbind failed to find a gid for sid S-1-5-11 [2009/03/10 11:51:10, 10] auth/auth_util.c:create_local_token(755) Could not convert SID S-1-5-11 to gid, ignoring it [2009/03/10 11:51:10, 10] passdb/lookup_sid.c:sid_to_gid(1413) sid S-1-22-2-515 -> gid 515 [2009/03/10 11:51:10, 10] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:51:10, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(137) Got NT session key of length 16 [2009/03/10 11:51:10, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(811) ntlmssp_server_auth: Created NTLM2 session key. [2009/03/10 11:51:10, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2009/03/10 11:51:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:pipe_ntlmssp_verify_final(666) pipe_ntlmssp_verify_final: OK: user: MONSTER$ domain: RK_KLBG workstation: MONSTER [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 auth_pad_len : 08 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 auth_context_id: 00000001 [2009/03/10 11:51:10, 3] rpc_server/srv_pipe.c:check_bind_req(991) check_bind_req for \PIPE\samr checking \PIPE\lsarpc checking \PIPE\lsarpc checking \PIPE\samr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_ba [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_bba [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0000 max_tsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0002 max_rsize: 10b8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0004 assoc_gid: 000053f0 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000008 smb_io_rpc_addr_str [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 len: 0001 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 000a str: . [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 00000b smb_io_rpc_results [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 000c num_results: 01 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0010 result : 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0012 reason : 0000 [2009/03/10 11:51:10, 6] rpc_parse/parse_prs.c:prs_debug(88) 000014 smb_io_rpc_iface [2009/03/10 11:51:10, 7] rpc_parse/parse_prs.c:prs_debug(88) 000014 smb_io_uuid uuid [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0014 data : 8a885d04 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0018 data : 1ceb [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 001a data : 11c9 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001c data : 9f e8 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8s(865) 001e data : 08 00 2b 10 48 60 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0024 version: 00000002 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 0f [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0057 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0017 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000e [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 248 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71f6 name: samr len: 4280 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1045) read_from_pipe: samr: current_pdu_len = 87, current_pdu_sent = 0 returning 87 bytes. [2009/03/10 11:51:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..87] (align 0) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=143 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=7 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 87 (0x57) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 87 (0x57) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=88 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 05 00 0F 03 10 00 00 00 57 00 17 00 0E 00 00 ........ .W...... [010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 .¸.¸.ðS. ........ [020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. .ë.É..è. [030] 00 2B 10 48 60 02 00 00 00 09 06 08 00 01 00 00 .+.H`... ........ [040] 00 A1 15 30 13 A0 03 0A 01 00 A1 0C 06 0A 2B 06 .¡.0. .. ..¡...+. [050] 01 04 01 82 37 02 02 0A ....7... [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 162 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0xa2 [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 7 of length 166 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=162 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=8 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29174 (0x71F6) smb_bcc=95 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 50 00 10 00 0F 00 00 00 20 .......P ....... [020] 00 00 00 00 00 39 00 F3 11 AC 5D C3 90 9D 32 45 .....9.ó .¬]Ã..2E [030] 03 CA 09 46 2B 31 89 B6 32 9C 97 16 41 AF 0D 69 .Ê.F+1.¶ 2...A¯.i [040] D1 B8 08 8E BE F9 C2 09 06 00 00 01 00 00 00 01 Ѹ..¾ùÂ. ........ [050] 00 00 00 D6 88 12 8B 9D 23 65 3D 00 00 00 00 ...Ö.... #e=.... [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14312) conn 0x1675be8 [2009/03/10 11:51:10, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:51:10, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=80 params=0 setup=2 [2009/03/10 11:51:10, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:51:10, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:51:10, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71f6 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=71f6 (pipes_open=1) [2009/03/10 11:51:10, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 71f6) [2009/03/10 11:51:10, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x16757a0 max_trans_reply: 4280 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71f6 name: samr open: Yes len: 80 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 80 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 64 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0050 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000f [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 64 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000020 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0039 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000028 smb_io_rpc_hdr_auth hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0028 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0029 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 002a auth_pad_len : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 002b auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 002c auth_context_id: 00000001 [2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2009/03/10 11:51:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 116 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(1456, 515) : sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1456, 515) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 1456 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\samr [2009/03/10 11:51:10, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: samr op 0x39 - api_rpcTNP: rpc command: SAMR_CONNECT2 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[57].fn == 0x4d2980 samr_Connect2: struct samr_Connect2 in: struct samr_Connect2 system_name : * system_name : 'SAMBA' access_mask : 0x02000000 (33554432) 0: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 0: SAMR_ACCESS_ENUM_DOMAINS 0: SAMR_ACCESS_OPEN_DOMAIN [2009/03/10 11:51:10, 5] rpc_server/srv_samr_nt.c:_samr_Connect2(3386) _samr_Connect2: 3386 [2009/03/10 11:51:10, 10] lib/util_seaccess.c:se_map_generic(175) se_map_generic(): mapped mask 0x80000000 to 0x00020010 [2009/03/10 11:51:10, 10] lib/util_seaccess.c:se_access_check(232) se_access_check: requested access 0x00020010, for NT token with 6 entries and first sid S-1-5-21-181998944-1107627502-2274996074-3912. [2009/03/10 11:51:10, 3] lib/util_seaccess.c:se_access_check(249) [2009/03/10 11:51:10, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-181998944-1107627502-2274996074-3912 se_access_check: also S-1-5-21-181998944-1107627502-2274996074-515 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-515 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20031, current desired = 20010 [2009/03/10 11:51:10, 5] lib/util_seaccess.c:se_access_check(310) se_access_check: access (20010) granted. [2009/03/10 11:51:10, 4] rpc_server/srv_samr_nt.c:access_check_samr_object(215) _samr_Connect2: access GRANTED (requested: 0x00020010, granted: 0x00020010) [2009/03/10 11:51:10, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(373) get_samr_info_by_sid: created new info for sid (NULL) [2009/03/10 11:51:10, 10] rpc_server/srv_samr_nt.c:get_samr_info_by_sid(378) get_samr_info_by_sid: created new info for NULL sid. [2009/03/10 11:51:10, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(148) Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B6 49 1E 46 ........ ....¶I.F [010] E8 37 00 00 è7.. [2009/03/10 11:51:10, 5] rpc_server/srv_samr_nt.c:_samr_Connect2(3417) _samr_Connect2: 3417 samr_Connect2: struct samr_Connect2 out: struct samr_Connect2 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-b649-1e46e8370000 result : NT_STATUS_OK [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called samr successfully [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 984 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 64 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71f6 name: samr len: 4280 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 0000000f [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2009/03/10 11:51:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..72] (align 0) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=8 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 0F 00 00 ........ .H...... [010] 00 18 00 00 00 00 00 00 00 B4 B9 90 FC AB E1 A9 ........ .´¹.ü«á© [020] 45 04 66 30 6C C9 6F 51 30 9B 8E B0 35 44 B0 A2 E.f0lÉoQ 0..°5D°¢ [030] B4 09 06 00 00 01 00 00 00 01 00 00 00 F0 52 06 ´....... .....ðR. [040] AD CE CB C1 F0 00 00 00 00 ­ÎËÁð... . [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 186 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0xba [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 8 of length 190 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=186 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=9 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 104 (0x68) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=29174 (0x71F6) smb_bcc=119 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [010] 00 00 03 10 00 00 00 68 00 10 00 10 00 00 00 34 .......h .......4 [020] 00 00 00 00 00 07 00 D5 8E 43 99 B3 54 63 52 A7 .......Õ .C.³TcR§ [030] 0D 4F AC 0E 67 69 2A 6F C2 16 39 B4 4D 18 E3 72 .O¬.gi*o Â.9´M.ãr [040] 9B D0 C9 3F FF A5 0D 95 AE 03 07 B3 16 2F 8D 92 .ÐÉ?ÿ¥.. ®..³./.. [050] A6 64 CC FE A1 8A CC 77 AC A5 6C 53 E8 EA AE 09 ¦dÌþ¡.Ìw ¬¥lSèê®. [060] 06 04 00 01 00 00 00 01 00 00 00 0A 05 7C 3F 6F ........ .....|?o [070] A8 1A B3 01 00 00 00 ¨.³.... [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBtrans (pid 14312) conn 0x1675be8 [2009/03/10 11:51:10, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:51:10, 3] smbd/ipc.c:handle_trans(436) trans <\PIPE\> data=104 params=0 setup=2 [2009/03/10 11:51:10, 5] smbd/ipc.c:handle_trans(469) calling named_pipe [2009/03/10 11:51:10, 3] smbd/ipc.c:named_pipe(387) named pipe command on <> name [2009/03/10 11:51:10, 5] smbd/ipc.c:api_fd_reply(307) api_fd_reply [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71f6 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=71f6 (pipes_open=1) [2009/03/10 11:51:10, 3] smbd/ipc.c:api_fd_reply(345) Got API command 0x26 on pipe "samr" (pnum 71f6) [2009/03/10 11:51:10, 10] smbd/ipc.c:api_fd_reply(350) api_fd_reply: p:0x16757a0 max_trans_reply: 4280 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(927) write_to_pipe: 71f6 name: samr open: Yes len: 104 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 104 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 104 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(385) fill_rpc_header: data_to_copy = 104, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 16 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 88 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 88 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0068 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000010 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(472) unmarshall_rpc_header: using little-endian RPC [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(501) unmarshall_rpc_header: type = 0, flags = 3 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(949) write_to_pipe: data_left = 88 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(842) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 88, incoming data = 88 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(709) process_complete_pdu: processing packet type 0 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr_req req [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0000 alloc_hint: 00000034 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0004 context_id: 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0006 opnum : 0007 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000040 smb_io_rpc_hdr_auth hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0040 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0041 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0042 auth_pad_len : 04 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0043 auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0044 auth_context_id: 00000001 [2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_unseal_packet(309) ntlmssp_unseal_packet: seal [2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(222) ntlmssp_check_packet: NTLMSSP signature OK ! [2009/03/10 11:51:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(1456, 515) : sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1456, 515) - sec_ctx_stack_ndx = 1 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(472) NT user token of user S-1-5-21-181998944-1107627502-2274996074-3912 contains 6 SIDs SID[ 0]: S-1-5-21-181998944-1107627502-2274996074-3912 SID[ 1]: S-1-5-21-181998944-1107627502-2274996074-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 1456 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_pipe_request(2262) Requested \PIPE\samr [2009/03/10 11:51:10, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPENDOMAIN [2009/03/10 11:51:10, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[7].fn == 0x4d9360 samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-b649-1e46e8370000 access_mask : 0x02000000 (33554432) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 0: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-181998944-1107627502-2274996074 [2009/03/10 11:51:10, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B6 49 1E 46 ........ ....¶I.F [010] E8 37 00 00 è7.. [2009/03/10 11:51:10, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(227) _samr_OpenDomain: access check ((granted: 0x00020010; required: 0x00000020) [2009/03/10 11:51:10, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(246) _samr_OpenDomain: ACCESS DENIED (granted: 0x00020010; required: 0x00000020) samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_ACCESS_DENIED [2009/03/10 11:51:10, 5] rpc_server/srv_pipe.c:api_rpcTNP(2351) api_rpcTNP: called samr successfully [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (1456, 515) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(519) free_pipe_context: destroying talloc pool of size 0 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(953) write_to_pipe: data_used = 88 [2009/03/10 11:51:10, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(985) read_from_pipe: 71f6 name: samr len: 4280 [2009/03/10 11:51:10, 10] rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(1059) read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0000 major : 05 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0001 minor : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0002 pkt_type : 02 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0003 flags : 03 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0004 pack_type0: 10 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0005 pack_type1: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0006 pack_type2: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0007 pack_type3: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0008 frag_len : 0048 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 000a auth_len : 0010 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 000c call_id : 00000010 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000010 smb_io_rpc_hdr_resp resp [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0010 alloc_hint: 00000018 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint16(689) 0014 context_id: 0000 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0016 cancel_ct : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0017 reserved : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_debug(88) 000030 smb_io_rpc_hdr_auth hdr_auth [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0030 auth_type : 09 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0031 auth_level : 06 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0032 auth_pad_len : 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint8(624) 0033 auth_reserved: 00 [2009/03/10 11:51:10, 5] rpc_parse/parse_prs.c:prs_uint32(718) 0034 auth_context_id: 00000001 [2009/03/10 11:51:10, 10] libsmb/ntlmssp_sign.c:ntlmssp_seal_packet(248) ntlmssp_seal_data: seal [2009/03/10 11:51:10, 5] smbd/ipc.c:copy_trans_params_and_data(60) copy_trans_params_and_data: params[0..0] data[0..72] (align 0) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=9 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 72 (0x48) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=73 [2009/03/10 11:51:10, 10] lib/util.c:dump_data(2230) [000] 00 05 00 02 03 10 00 00 00 48 00 10 00 10 00 00 ........ .H...... [010] 00 18 00 00 00 00 00 00 00 E7 63 93 62 9F 55 14 ........ .çc.b.U. [020] F8 15 EE D9 DF 66 98 E4 BA BF 59 12 9E 66 B4 69 ø.îÙßf.ä º¿Y..f´i [030] 62 09 06 00 00 01 00 00 00 01 00 00 00 BB FD 0F b....... .....»ý. [040] 65 72 81 99 F8 01 00 00 00 er..ø... . [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 41 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x29 [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 9 of length 45 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=10 smt_wct=3 smb_vwv[ 0]=29174 (0x71F6) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBclose (pid 14312) conn 0x1675be8 [2009/03/10 11:51:10, 4] smbd/uid.c:change_to_user(225) change_to_user: Skipping user change - already user [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1258) search for pipe pnum=71f6 [2009/03/10 11:51:10, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1262) pipe name samr pnum=71f6 (pipes_open=1) [2009/03/10 11:51:10, 5] smbd/pipes.c:reply_pipe_close(319) reply_pipe_close: pnum:71f6 [2009/03/10 11:51:10, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 B6 49 1E 46 ........ ....¶I.F [010] E8 37 00 00 è7.. [2009/03/10 11:51:10, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(206) Closed policy [2009/03/10 11:51:10, 10] rpc_server/srv_lsa_hnd.c:close_policy_by_pipe(241) close_policy_by_pipe: deleted handle list for pipe samr [2009/03/10 11:51:10, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1160) closed pipe name samr pnum=71f6 (pipes_open=0) [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 73616D722F3134333132 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x1757308 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 73616D722F3134333132 [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=10 smt_wct=0 smb_bcc=0 [2009/03/10 11:51:10, 10] lib/util_sock.c:read_smb_length_return_keepalive(1187) got smb length of 35 [2009/03/10 11:51:10, 6] smbd/process.c:process_smb(1547) got message type 0x0 of len 0x23 [2009/03/10 11:51:10, 3] smbd/process.c:process_smb(1550) Transaction 10 of length 39 (0 toread) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=11 smt_wct=0 smb_bcc=0 [2009/03/10 11:51:10, 3] smbd/process.c:switch_message(1361) switch message SMBtdis (pid 14312) conn 0x1675be8 [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:51:10, 3] smbd/service.c:close_cnum(1405) monster (::ffff:192.168.60.4) closed connection to service IPC$ [2009/03/10 11:51:10, 3] smbd/connection.c:yield_connection(31) Yielding connection to IPC$ [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key E8370000010000004950 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x176d9a0 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key E8370000010000004950 [2009/03/10 11:51:10, 4] smbd/vfs.c:vfs_ChDir(739) vfs_ChDir to / [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(642) [2009/03/10 11:51:10, 5] lib/util.c:show_msg(652) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=10199 smb_uid=100 smb_mid=11 smt_wct=0 smb_bcc=0 [2009/03/10 11:51:10, 5] lib/util_sock.c:read_socket_with_timeout(928) read_socket_with_timeout: blocking read. EOF from client. [2009/03/10 11:51:10, 10] smbd/process.c:receive_smb_raw_talloc(276) receive_smb_raw: NT_STATUS_END_OF_FILE [2009/03/10 11:51:10, 3] smbd/process.c:smbd_process(2036) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2009/03/10 11:51:10, 5] lib/gencache.c:gencache_shutdown(93) Closing cache file [2009/03/10 11:51:10, 5] libsmb/namecache.c:namecache_shutdown(81) namecache_shutdown: netbios namecache closed successfully. [2009/03/10 11:51:10, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:10, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:10, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:10, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 49442F31343331322F31 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x176d9a0 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 49442F31343331322F31 [2009/03/10 11:51:10, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key E8370000FFFFFFFF0000 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x175fc48 [2009/03/10 11:51:10, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key E8370000FFFFFFFF0000 [2009/03/10 11:51:10, 3] smbd/server.c:exit_server_common(946) Server exit (normal exit) [2009/03/10 11:51:18, 5] lib/util_sock.c:read_socket_with_timeout(928) read_socket_with_timeout: blocking read. EOF from client. [2009/03/10 11:51:18, 10] smbd/process.c:receive_smb_raw_talloc(276) receive_smb_raw: NT_STATUS_END_OF_FILE [2009/03/10 11:51:18, 3] smbd/process.c:smbd_process(2036) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2009/03/10 11:51:18, 5] lib/gencache.c:gencache_shutdown(93) Closing cache file [2009/03/10 11:51:18, 5] libsmb/namecache.c:namecache_shutdown(81) namecache_shutdown: netbios namecache closed successfully. [2009/03/10 11:51:18, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:18, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:18, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:18, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:51:18, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:18, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:18, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:18, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:51:18, 3] smbd/service.c:close_cnum(1405) monster (::ffff:192.168.60.4) closed connection to service IPC$ [2009/03/10 11:51:18, 3] smbd/connection.c:yield_connection(31) Yielding connection to IPC$ [2009/03/10 11:51:18, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key E0370000010000004950 [2009/03/10 11:51:18, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x1695890 [2009/03/10 11:51:18, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key E0370000010000004950 [2009/03/10 11:51:18, 4] smbd/vfs.c:vfs_ChDir(739) vfs_ChDir to / [2009/03/10 11:51:18, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/10 11:51:18, 5] auth/token_util.c:debug_nt_user_token(466) NT user token: (NULL) [2009/03/10 11:51:18, 5] auth/token_util.c:debug_unix_user_token(492) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/03/10 11:51:18, 5] smbd/uid.c:change_to_root_user(337) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/03/10 11:51:18, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key 49442F31343330342F31 [2009/03/10 11:51:18, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x1675be8 [2009/03/10 11:51:18, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key 49442F31343330342F31 [2009/03/10 11:51:18, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2009/03/10 11:51:18, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(100) Locking key E0370000FFFFFFFF0000 [2009/03/10 11:51:18, 10] lib/dbwrap_tdb.c:db_tdb_fetch_locked(129) Allocated locked data 0x0x175fc48 [2009/03/10 11:51:18, 10] lib/dbwrap_tdb.c:db_tdb_record_destr(42) Unlocking key E0370000FFFFFFFF0000 [2009/03/10 11:51:18, 3] smbd/server.c:exit_server_common(946) Server exit (normal exit)