[2009/07/19 15:02:00, 10] lib/util_sock.c:781(read_smb_length_return_keepalive) got smb length of 450 [2009/07/19 15:02:00, 6] smbd/process.c:1430(process_smb) got message type 0x0 of len 0x1c2 [2009/07/19 15:02:00, 3] smbd/process.c:1433(process_smb) Transaction 44 of length 454 (0 toread) [2009/07/19 15:02:00, 5] lib/util.c:632(show_msg) [2009/07/19 15:02:00, 5] lib/util.c:642(show_msg) size=450 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=1 smb_pid=28200 smb_uid=100 smb_mid=45 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 368 (0x170) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4280 (0x10B8) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 82 (0x52) smb_vwv[11]= 368 (0x170) smb_vwv[12]= 82 (0x52) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 5115 (0x13FB) smb_bcc=383 [2009/07/19 15:02:00, 10] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 05 .\.P.I.P .E.\.... [0010] 00 00 03 10 00 00 00 70 01 20 00 1E 00 00 00 2A .......p . .....* [0020] 01 00 00 00 00 02 00 08 D5 6A 32 86 15 73 88 08 ........ .j2..s.. [0030] 12 A8 CE 4A C8 BE FD 0F BA 85 A9 C4 E0 9A 6C CC ...J.... ......l. [0040] 1B 4B A3 6E B7 CA 62 15 DF 5F F1 6F D9 DC D1 7C .K.n..b. ._.o...| [0050] 22 42 45 87 EA 44 BB 02 44 17 75 AD 65 96 1E 8D "BE..D.. D.u.e... [0060] EF 8F 66 91 31 B5 5A EA FE 7F D6 29 3B 98 68 C6 ..f.1.Z. ...);.h. [0070] D6 EC 67 C4 F1 30 94 7D 70 5D 31 D1 E4 9B A9 17 ..g..0.} p]1..... [0080] 6B FD F0 99 75 E0 48 4E 6B BC F8 73 3D 5C 09 24 k...u.HN k..s=\.$ [0090] D8 C8 15 81 FB FB A4 68 46 60 E1 B2 18 1D 85 97 .......h F`...... [00A0] 48 C1 7C 9E A9 B1 79 20 2D 9D 49 AC 9C 95 0E 8B H.|...y -.I..... [00B0] E9 60 7C 12 98 73 31 17 2F C1 A4 FA DB 8A 92 5C .`|..s1. /......\ [00C0] 83 00 71 C0 57 89 34 89 B7 95 BE 30 09 F2 A5 35 ..q.W.4. ...0...5 [00D0] 9F 14 30 63 00 7E 56 2D 4D BD 15 D7 25 5F 42 2E ..0c.~V- M...%_B. [00E0] B9 C5 9A B3 44 B6 13 5D 2D 39 B0 92 C9 CD 07 D0 ....D..] -9...... [00F0] C3 5A 80 8F 96 6A DB B0 04 51 05 86 85 E5 12 38 .Z...j.. .Q.....8 [0100] F4 9D 98 4C BD 6B 6D 3E 1A 31 A3 96 80 6D CC 19 ...L.km> .1...m.. [0110] 9F 04 23 60 F6 09 83 68 BD 1B 00 E4 73 FB E5 0C ..#`...h ....s... [0120] 12 DF AA AA 03 9E 9C 15 8D 72 79 3B A4 6C 98 41 ........ .ry;.l.A [0130] 94 1F BA 5A 16 CF 11 A9 6A 63 19 AF 60 77 5F FD ...Z.... jc..`w_. [0140] 0A C4 83 93 7A 2B F9 20 EC CE 18 87 D1 A3 A5 3E ....z+. .......> [0150] 70 B7 CF 18 25 CD 01 44 06 06 00 01 00 00 00 77 p...%..D .......w [0160] 00 7A 00 FF FF 00 00 AB B2 65 6B 2B 76 D7 A7 A1 .z...... .ek+v... [0170] F6 53 D8 10 E5 25 AD 20 7B 79 B9 7C 7D 27 DE .S...%. {y.|}'. [2009/07/19 15:02:00, 3] smbd/process.c:1251(switch_message) switch message SMBtrans (pid 23348) conn 0x806da280 [2009/07/19 15:02:00, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (2137, 515) - sec_ctx_stack_ndx = 0 [2009/07/19 15:02:00, 5] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-21-1362721961-1801182073-732966438-41 contains 7 SIDs SID[ 0]: S-1-5-21-1362721961-1801182073-732966438-41 SID[ 1]: S-1-5-21-1362721961-1801182073-732966438-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-2137 SID[ 6]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2009/07/19 15:02:00, 5] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 2137 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2009/07/19 15:02:00, 5] smbd/uid.c:353(change_to_user) change_to_user uid=(0,2137) gid=(0,515) [2009/07/19 15:02:00, 3] smbd/ipc.c:536(handle_trans) trans <\PIPE\> data=368 params=0 setup=2 [2009/07/19 15:02:00, 5] smbd/ipc.c:569(handle_trans) calling named_pipe [2009/07/19 15:02:00, 3] smbd/ipc.c:487(named_pipe) named pipe command on <> name [2009/07/19 15:02:00, 5] smbd/ipc.c:410(api_fd_reply) api_fd_reply [2009/07/19 15:02:00, 3] smbd/ipc.c:451(api_fd_reply) Got API command 0x26 on pipe "NETLOGON" (pnum 13fb) [2009/07/19 15:02:00, 10] smbd/ipc.c:453(api_fd_reply) api_fd_reply: p:0x8077ef20 max_trans_reply: 4280 [2009/07/19 15:02:00, 6] rpc_server/srv_pipe_hnd.c:1188(np_write_send) np_write_send: len: 368 [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 368 [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 368 [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 368, len_needed_to_complete_hdr = 16, receive_len = 0 [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 352 [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 352 [2009/07/19 15:02:00, 5] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0170 000a auth_len : 0020 000c call_id : 0000001e [2009/07/19 15:02:00, 5] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 352 [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 352, incoming data = 352 [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2009/07/19 15:02:00, 5] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000012a 0004 context_id: 0000 0006 opnum : 0002 [2009/07/19 15:02:00, 5] rpc_server/srv_pipe.c:2141(api_pipe_schannel_process) data 304 auth 32 [2009/07/19 15:02:00, 5] rpc_parse/parse_prs.c:88(prs_debug) 000138 smb_io_rpc_hdr_auth hdr_auth 0138 auth_type : 44 0139 auth_level : 06 013a auth_pad_len : 06 013b auth_reserved: 00 013c auth_context_id: 00000001 [2009/07/19 15:02:00, 5] rpc_parse/parse_prs.c:88(prs_debug) 000140 smb_io_rpc_auth_schannel_chk 0140 sig : 77 00 7a 00 ff ff 00 00 0148 seq_num: ab b2 65 6b 2b 76 d7 a7 0150 packet_digest: a1 f6 53 d8 10 e5 25 ad 0158 confounder: 20 7b 79 b9 7c 7d 27 de [2009/07/19 15:02:00, 10] rpc_parse/parse_prs.c:1593(schannel_decode) SCHANNEL: schannel_decode seq_num=8 data_len=304 [2009/07/19 15:02:00, 10] rpc_parse/parse_prs.c:1613(schannel_decode) SCHANNEL: schannel_decode seq_num=8 data_len=304 [2009/07/19 15:02:00, 2] rpc_parse/parse_prs.c:1629(schannel_decode) schannel_decode: FAILED: packet sequence number: [2009/07/19 15:02:00, 2] ../lib/util/util.c:304(_dump_data) [0000] 00 00 00 07 80 00 00 00 ........ [2009/07/19 15:02:00, 2] rpc_parse/parse_prs.c:1631(schannel_decode) should be: [2009/07/19 15:02:00, 2] ../lib/util/util.c:304(_dump_data) [0000] 00 00 00 08 80 00 00 00 ........ [2009/07/19 15:02:00, 3] rpc_server/srv_pipe.c:2170(api_pipe_schannel_process) failed to decode PDU [2009/07/19 15:02:00, 3] rpc_server/srv_pipe_hnd.c:405(process_request_pdu) process_request_pdu: failed to do schannel processing. [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:179(set_incoming_fault) set_incoming_fault: Setting fault state on pipe \NETLOGON [2009/07/19 15:02:00, 3] rpc_server/srv_pipe_hnd.c:646(process_complete_pdu) process_complete_pdu: DCE/RPC fault sent on pipe \NETLOGON [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:179(set_incoming_fault) set_incoming_fault: Setting fault state on pipe \NETLOGON [2009/07/19 15:02:00, 5] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 23 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 0000001e [2009/07/19 15:02:00, 5] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000000 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2009/07/19 15:02:00, 5] rpc_parse/parse_prs.c:88(prs_debug) 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_OP_RNG_ERROR 001c reserved: 00000000 [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 352 [2009/07/19 15:02:00, 10] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x80762360 [2009/07/19 15:02:00, 10] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x80762360 [2009/07/19 15:02:00, 6] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \NETLOGON len: 4280 [2009/07/19 15:02:00, 10] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) read_from_pipe: \NETLOGON: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2009/07/19 15:02:00, 10] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x8076c230 [2009/07/19 15:02:00, 10] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x8076c230 [2009/07/19 15:02:00, 5] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..32] (align 0) [2009/07/19 15:02:00, 5] lib/util.c:632(show_msg) [2009/07/19 15:02:00, 5] lib/util.c:642(show_msg) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=28200 smb_uid=100 smb_mid=45 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2009/07/19 15:02:00, 10] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 03 23 10 00 00 00 20 00 00 00 1E 00 00 ....#... . ...... [0010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [0020] 00 . [2009/07/19 15:02:16, 10] lib/events.c:105(run_events) Running timed event "smbd_idle_event_handler" 0x80748028 [2009/07/19 15:02:16, 10] lib/events.c:287(s3_event_debug) s3_event: Destroying timer event 0x80748028 "smbd_idle_event_handler" [2009/07/19 15:02:16, 10] smbd/process.c:641(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(keepalive) (nil) called [2009/07/19 15:02:16, 10] smbd/process.c:652(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(keepalive) (nil) rescheduled [2009/07/19 15:02:16, 10] lib/events.c:287(s3_event_debug) s3_event: Added timed event "smbd_idle_event_handler": 0x80741e98 [2009/07/19 15:02:16, 10] lib/events.c:105(run_events) Running timed event "smbldap_idle_fn" 0x8075bd50 [2009/07/19 15:02:16, 10] lib/events.c:287(s3_event_debug) s3_event: Destroying timer event 0x8075bd50 "smbldap_idle_fn" [2009/07/19 15:02:16, 10] lib/smbldap.c:1646(smbldap_idle_fn) ldap connection not idle... [2009/07/19 15:02:16, 10] lib/events.c:287(s3_event_debug) s3_event: Added timed event "smbldap_idle_fn": 0x807640c0 [2009/07/19 15:02:16, 10] lib/events.c:105(run_events) Running timed event "smbldap_idle_fn" 0x8075bd50 [2009/07/19 15:02:16, 10] lib/events.c:287(s3_event_debug) s3_event: Destroying timer event 0x8075bd50 "smbldap_idle_fn" [2009/07/19 15:02:16, 7] lib/smbldap.c:1656(smbldap_idle_fn) ldap connection idle...closing connection [2009/07/19 15:02:16, 5] lib/smbldap.c:1163(smbldap_close) The connection to the LDAP server was closed [2009/07/19 15:02:16, 10] lib/events.c:105(run_events) Running timed event "smbd_idle_event_handler" 0x80748028 [2009/07/19 15:02:16, 10] lib/events.c:287(s3_event_debug) s3_event: Destroying timer event 0x80748028 "smbd_idle_event_handler" [2009/07/19 15:02:16, 10] smbd/process.c:641(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(keepalive) (nil) called [2009/07/19 15:02:16, 10] smbd/process.c:652(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(keepalive) (nil) rescheduled [2009/07/19 15:02:16, 10] lib/events.c:287(s3_event_debug) s3_event: Added timed event "smbd_idle_event_handler": 0x8075dd00