Maximum core file size limits now 16777216(soft) -1(hard) get_current_groups: user is in 2 groups: 0, 104 smbd version 3.4.5 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 uid=0 gid=0 euid=0 egid=0 Build environment: Built by: root@erso-desktop Built on: Wed Feb 17 17:09:47 CET 2010 Built using: gcc Build host: Linux erso-desktop 2.6.27.42-0.1-default #1 SMP 2010-01-06 16:07:25 +0100 x86_64 x86_64 x86_64 GNU/Linux SRCDIR: /root/git/samba-3.4.5/source3 BUILDDIR: /root/git/samba-3.4.5/source3 Paths: SBINDIR: /samba-3.4.5/sbin BINDIR: /samba-3.4.5/bin SWATDIR: /samba-3.4.5/swat CONFIGFILE: ../lib/smb.conf LOGFILEBASE: /samba-3.4.5/var LMHOSTSFILE: /samba-3.4.5/lib/lmhosts LIBDIR: /samba-3.4.5/lib MODULESDIR: /samba-3.4.5/lib SHLIBEXT: so LOCKDIR: /samba-3.4.5/var/locks STATEDIR: /samba-3.4.5/var/locks CACHEDIR: /samba-3.4.5/var/locks PIDDIR: /samba-3.4.5/var/locks SMB_PASSWD_FILE: /samba-3.4.5/private/smbpasswd PRIVATE_DIR: /samba-3.4.5/private System Headers: HAVE_SYS_ACL_H HAVE_SYS_CDEFS_H HAVE_SYS_EPOLL_H HAVE_SYS_FCNTL_H HAVE_SYS_INOTIFY_H HAVE_SYS_IOCTL_H HAVE_SYS_IPC_H HAVE_SYS_MMAN_H HAVE_SYS_MOUNT_H HAVE_SYS_PARAM_H HAVE_SYS_PRCTL_H HAVE_SYS_QUOTA_H HAVE_SYS_RESOURCE_H HAVE_SYS_SELECT_H HAVE_SYS_SHM_H HAVE_SYS_SOCKET_H HAVE_SYS_STATFS_H HAVE_SYS_STATVFS_H HAVE_SYS_STAT_H HAVE_SYS_SYSCALL_H HAVE_SYS_SYSCTL_H HAVE_SYS_SYSLOG_H HAVE_SYS_SYSMACROS_H HAVE_SYS_TIME_H HAVE_SYS_TYPES_H HAVE_SYS_UIO_H HAVE_SYS_UNISTD_H HAVE_SYS_UN_H HAVE_SYS_VFS_H HAVE_SYS_WAIT_H HAVE_SYS_XATTR_H Headers: HAVE_ACL_LIBACL_H HAVE_AIO_H HAVE_ALLOCA_H HAVE_ARPA_INET_H HAVE_ASM_TYPES_H HAVE_ASM_UNISTD_H HAVE_ATTR_XATTR_H HAVE_CRYPT_H HAVE_CTYPE_H HAVE_DIRENT_H HAVE_DLFCN_H HAVE_EXECINFO_H HAVE_FCNTL_H HAVE_FLOAT_H HAVE_FNMATCH_H HAVE_GLOB_H HAVE_GRP_H HAVE_GSSAPI_GSSAPI_GENERIC_H HAVE_GSSAPI_GSSAPI_H HAVE_GSSAPI_H HAVE_IFADDRS_H HAVE_KEYUTILS_H HAVE_KRB5_H HAVE_KRB5_LOCATE_PLUGIN_H HAVE_LANGINFO_H HAVE_LASTLOG_H HAVE_LBER_H HAVE_LDAP_H HAVE_LIBINTL_H HAVE_LIMITS_H HAVE_LINUX_DQBLK_XFS_H HAVE_LINUX_INOTIFY_H HAVE_LOCALE_H HAVE_MEMORY_H HAVE_MNTENT_H HAVE_NETDB_H HAVE_NETINET_IN_H HAVE_NETINET_IN_SYSTM_H HAVE_NETINET_IP_H HAVE_NETINET_TCP_H HAVE_NET_IF_H HAVE_NSS_H HAVE_PTHREAD_H HAVE_PWD_H HAVE_RPCSVC_NIS_H HAVE_RPCSVC_YPCLNT_H HAVE_RPCSVC_YP_PROT_H HAVE_RPC_RPC_H HAVE_SETJMP_H HAVE_SHADOW_H HAVE_STDARG_H HAVE_STDBOOL_H HAVE_STDINT_H HAVE_STDIO_H HAVE_STDLIB_H HAVE_STRINGS_H HAVE_STRING_H HAVE_STROPTS_H HAVE_SYSCALL_H HAVE_SYSLOG_H HAVE_TERMIOS_H HAVE_TERMIO_H HAVE_TIME_H HAVE_UNISTD_H HAVE_UTIME_H HAVE_ZLIB_H UTMP Options: HAVE_GETUTMPX HAVE_UTMPX_H HAVE_UTMP_H HAVE_UT_UT_ADDR HAVE_UT_UT_ADDR_V6 HAVE_UT_UT_EXIT HAVE_UT_UT_HOST HAVE_UT_UT_ID HAVE_UT_UT_NAME HAVE_UT_UT_PID HAVE_UT_UT_TIME HAVE_UT_UT_TYPE HAVE_UT_UT_USER PUTUTLINE_RETURNS_UTMP WITH_UTMP HAVE_* Defines: HAVE_ADDRTYPE_IN_KRB5_ADDRESS HAVE_AP_OPTS_USE_SUBKEY HAVE_ASPRINTF HAVE_ATEXIT HAVE_BACKTRACE_SYMBOLS HAVE_BER_SCANF HAVE_BER_SOCKBUF_ADD_IO HAVE_BOOL HAVE_BZERO HAVE_C99_VSNPRINTF HAVE_CHMOD HAVE_CHOWN HAVE_CHROOT HAVE_COMPARISON_FN_T HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS HAVE_CONNECT HAVE_CREAT64 HAVE_CRYPT HAVE_DECL_ASPRINTF HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE HAVE_DECL_RL_EVENT_HOOK HAVE_DECL_SNPRINTF HAVE_DECL_VASPRINTF HAVE_DECL_VSNPRINTF HAVE_DEVICE_MAJOR_FN HAVE_DEVICE_MINOR_FN HAVE_DGETTEXT HAVE_DIRENT_D_OFF HAVE_DIRFD HAVE_DIRFD_DECL HAVE_DLCLOSE HAVE_DLERROR HAVE_DLOPEN HAVE_DLSYM HAVE_DUP2 HAVE_ENDMNTENT HAVE_ENDNETGRENT HAVE_ENVIRON_DECL HAVE_EPOLL HAVE_EPOLL_CREATE HAVE_ERRNO_DECL HAVE_EXECL HAVE_EXPLICIT_LARGEFILE_SUPPORT HAVE_FCHMOD HAVE_FCHOWN HAVE_FCNTL_LOCK HAVE_FCVT HAVE_FDATASYNC HAVE_FGETXATTR HAVE_FLISTXATTR HAVE_FOPEN64 HAVE_FREEADDRINFO HAVE_FREEIFADDRS HAVE_FREMOVEXATTR HAVE_FRSIZE HAVE_FSEEKO64 HAVE_FSETXATTR HAVE_FSID_INT HAVE_FSTAT64 HAVE_FSYNC HAVE_FTELLO64 HAVE_FTRUNCATE HAVE_FTRUNCATE64 HAVE_FTRUNCATE_EXTEND HAVE_FUNCTION_MACRO HAVE_GAI_STRERROR HAVE_GETADDRINFO HAVE_GETCWD HAVE_GETDIRENTRIES HAVE_GETGRENT HAVE_GETGRENT_R HAVE_GETGRENT_R_DECL HAVE_GETGRGID_R HAVE_GETGRNAM HAVE_GETGRNAM_R HAVE_GETGROUPLIST HAVE_GETHOSTBYNAME HAVE_GETIFADDRS HAVE_GETMNTENT HAVE_GETNAMEINFO HAVE_GETNETGRENT HAVE_GETPAGESIZE HAVE_GETPGRP HAVE_GETPWENT_R HAVE_GETPWENT_R_DECL HAVE_GETPWNAM_R HAVE_GETPWUID_R HAVE_GETRLIMIT HAVE_GETSPNAM HAVE_GETTEXT HAVE_GETTIMEOFDAY_TZ HAVE_GETXATTR HAVE_GLOB HAVE_GRANTPT HAVE_GSSAPI HAVE_GSS_DISPLAY_STATUS HAVE_HSTRERROR HAVE_ICONV HAVE_IFACE_GETIFADDRS HAVE_IF_NAMETOINDEX HAVE_IMMEDIATE_STRUCTURES HAVE_INET_ATON HAVE_INET_NTOA HAVE_INET_NTOP HAVE_INET_PTON HAVE_INITGROUPS HAVE_INITIALIZE_KRB5_ERROR_TABLE HAVE_INNETGR HAVE_INOTIFY HAVE_INOTIFY_INIT HAVE_IPV6 HAVE_ISATTY HAVE_KERNEL_CHANGE_NOTIFY HAVE_KERNEL_OPLOCKS_LINUX HAVE_KERNEL_SHARE_MODES HAVE_KRB5 HAVE_KRB5_AUTH_CON_SETUSERUSERKEY HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE HAVE_KRB5_C_ENCTYPE_COMPARE HAVE_KRB5_C_VERIFY_CHECKSUM HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER HAVE_KRB5_ENCRYPT_BLOCK HAVE_KRB5_ENCRYPT_DATA HAVE_KRB5_ENCTYPE_TO_STRING HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG HAVE_KRB5_FREE_DATA_CONTENTS HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS HAVE_KRB5_FREE_UNPARSED_NAME HAVE_KRB5_FWD_TGT_CREDS HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC HAVE_KRB5_GET_INIT_CREDS_OPT_FREE HAVE_KRB5_GET_PERMITTED_ENCTYPES HAVE_KRB5_GET_RENEWED_CREDS HAVE_KRB5_KEYBLOCK_IN_CREDS HAVE_KRB5_KEYTAB_ENTRY_KEY HAVE_KRB5_KEYUSAGE_APP_DATA_CKSUM HAVE_KRB5_KT_FREE_ENTRY HAVE_KRB5_LOCATE_KDC HAVE_KRB5_MK_REQ_EXTENDED HAVE_KRB5_PRINCIPAL2SALT HAVE_KRB5_PRINC_COMPONENT HAVE_KRB5_PRINC_REALM HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES HAVE_KRB5_SET_DEFAULT_TGS_KTYPES HAVE_KRB5_SET_REAL_TIME HAVE_KRB5_STRING_TO_KEY HAVE_KRB5_TKT_ENC_PART2 HAVE_KRB5_USE_ENCTYPE HAVE_KRB5_VERIFY_CHECKSUM HAVE_KV5M_KEYTAB HAVE_LBER_LOG_PRINT_FN HAVE_LCHOWN HAVE_LDAP HAVE_LDAP_ADD_RESULT_ENTRY HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SASL_WRAPPING HAVE_LDAP_SET_REBIND_PROC HAVE_LGETXATTR HAVE_LIBCOM_ERR HAVE_LIBGSSAPI_KRB5 HAVE_LIBK5CRYPTO HAVE_LIBKRB5 HAVE_LIBLBER HAVE_LIBLDAP HAVE_LIBRESOLV HAVE_LIBZ HAVE_LINK HAVE_LINUX_READAHEAD HAVE_LINUX_SPLICE HAVE_LINUX_XFS_QUOTAS HAVE_LISTXATTR HAVE_LLISTXATTR HAVE_LLSEEK HAVE_LONGLONG HAVE_LONG_LONG HAVE_LREMOVEXATTR HAVE_LSEEK64 HAVE_LSETXATTR HAVE_LSTAT HAVE_LSTAT64 HAVE_MAGIC_IN_KRB5_ADDRESS HAVE_MAKEDEV HAVE_MEMALIGN HAVE_MEMCPY HAVE_MEMMOVE HAVE_MEMSET HAVE_MKDIR_MODE HAVE_MKDTEMP HAVE_MKNOD HAVE_MKTIME HAVE_MLOCK HAVE_MLOCKALL HAVE_MMAP HAVE_MSGHDR_MSG_CONTROL HAVE_MUNLOCK HAVE_MUNLOCKALL HAVE_NANOSLEEP HAVE_NATIVE_ICONV HAVE_NL_LANGINFO HAVE_NO_AIO HAVE_OPEN64 HAVE_PATHCONF HAVE_PEERCRED HAVE_PIPE HAVE_POLL HAVE_POSIX_ACLS HAVE_POSIX_FADVISE HAVE_POSIX_MEMALIGN HAVE_PRCTL HAVE_PREAD HAVE_PREAD64 HAVE_PRINTF HAVE_PTHREAD HAVE_PUTUTLINE HAVE_PUTUTXLINE HAVE_PWRITE HAVE_PWRITE64 HAVE_QUOTACTL_LINUX HAVE_RAND HAVE_RANDOM HAVE_READAHEAD_DECL HAVE_READDIR64 HAVE_READLINK HAVE_REALPATH HAVE_REMOVEXATTR HAVE_RENAME HAVE_SA_FAMILY_T HAVE_SECURE_MKSTEMP HAVE_SELECT HAVE_SENDFILE64 HAVE_SETBUFFER HAVE_SETEGID HAVE_SETENV HAVE_SETENV_DECL HAVE_SETEUID HAVE_SETGROUPS HAVE_SETLINEBUF HAVE_SETLOCALE HAVE_SETMNTENT HAVE_SETNETGRENT HAVE_SETPGID HAVE_SETRESGID HAVE_SETRESGID_DECL HAVE_SETRESUID HAVE_SETRESUID_DECL HAVE_SETSID HAVE_SETXATTR HAVE_SHMGET HAVE_SHORT_KRB5_MK_ERROR_INTERFACE HAVE_SIGACTION HAVE_SIGBLOCK HAVE_SIGPROCMASK HAVE_SIGSET HAVE_SIG_ATOMIC_T_TYPE HAVE_SNPRINTF HAVE_SOCKETPAIR HAVE_SOCKLEN_T HAVE_SPLICE_DECL HAVE_SRAND HAVE_SRANDOM HAVE_SS_FAMILY HAVE_STAT64 HAVE_STATVFS_F_FLAG HAVE_STAT_HIRES_TIMESTAMPS HAVE_STAT_ST_BLKSIZE HAVE_STAT_ST_BLOCKS HAVE_STRCASECMP HAVE_STRCASESTR HAVE_STRCHR HAVE_STRDUP HAVE_STRERROR HAVE_STRFTIME HAVE_STRNDUP HAVE_STRNLEN HAVE_STRPBRK HAVE_STRSIGNAL HAVE_STRTOK_R HAVE_STRTOL HAVE_STRTOLL HAVE_STRTOQ HAVE_STRTOULL HAVE_STRTOUQ HAVE_STRUCT_ADDRINFO HAVE_STRUCT_DIRENT64 HAVE_STRUCT_FLOCK64 HAVE_STRUCT_IFADDRS HAVE_STRUCT_SIGEVENT HAVE_STRUCT_SIGEVENT_SIGEV_VALUE_SIVAL_PTR HAVE_STRUCT_SOCKADDR HAVE_STRUCT_SOCKADDR_IN6 HAVE_STRUCT_SOCKADDR_STORAGE HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC HAVE_STRUCT_STAT_ST_RDEV HAVE_STRUCT_TIMESPEC HAVE_ST_RDEV HAVE_SYMLINK HAVE_SYSCONF HAVE_SYSLOG HAVE_SYS_QUOTAS HAVE_TICKET_POINTER_IN_KRB5_AP_REQ HAVE_TIMEGM HAVE_UNIXSOCKET HAVE_UNSETENV HAVE_UPDWTMP HAVE_UPDWTMPX HAVE_USLEEP HAVE_UTIMBUF HAVE_UTIME HAVE_UTIMES HAVE_VASPRINTF HAVE_VA_COPY HAVE_VOLATILE HAVE_VSNPRINTF HAVE_VSYSLOG HAVE_WAITPID HAVE_WRFILE_KEYTAB HAVE_XFS_QUOTAS HAVE_YP_GET_DEFAULT_DOMAIN HAVE_ZLIBVERSION HAVE__Bool HAVE__ET_LIST HAVE__VA_ARGS__MACRO HAVE___CLOSE HAVE___DUP2 HAVE___FCNTL HAVE___FORK HAVE___FSTAT HAVE___FXSTAT HAVE___LSEEK HAVE___LSTAT HAVE___LXSTAT HAVE___NR_INOTIFY_INIT_DECL HAVE___OPEN HAVE___OPEN64 HAVE___PREAD64 HAVE___PWRITE64 HAVE___READ HAVE___STAT HAVE___WRITE HAVE___XSTAT --with Options: WITH_ADS WITH_CIFSMOUNT WITH_CIFSUPCALL WITH_QUOTAS WITH_SENDFILE WITH_UTMP WITH_WINBIND Build Options: COMPILER_SUPPORTS_LL CONFIG_H_IS_FROM_SAMBA DEFAULT_DISPLAY_CHARSET DEFAULT_DOS_CHARSET DEFAULT_UNIX_CHARSET KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT KRB5_TICKET_HAS_KEYINFO KRB5_VERIFY_CHECKSUM_ARGS LDAP_SET_REBIND_PROC_ARGS LIBREPLACE_NETWORK_CHECKS LINUX LINUX_SENDFILE_API PACKAGE_BUGREPORT PACKAGE_NAME PACKAGE_STRING PACKAGE_TARNAME PACKAGE_VERSION REALPATH_TAKES_NULL REPLACE_GETPASS RETSIGTYPE SEEKDIR_RETURNS_VOID SHLIBEXT SIZEOF_CHAR SIZEOF_DEV_T SIZEOF_INO_T SIZEOF_INT SIZEOF_LONG_LONG SIZEOF_OFF_T SIZEOF_SHORT SIZEOF_SIZE_T SIZEOF_SSIZE_T SIZEOF_TIME_T SIZEOF_VOID_P STAT_STATVFS64 STAT_ST_BLOCKSIZE STDC_HEADERS STRING_STATIC_MODULES SYSCONF_SC_NGROUPS_MAX SYSCONF_SC_NPROCESSORS_ONLN SYSCONF_SC_PAGESIZE SYSLOG_FACILITY TIME_WITH_SYS_TIME USE_SETREUID WITH_ADS WITH_CIFSMOUNT WITH_CIFSUPCALL WITH_QUOTAS WITH_SENDFILE WITH_WINBIND _FILE_OFFSET_BITS _GNU_SOURCE _LARGEFILE64_SOURCE _POSIX_C_SOURCE _POSIX_SOURCE auth_script_init charset_CP437_init charset_CP850_init offset_t static_decl_auth static_decl_charset static_decl_gpext static_decl_idmap static_decl_nss_info static_decl_pdb static_decl_perfcount static_decl_rpc static_decl_vfs static_init_auth static_init_charset static_init_gpext static_init_idmap static_init_nss_info static_init_pdb static_init_perfcount static_init_rpc static_init_vfs uint_t vfs_acl_tdb_init vfs_acl_xattr_init vfs_audit_init vfs_cap_init vfs_default_quota_init vfs_dirsort_init vfs_expand_msdfs_init vfs_extd_audit_init vfs_fake_perms_init vfs_fileid_init vfs_full_audit_init vfs_netatalk_init vfs_preopen_init vfs_readahead_init vfs_readonly_init vfs_recycle_init vfs_shadow_copy2_init vfs_shadow_copy_init vfs_smb_traffic_analyzer_init vfs_streams_depot_init vfs_streams_xattr_init vfs_syncops_init vfs_xattr_tdb_init Type sizes: sizeof(char): 1 sizeof(int): 4 sizeof(long): 8 sizeof(long long): 8 sizeof(uint8): 1 sizeof(uint16): 2 sizeof(uint32): 4 sizeof(short): 2 sizeof(void*): 8 sizeof(size_t): 8 sizeof(off_t): 8 sizeof(ino_t): 8 sizeof(dev_t): 8 Builtin modules: pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_wbc_sam rpc_lsarpc rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl rpc_ntsvcs rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog rpc_samr idmap_ldap idmap_tdb idmap_passdb idmap_nss nss_info_template auth_sam auth_unix auth_winbind auth_wbc auth_server auth_domain auth_builtin auth_netlogond vfs_default vfs_posixacl lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) params.c:pm_process() - Processing configuration file "../lib/smb.conf" Processing section "[global]" doing parameter server string = Samba fra erso doing parameter passdb backend = tdbsam:/samba-3.4.5/private/passdb.tdb doing parameter comment = testsone doing parameter workgroup = testgroup doing parameter security = server doing parameter log level = 10 doing parameter max log size = 0 doing parameter debug hires timestamp = yes doing parameter debug pid = yes doing parameter printcap name = /etc/printcap doing parameter disable spoolss = yes doing parameter map to guest = Bad User doing parameter usershare allow guests = No doing parameter netbios name = testpc handle_netbios_name: set global_myname to: TESTPC doing parameter wins support = No pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: role = ROLE_STANDALONE Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF-16LE Registered charset UTF-16LE Attempting to register new charset UCS-2BE Registered charset UCS-2BE Attempting to register new charset UTF-16BE Registered charset UTF-16BE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset UTF-8 Registered charset UTF-8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) params.c:pm_process() - Processing configuration file "../lib/smb.conf" Processing section "[global]" doing parameter server string = Samba fra erso doing parameter passdb backend = tdbsam:/samba-3.4.5/private/passdb.tdb doing parameter comment = testsone doing parameter workgroup = testgroup doing parameter security = server doing parameter log level = 10 doing parameter max log size = 0 doing parameter debug hires timestamp = yes doing parameter debug pid = yes doing parameter printcap name = /etc/printcap doing parameter disable spoolss = yes doing parameter map to guest = Bad User doing parameter usershare allow guests = No doing parameter netbios name = testpc handle_netbios_name: set global_myname to: TESTPC doing parameter wins support = No Processing section "[test$]" add_a_service: Creating snum = 0 for test$ hash_a_service: creating servicehash hash_a_service: hashing index 0 for service name test$ doing parameter comment = testshare doing parameter path = /testshare doing parameter acl group control = yes doing parameter writable = yes doing parameter browsable = yes doing parameter force directory security mode = 2777 pm_process() returned Yes lp_servicenumber: couldn't find homes add_a_service: Creating snum = 1 for IPC$ hash_a_service: hashing index 1 for service name IPC$ adding IPC service set_server_role: role = ROLE_STANDALONE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE lp_servicenumber: couldn't find printers reloading printcap cache Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE reload status: ok lp_servicenumber: couldn't find printers lp_servicenumber: couldn't find printers lp_file_list_changed() file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 added interface vmnet8 ip=192.168.221.1 bcast=192.168.221.255 netmask=255.255.255.0 added interface vmnet1 ip=192.168.244.1 bcast=192.168.244.255 netmask=255.255.255.0 added interface br0 ip=10.225.5.232 bcast=10.225.7.255 netmask=255.255.248.0 Netbios name list:- my_netbios_names[0]="TESTPC" loaded services fcntl_lock 8 6 0 1 1 fcntl_lock: Lock call successful Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend 'NDS_ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend wbc_sam Successfully added passdb backend 'wbc_sam' Attempting to find a passdb backend to match tdbsam:/samba-3.4.5/private/passdb.tdb (tdbsam) Found pdb backend tdbsam pdb backend tdbsam:/samba-3.4.5/private/passdb.tdb has a valid init Opening cache file at /samba-3.4.5/var/locks/gencache.tdb namecache_enable: enabling netbios namecache, timeout 660 seconds reghook_cache_init: new tree with default ops 0x7fb623ff9000 for key [] regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] specific: [Samba Printer Port], len: 2 regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] specific: [DefaultSpoolDirectory], len: 70 regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] specific: [DisplayName], len: 20 specific: [ErrorControl], len: 4 regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] specific: [DisplayName], len: 20 specific: [ErrorControl], len: 4 reghook_cache_add: Adding ops 0x7fb623ff92a0 for key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7fb623ff92a0 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7fb623ff92a0 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7fb623ff9300 for key [/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7fb623ff9100 for key [/HKLM/SOFTWARE/Samba/smbconf] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SOFTWARE/Samba/smbconf] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7fb623ff9360 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7fb623ff93c0 for key [/HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7fb623ff9420 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7fb623ff9480 for key [/HKPT] pathtree_add: Enter pathtree_add: Successfully added node [HKPT] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7fb623ff94e0 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion] to tree pathtree_add: Exit reghook_cache_add: Adding ops 0x7fb623ff9540 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib] pathtree_add: Enter pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib] to tree pathtree_add: Exit Cache entry with key = IDMAP/UID2SID/0 couldn't be found uid_to_sid: winbind failed to find a sid for uid 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups tdbsam_open: successfully opened /samba-3.4.5/private/passdb.tdb pdb_set_username: setting username root, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\root\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 push_conn_ctx(0) : conn_ctx_stack_ndx = 2 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: uid 0 -> sid S-1-5-21-783145419-1966905550-2589541370-1000 Cache entry with key = IDMAP/GID2SID/0 couldn't be found gid_to_sid: winbind failed to find a sid for gid 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: gid 0 -> sid S-1-22-2-0 Create local NT token for S-1-5-21-783145419-1966905550-2589541370-1000 Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found winbind failed to find a gid for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Failed to fetch domain sid for TESTGROUP pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found winbind failed to find a gid for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Failed to fetch domain sid for TESTGROUP pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_privileges: No privileges assigned to SID [S-1-5-21-783145419-1966905550-2589541370-1000] get_privileges_for_sids: sid = S-1-5-32-544 Privilege set: SE_PRIV 0xff0 0x0 0x0 0x0 get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-11] regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (1) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] regdb_get_secdesc: Getting secdesc of key [HKLM] regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (3) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (3) regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] regdb_get_secdesc: Getting secdesc of key [HKLM] regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Spooler] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] regdb_get_secdesc: Getting secdesc of key [HKLM] regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Spooler] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] regdb_get_secdesc: Getting secdesc of key [HKLM] regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [NETLOGON] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] regdb_get_secdesc: Getting secdesc of key [HKLM] regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [NETLOGON] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] regdb_get_secdesc: Getting secdesc of key [HKLM] regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [RemoteRegistry] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] regdb_get_secdesc: Getting secdesc of key [HKLM] regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [RemoteRegistry] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] regdb_get_secdesc: Getting secdesc of key [HKLM] regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [WINS] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] regdb_close: decrementing refcount (2) regkey_open_onelevel: name = [HKLM] regdb_open: incrementing refcount (2) reghook_cache_find: Searching for keyname [/HKLM] pathtree_find: Enter [/HKLM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM] regdb_get_secdesc: Getting secdesc of key [HKLM] regkey_open_onelevel: name = [SYSTEM] regdb_open: incrementing refcount (3) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] pathtree_find: Enter [/HKLM/SYSTEM] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] regkey_open_onelevel: name = [CurrentControlSet] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Services] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [WINS] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] regdb_close: decrementing refcount (4) regkey_open_onelevel: name = [Security] regdb_open: incrementing refcount (4) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] pathtree_find: Exit reghook_cache_find: found ops 0x7fb623ff9000 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] regdb_close: decrementing refcount (4) regdb_close: decrementing refcount (3) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] regdb_close: decrementing refcount (2) regdb_close: decrementing refcount (1) regdb_close: decrementing refcount (0) update_c_setprinter: c_setprinter = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_getsampwsid: Building guest account pdb_set_username: setting username nobody, was pdb_set_full_name: setting full name nobody, was pdb_set_domain: setting domain TESTPC, was pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 from rid 501 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 sys_getgrouplist: user [nobody] Cache entry with key = IDMAP/GID2SID/65533 couldn't be found gid_to_sid: winbind failed to find a sid for gid 65533 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: gid 65533 -> sid S-1-22-2-65533 Cache entry with key = IDMAP/GID2SID/65534 couldn't be found gid_to_sid: winbind failed to find a sid for gid 65534 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: gid 65534 -> sid S-1-22-2-65534 make_server_info_sam: made server info for user nobody -> nobody Create local NT token for S-1-5-21-783145419-1966905550-2589541370-501 Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found winbind failed to find a gid for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Failed to fetch domain sid for TESTGROUP pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found winbind failed to find a gid for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Failed to fetch domain sid for TESTGROUP pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_privileges: No privileges assigned to SID [S-1-5-21-783145419-1966905550-2589541370-501] get_privileges: No privileges assigned to SID [S-1-22-2-65533] get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-32-546] get_privileges: No privileges assigned to SID [S-1-22-2-65534] Cache entry with key = IDMAP/SID2GID/S-1-1-0 couldn't be found winbind failed to find a gid for sid S-1-1-0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-1-0 Could not convert SID S-1-1-0 to gid, ignoring it Cache entry with key = IDMAP/SID2GID/S-1-5-2 couldn't be found winbind failed to find a gid for sid S-1-5-2 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-2 Could not convert SID S-1-5-2 to gid, ignoring it Cache entry with key = IDMAP/SID2GID/S-1-5-32-546 couldn't be found winbind failed to find a gid for sid S-1-5-32-546 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-546 Could not convert SID S-1-5-32-546 to gid, ignoring it NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 7 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-22-2-65533 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-2-65534 SID[ 6]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 2 supplementary groups Group[ 0]: 65533 Group[ 1]: 65534 interpret_string_addr_internal: getaddrinfo failed for name :: [Address family for hostname not supported] interpret_string_addr_internal: getaddrinfo failed for name :: [Address family for hostname not supported] bind succeeded on port 445 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 bind succeeded on port 139 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 claiming [] Locking key 29320000FFFFFFFF0000 Allocated locked data 0x0x7fb624082420 Unlocking key 29320000FFFFFFFF0000 waiting for connections Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 lp_file_list_changed() file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 init_oplocks: initializing messages. Linux kernel oplocks enabled s3_event: Added timed event "smbd_idle_event_handler": 0x7fb6240671c0 event_add_idle: idle_evt(keepalive) 0x7fb6240671c0 s3_event: Added timed event "smbd_idle_event_handler": 0x7fb624032cd0 event_add_idle: idle_evt(deadtime) 0x7fb624032cd0 s3_event: Added timed event "smbd_idle_event_handler": 0x7fb62402a9f0 event_add_idle: idle_evt(housekeeping) 0x7fb62402a9f0 got smb length of 133 got message type 0x0 of len 0x85 Transaction 0 of length 137 (0 toread) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [0010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [0020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [0030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [0040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [0050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [0060] 32 00 2. switch message SMBnegprot (pid 12841) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Requested protocol [PC NETWORK PROGRAM 1.0] Requested protocol [LANMAN1.0] Requested protocol [Windows for Workgroups 3.1a] Requested protocol [LM1.2X002] Requested protocol [LANMAN2.1] Requested protocol [NT LM 0.12] set_remote_arch: Client arch is 'Win2K' lp_file_list_changed() file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 claiming [] Locking key 29320000FFFFFFFF0000 Allocated locked data 0x0x7fb624085050 Unlocking key 29320000FFFFFFFF0000 lp_file_list_changed() file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 using SPNEGO Selected protocol NT LM 0.12 negprot index=5 size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=10496 (0x2900) smb_vwv[ 8]= 50 (0x32) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=53753 (0xD1F9) smb_vwv[13]=24361 (0x5F29) smb_vwv[14]=51892 (0xCAB4) smb_vwv[15]=50177 (0xC401) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [0000] 74 65 73 74 70 63 00 00 00 00 00 00 00 00 00 00 testpc.. ........ [0010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... ....0... [0020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7..... [0030] 30 08 A0 06 1B 04 4E 4F 4E 45 0.....NO NE got smb length of 206 got message type 0x0 of len 0xce Transaction 1 of length 210 (0 toread) size=206 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 206 (0xCE) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=147 [0000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [0020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... [0030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 05 00 93 08 00 00 00 0F 00 57 00 69 00 6E ........ ...W.i.n [0050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [0060] 00 30 00 20 00 32 00 31 00 39 00 35 00 00 00 57 .0. .2.1 .9.5...W [0070] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 [0080] 00 30 00 30 00 30 00 20 00 35 00 2E 00 30 00 00 .0.0.0. .5...0.. [0090] 00 00 00 ... switch message SMBsesssetupX (pid 12841) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] register_initial_vuid: allocated vuid = 100 check_spnego_blob_complete: needed_len = 74, pblob->length = 74 parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 reply_spnego_negotiate: Got secblob of size 40 Making default auth method list for security=server Attempting to register auth backend sam Successfully added auth method 'sam' Attempting to register auth backend sam_ignoredomain Successfully added auth method 'sam_ignoredomain' Attempting to register auth backend unix Successfully added auth method 'unix' Attempting to register auth backend winbind Successfully added auth method 'winbind' Attempting to register auth backend wbc Successfully added auth method 'wbc' Attempting to register auth backend smbserver Successfully added auth method 'smbserver' Attempting to register auth backend trustdomain Successfully added auth method 'trustdomain' Attempting to register auth backend ntdomain Successfully added auth method 'ntdomain' Attempting to register auth backend guest Successfully added auth method 'guest' Attempting to register auth backend netlogond Successfully added auth method 'netlogond' load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init load_auth_module: Attempting to find an auth method to match smbserver load_auth_module: auth method smbserver has a valid init Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 auth_get_challenge: module guest did not want to specify a challenge auth_get_challenge: module sam did not want to specify a challenge auth_get_challenge: getting challenge from module smbserver Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found sitename_fetch: No stored sitename for internal_resolve_name: looking up *#20 (sitename (null)) Returning valid cache entry: key = NBT/*#20, value = 10.225.3.7:0,10.225.3.6:0,10.225.3.35:0,10.225.3.21:0,10.225.3.193:0,10.225.3.15:0, timeout = Tue Feb 23 09:16:57 2010 name *#20 found. s3_event: Added timed event "tevent_req_timedout": 0x7fb624086680 s3_event: Added timed event "tevent_req_timedout": 0x7fb623ffe510 Running timed event "tevent_req_timedout" 0x7fb624086680 s3_event: Destroying timer event 0x7fb624086680 "tevent_req_timedout" s3_event: Added timed event "tevent_req_timedout": 0x7fb62407e630 Connecting to 10.225.3.7 at port 445 s3_event: Added timed event "tevent_req_timedout": 0x7fb624064c30 connect returned Connection refused s3_event: Destroying timer event 0x7fb624064c30 "tevent_req_timedout" s3_event: Destroying timer event 0x7fb62407e630 "tevent_req_timedout" Running timed event "tevent_req_timedout" 0x7fb623ffe510 s3_event: Destroying timer event 0x7fb623ffe510 "tevent_req_timedout" s3_event: Added timed event "tevent_req_timedout": 0x7fb62406f030 Connecting to 10.225.3.7 at port 139 s3_event: Added timed event "tevent_req_timedout": 0x7fb62406d860 connect returned Connection refused s3_event: Destroying timer event 0x7fb62406d860 "tevent_req_timedout" s3_event: Destroying timer event 0x7fb62406f030 "tevent_req_timedout" Error connecting to 10.225.3.7 (Connection refused) server_cryptkey: failed to connect to server *. Error NT_STATUS_CONNECTION_REFUSED password server not available auth_get_challenge: getting challenge from authentication method smbserver FAILED. auth_context challenge created by random challenge is: [0000] 11 AF 15 F1 84 18 E3 31 .......1 size=318 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=64 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 221 (0xDD) smb_bcc=275 [0000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [0010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .......N [0020] 54 4C 4D 53 53 50 00 02 00 00 00 0C 00 0C 00 30 TLMSSP.. .......0 [0030] 00 00 00 15 82 8A E2 11 AF 15 F1 84 18 E3 31 00 ........ ......1. [0040] 00 00 00 00 00 00 00 82 00 82 00 3C 00 00 00 54 ........ ...<...T [0050] 00 45 00 53 00 54 00 50 00 43 00 02 00 0C 00 54 .E.S.T.P .C.....T [0060] 00 45 00 53 00 54 00 50 00 43 00 01 00 0C 00 54 .E.S.T.P .C.....T [0070] 00 45 00 53 00 54 00 50 00 43 00 04 00 1E 00 63 .E.S.T.P .C.....c [0080] 00 6C 00 69 00 65 00 6E 00 74 00 73 00 2E 00 61 .l.i.e.n .t.s...a [0090] 00 68 00 75 00 73 00 2E 00 6E 00 6F 00 03 00 38 .h.u.s.. .n.o...8 [00A0] 00 65 00 72 00 73 00 6F 00 2D 00 64 00 65 00 73 .e.r.s.o .-.d.e.s [00B0] 00 6B 00 74 00 6F 00 70 00 2E 00 63 00 6C 00 69 .k.t.o.p ...c.l.i [00C0] 00 65 00 6E 00 74 00 73 00 2E 00 61 00 68 00 75 .e.n.t.s ...a.h.u [00D0] 00 73 00 2E 00 6E 00 6F 00 00 00 00 00 55 00 6E .s...n.o .....U.n [00E0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [00F0] 00 20 00 33 00 2E 00 34 00 2E 00 35 00 00 00 54 . .3...4 ...5...T [0100] 00 45 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 .E.S.T.G .R.O.U.P [0110] 00 00 00 ... got smb length of 346 got message type 0x0 of len 0x15a Transaction 2 of length 350 (0 toread) size=346 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 346 (0x15A) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 214 (0xD6) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=287 [0000] A1 81 D3 30 81 D0 A2 81 CD 04 81 CA 4E 54 4C 4D ...0.... ....NTLM [0010] 53 53 50 00 03 00 00 00 18 00 18 00 8A 00 00 00 SSP..... ........ [0020] 18 00 18 00 A2 00 00 00 14 00 14 00 48 00 00 00 ........ ....H... [0030] 1A 00 1A 00 5C 00 00 00 14 00 14 00 76 00 00 00 ....\... ....v... [0040] 10 00 10 00 BA 00 00 00 15 82 88 E2 05 00 93 08 ........ ........ [0050] 00 00 00 0F 43 00 5A 00 43 00 37 00 34 00 38 00 ....C.Z. C.7.4.8. [0060] 37 00 54 00 30 00 58 00 41 00 64 00 6D 00 69 00 7.T.0.X. A.d.m.i. [0070] 6E 00 69 00 73 00 74 00 72 00 61 00 74 00 6F 00 n.i.s.t. r.a.t.o. [0080] 72 00 43 00 5A 00 43 00 37 00 34 00 38 00 37 00 r.C.Z.C. 7.4.8.7. [0090] 54 00 30 00 58 00 FE CF 23 DB BE CE DE AC 00 00 T.0.X... #....... [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0E D9 ........ ........ [00B0] B8 02 6F C7 9E 03 97 6A 91 01 0A E3 3D CA B9 4D ..o....j ....=..M [00C0] EE 55 88 4A AD 89 D5 11 87 26 79 F6 19 D1 10 C9 .U.J.... .&y..... [00D0] 4B 03 6B F6 56 DF 00 57 00 69 00 6E 00 64 00 6F K.k.V..W .i.n.d.o [00E0] 00 77 00 73 00 20 00 32 00 30 00 30 00 30 00 20 .w.s. .2 .0.0.0. [00F0] 00 32 00 31 00 39 00 35 00 00 00 57 00 69 00 6E .2.1.9.5 ...W.i.n [0100] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [0110] 00 30 00 20 00 35 00 2E 00 30 00 00 00 00 00 .0. .5.. .0..... switch message SMBsesssetupX (pid 12841) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] check_spnego_blob_complete: needed_len = 214, pblob->length = 214 Got user=[Administrator] domain=[CZC7487T0X] workstation=[CZC7487T0X] len1=24 len2=24 auth_context challenge set by NTLMSSP callback (NTLM2) challenge is: [0000] 71 FF 74 F0 9B F7 42 DD q.t...B. lp_file_list_changed() file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 Mapping user [CZC7487T0X]\[Administrator] from workstation [CZC7487T0X] Mapped domain from [CZC7487T0X] to [TESTPC] for user [Administrator] from workstation [CZC7487T0X] attempting to make a user_info for Administrator (Administrator) making strings for Administrator's user_info struct making blobs for Administrator's user_info struct made an encrypted user_info for Administrator (Administrator) check_ntlm_password: Checking password for unmapped user [CZC7487T0X]\[Administrator]@[CZC7487T0X] with the new password interface check_ntlm_password: mapped user is: [TESTPC]\[Administrator]@[CZC7487T0X] check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) challenge is: [0000] 71 FF 74 F0 9B F7 42 DD q.t...B. check_ntlm_password: guest had nothing to say is_myname("TESTPC") returns 1 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Finding user Administrator Trying _Get_Pwnam(), username as lowercase is administrator Trying _Get_Pwnam(), username as given is Administrator Get_Pwnam_internals did find user [Administrator]! push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_update_autolock_flag: Account Administrator not autolocked, no check needed ntlm_password_check: Checking NT MD4 password sam_account_ok: Checking SMB password for user Administrator logon_hours_ok: user Administrator allowed to logon at this time (Tue Feb 23 08:06:55 2010 ) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups sys_getgrouplist: user [Administrator] Cache entry with key = IDMAP/GID2SID/123 couldn't be found gid_to_sid: winbind failed to find a sid for gid 123 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 LEGACY: gid 123 -> sid S-1-22-2-123 make_server_info_sam: made server info for user Administrator -> Administrator pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: sam authentication for user [Administrator] succeeded push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 check_ntlm_password: PAM Account for user [Administrator] succeeded check_ntlm_password: authentication for user [Administrator] -> [Administrator] -> [Administrator] succeeded attempting to free (and zero) a user_info structure structure was created for Administrator Create local NT token for S-1-5-21-783145419-1966905550-2589541370-1001 Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found winbind failed to find a gid for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Failed to fetch domain sid for TESTGROUP pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found winbind failed to find a gid for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Failed to fetch domain sid for TESTGROUP pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_privileges: No privileges assigned to SID [S-1-5-21-783145419-1966905550-2589541370-1001] get_privileges: No privileges assigned to SID [S-1-22-2-123] get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-11] Cache entry with key = IDMAP/SID2GID/S-1-1-0 couldn't be found winbind failed to find a gid for sid S-1-1-0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-1-0 Could not convert SID S-1-1-0 to gid, ignoring it Cache entry with key = IDMAP/SID2GID/S-1-5-2 couldn't be found winbind failed to find a gid for sid S-1-5-2 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-2 Could not convert SID S-1-5-2 to gid, ignoring it Cache entry with key = IDMAP/SID2GID/S-1-5-11 couldn't be found winbind failed to find a gid for sid S-1-5-11 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-11 Could not convert SID S-1-5-11 to gid, ignoring it NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 Got NT session key of length 16 ntlmssp_server_auth: Created NTLM2 session key. NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 register_existing_vuid: (123,123) Administrator Administrator TESTPC guest=0 register_existing_vuid: User name: Administrator Real name: Administrator register_existing_vuid: UNIX uid 123 is UNIX user Administrator, and will be vuid 100 Locking key 49442F31323834312F31 Allocated locked data 0x0x7fb62406fa60 Unlocking key 49442F31323834312F31 lp_servicenumber: couldn't find Administrator Adding homes service for user 'Administrator' using home directory: '/home/administrator' lp_servicenumber: couldn't find homes lp_file_list_changed() file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 size=106 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=63 [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 34 00 2E 00 35 00 00 00 54 00 45 00 53 ...4...5 ...T.E.S [0030] 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 00 .T.G.R.O .U.P... got smb length of 92 got message type 0x0 of len 0x5c Transaction 3 of length 96 (0 toread) size=92 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 92 (0x5C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=49 [0000] 00 5C 00 5C 00 31 00 30 00 2E 00 32 00 32 00 35 .\.\.1.0 ...2.2.5 [0010] 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C 00 54 ...5...2 .3.2.\.T [0020] 00 45 00 53 00 54 00 24 00 00 00 3F 3F 3F 3F 3F .E.S.T.$ ...????? [0030] 00 . switch message SMBtconX (pid 12841) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [TEST$] making a connection to 'normal' service test$ user_ok_token: share test$ is ok for unix user Administrator push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Finding user Administrator Trying _Get_Pwnam(), username as lowercase is administrator Trying _Get_Pwnam(), username as given is Administrator Get_Pwnam_internals did find user [Administrator]! set_conn_connectpath: service test$, connectpath = /testshare Connect path is '/testshare' for service [test$] se_map_generic(): mapped mask 0x10000000 to 0x001f01ff Initialising default vfs hooks vfs_find_backend_entry called for /[Default VFS]/ Successfully added vfs backend '/[Default VFS]/' vfs_find_backend_entry called for posixacl Successfully added vfs backend 'posixacl' Initialising custom vfs hooks from [/[Default VFS]/] vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ Checking operation #103 (type 103, layer 0) Making operation type 103 opaque [module /[Default VFS]/] Accepting operation type 103 from module /[Default VFS]/ Checking operation #104 (type 104, layer 0) Making operation type 104 opaque [module /[Default VFS]/] Accepting operation type 104 from module /[Default VFS]/ Checking operation #105 (type 105, layer 0) Making operation type 105 opaque [module /[Default VFS]/] Accepting operation type 105 from module /[Default VFS]/ Checking operation #106 (type 106, layer 0) Making operation type 106 opaque [module /[Default VFS]/] Accepting operation type 106 from module /[Default VFS]/ Checking operation #107 (type 107, layer 0) Making operation type 107 opaque [module /[Default VFS]/] Accepting operation type 107 from module /[Default VFS]/ Checking operation #108 (type 108, layer 0) Making operation type 108 opaque [module /[Default VFS]/] Accepting operation type 108 from module /[Default VFS]/ Checking operation #109 (type 109, layer 0) Making operation type 109 opaque [module /[Default VFS]/] Accepting operation type 109 from module /[Default VFS]/ Checking operation #110 (type 110, layer 0) Making operation type 110 opaque [module /[Default VFS]/] Accepting operation type 110 from module /[Default VFS]/ claiming [test$] Locking key 29320000010000007465 Allocated locked data 0x0x7fb624085f10 Unlocking key 29320000010000007465 user_ok_token: share test$ is ok for unix user Administrator is_share_read_only_for_user: share test$ is read-write for unix user Administrator se_map_generic(): mapped mask 0x10000000 to 0x001f01ff se_map_generic(): mapped mask 0x10000000 to 0x001f01ff push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) czc7487t0x (10.225.5.207) connect to service test$ initially as user Administrator (uid=123, gid=123) (pid 12841) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) tconX service=TEST$ got smb length of 70 got message type 0x0 of len 0x46 Transaction 4 of length 74 (0 toread) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=256 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [0000] 00 00 00 05 01 ..... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) vfs_ChDir to /testshare call_trans2qfsinfo: level = 261 t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=256 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T [0010] 00 46 00 53 00 .F.S. SMBtrans2 info_level = 261 got smb length of 76 got message type 0x0 of len 0x4c Transaction 5 of length 80 (0 toread) size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=320 smt_wct=15 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 8 (0x8) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=11 [0000] 00 00 00 EC 03 00 00 00 00 00 00 ........ ... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "" conversion finished "" -> . fetch_share_mode_unlocked: no share_mode record around (file not open) call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 dos_mode: . dos_mode_from_sbuf returning d dos_mode returning d call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION SMB_QFBI - create: Tue Feb 23 08:59:59 2010 access: Tue Feb 23 09:06:29 2010 write: Tue Feb 23 08:59:59 2010 change: Tue Feb 23 08:59:59 2010 mode: 10 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=320 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [0000] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 80 B0 52 ......i. 1^.....R [0010] 1A 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD ._....i. 1^....i. [0020] 31 5E B4 CA 01 10 00 00 00 00 00 00 00 1^...... ..... got smb length of 70 got message type 0x0 of len 0x46 Transaction 6 of length 74 (0 toread) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=384 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [0000] 00 00 00 05 01 ..... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 261 t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=384 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T [0010] 00 46 00 53 00 .F.S. SMBtrans2 info_level = 261 got smb length of 206 got message type 0x0 of len 0xce Transaction 7 of length 210 (0 toread) size=206 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=448 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 206 (0xCE) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=147 [0000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [0020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... [0030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 05 00 93 08 00 00 00 0F 00 57 00 69 00 6E ........ ...W.i.n [0050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [0060] 00 30 00 20 00 32 00 31 00 39 00 35 00 00 00 57 .0. .2.1 .9.5...W [0070] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 [0080] 00 30 00 30 00 30 00 20 00 35 00 2E 00 30 00 00 .0.0.0. .5...0.. [0090] 00 00 00 ... switch message SMBsesssetupX (pid 12841) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] register_initial_vuid: allocated vuid = 101 check_spnego_blob_complete: needed_len = 74, pblob->length = 74 parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 reply_spnego_negotiate: Got secblob of size 40 Making default auth method list for security=server load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init load_auth_module: Attempting to find an auth method to match smbserver load_auth_module: auth method smbserver has a valid init Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 auth_get_challenge: module guest did not want to specify a challenge auth_get_challenge: module sam did not want to specify a challenge auth_get_challenge: getting challenge from module smbserver Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found sitename_fetch: No stored sitename for internal_resolve_name: looking up *#20 (sitename (null)) Returning valid cache entry: key = NBT/*#20, value = 10.225.3.7:0,10.225.3.6:0,10.225.3.35:0,10.225.3.21:0,10.225.3.193:0,10.225.3.15:0, timeout = Tue Feb 23 09:16:57 2010 name *#20 found. s3_event: Added timed event "tevent_req_timedout": 0x7fb624086680 s3_event: Added timed event "tevent_req_timedout": 0x7fb6240095f0 Running timed event "tevent_req_timedout" 0x7fb624086680 s3_event: Destroying timer event 0x7fb624086680 "tevent_req_timedout" s3_event: Added timed event "tevent_req_timedout": 0x7fb62407e6a0 Connecting to 10.225.3.7 at port 445 s3_event: Added timed event "tevent_req_timedout": 0x7fb6240807a0 connect returned Connection refused s3_event: Destroying timer event 0x7fb6240807a0 "tevent_req_timedout" s3_event: Destroying timer event 0x7fb62407e6a0 "tevent_req_timedout" Running timed event "tevent_req_timedout" 0x7fb6240095f0 s3_event: Destroying timer event 0x7fb6240095f0 "tevent_req_timedout" s3_event: Added timed event "tevent_req_timedout": 0x7fb624077f00 Connecting to 10.225.3.7 at port 139 s3_event: Added timed event "tevent_req_timedout": 0x7fb624081100 connect returned Connection refused s3_event: Destroying timer event 0x7fb624081100 "tevent_req_timedout" s3_event: Destroying timer event 0x7fb624077f00 "tevent_req_timedout" Error connecting to 10.225.3.7 (Connection refused) server_cryptkey: failed to connect to server *. Error NT_STATUS_CONNECTION_REFUSED password server not available auth_get_challenge: getting challenge from authentication method smbserver FAILED. auth_context challenge created by random challenge is: [0000] 8E B2 B4 F5 84 B1 12 39 .......9 size=318 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=448 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 221 (0xDD) smb_bcc=275 [0000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [0010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .......N [0020] 54 4C 4D 53 53 50 00 02 00 00 00 0C 00 0C 00 30 TLMSSP.. .......0 [0030] 00 00 00 15 82 8A E2 8E B2 B4 F5 84 B1 12 39 00 ........ ......9. [0040] 00 00 00 00 00 00 00 82 00 82 00 3C 00 00 00 54 ........ ...<...T [0050] 00 45 00 53 00 54 00 50 00 43 00 02 00 0C 00 54 .E.S.T.P .C.....T [0060] 00 45 00 53 00 54 00 50 00 43 00 01 00 0C 00 54 .E.S.T.P .C.....T [0070] 00 45 00 53 00 54 00 50 00 43 00 04 00 1E 00 63 .E.S.T.P .C.....c [0080] 00 6C 00 69 00 65 00 6E 00 74 00 73 00 2E 00 61 .l.i.e.n .t.s...a [0090] 00 68 00 75 00 73 00 2E 00 6E 00 6F 00 03 00 38 .h.u.s.. .n.o...8 [00A0] 00 65 00 72 00 73 00 6F 00 2D 00 64 00 65 00 73 .e.r.s.o .-.d.e.s [00B0] 00 6B 00 74 00 6F 00 70 00 2E 00 63 00 6C 00 69 .k.t.o.p ...c.l.i [00C0] 00 65 00 6E 00 74 00 73 00 2E 00 61 00 68 00 75 .e.n.t.s ...a.h.u [00D0] 00 73 00 2E 00 6E 00 6F 00 00 00 00 00 55 00 6E .s...n.o .....U.n [00E0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [00F0] 00 20 00 33 00 2E 00 34 00 2E 00 35 00 00 00 54 . .3...4 ...5...T [0100] 00 45 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 .E.S.T.G .R.O.U.P [0110] 00 00 00 ... got smb length of 248 got message type 0x0 of len 0xf8 Transaction 8 of length 252 (0 toread) size=248 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=512 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 248 (0xF8) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 117 (0x75) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=189 [0000] A1 73 30 71 A2 6F 04 6D 4E 54 4C 4D 53 53 50 00 .s0q.o.m NTLMSSP. [0010] 03 00 00 00 01 00 01 00 5C 00 00 00 00 00 00 00 ........ \....... [0020] 5D 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 ]....... H....... [0030] 48 00 00 00 14 00 14 00 48 00 00 00 10 00 10 00 H....... H....... [0040] 5D 00 00 00 15 8A 88 E2 05 00 93 08 00 00 00 0F ]....... ........ [0050] 43 00 5A 00 43 00 37 00 34 00 38 00 37 00 54 00 C.Z.C.7. 4.8.7.T. [0060] 30 00 58 00 00 41 1F 26 B7 0D 72 9A 0C A8 3C 32 0.X..A.& ..r...<2 [0070] 1C 05 3E 9F DE 57 00 69 00 6E 00 64 00 6F 00 77 ..>..W.i .n.d.o.w [0080] 00 73 00 20 00 32 00 30 00 30 00 30 00 20 00 32 .s. .2.0 .0.0. .2 [0090] 00 31 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 .1.9.5.. .W.i.n.d [00A0] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [00B0] 00 20 00 35 00 2E 00 30 00 00 00 00 00 . .5...0 ..... switch message SMBsesssetupX (pid 12841) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] check_spnego_blob_complete: needed_len = 117, pblob->length = 117 Got user=[] domain=[] workstation=[CZC7487T0X] len1=1 len2=0 lp_file_list_changed() file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 Mapping user []\[] from workstation [CZC7487T0X] Mapped domain from [] to [TESTPC] for user [] from workstation [CZC7487T0X] attempting to make a user_info for () making strings for 's user_info struct making blobs for 's user_info struct made an encrypted user_info for () check_ntlm_password: Checking password for unmapped user []\[]@[CZC7487T0X] with the new password interface check_ntlm_password: mapped user is: [TESTPC]\[]@[CZC7487T0X] check_ntlm_password: auth_context challenge created by random challenge is: [0000] 8E B2 B4 F5 84 B1 12 39 .......9 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username nobody, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name nobody, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\nobody, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\nobody\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 from rid 501 check_ntlm_password: guest authentication for user [] succeeded check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded attempting to free (and zero) a user_info structure structure was created for Create local NT token for S-1-5-21-783145419-1966905550-2589541370-501 Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found winbind failed to find a gid for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Failed to fetch domain sid for TESTGROUP pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found winbind failed to find a gid for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Failed to fetch domain sid for TESTGROUP pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_privileges: No privileges assigned to SID [S-1-5-21-783145419-1966905550-2589541370-501] get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-32-546] Cache entry with key = IDMAP/SID2GID/S-1-1-0 couldn't be found winbind failed to find a gid for sid S-1-1-0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-1-0 Could not convert SID S-1-1-0 to gid, ignoring it Cache entry with key = IDMAP/SID2GID/S-1-5-2 couldn't be found winbind failed to find a gid for sid S-1-5-2 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-2 Could not convert SID S-1-5-2 to gid, ignoring it Cache entry with key = IDMAP/SID2GID/S-1-5-32-546 couldn't be found winbind failed to find a gid for sid S-1-5-32-546 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-546 Could not convert SID S-1-5-32-546 to gid, ignoring it NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 5 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups Got NT session key of length 16 Got LM session key of length 16 ntlmssp_server_auth: Using unmodified nt session key. NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 register_existing_vuid: (65534,65533) nobody TESTPC guest=1 register_existing_vuid: User name: nobody Real name: nobody register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 101 lp_file_list_changed() file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 size=106 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=512 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=63 [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 34 00 2E 00 35 00 00 00 54 00 45 00 53 ...4...5 ...T.E.S [0030] 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 00 .T.G.R.O .U.P... got smb length of 90 got message type 0x0 of len 0x5a Transaction 9 of length 94 (0 toread) size=90 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=576 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 90 (0x5A) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=47 [0000] 00 5C 00 5C 00 31 00 30 00 2E 00 32 00 32 00 35 .\.\.1.0 ...2.2.5 [0010] 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C 00 49 ...5...2 .3.2.\.I [0020] 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .P.C.$.. .?????. switch message SMBtconX (pid 12841) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [IPC$] making a connection to 'normal' service ipc$ push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username nobody, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name nobody, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\nobody, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\nobody\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 from rid 501 Finding user nobody Trying _Get_Pwnam(), username as lowercase is nobody Get_Pwnam_internals did find user [nobody]! set_conn_connectpath: service IPC$, connectpath = /tmp Connect path is '/tmp' for service [IPC$] se_map_generic(): mapped mask 0x10000000 to 0x001f01ff Initialising default vfs hooks Initialising custom vfs hooks from [/[Default VFS]/] vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ Checking operation #103 (type 103, layer 0) Making operation type 103 opaque [module /[Default VFS]/] Accepting operation type 103 from module /[Default VFS]/ Checking operation #104 (type 104, layer 0) Making operation type 104 opaque [module /[Default VFS]/] Accepting operation type 104 from module /[Default VFS]/ Checking operation #105 (type 105, layer 0) Making operation type 105 opaque [module /[Default VFS]/] Accepting operation type 105 from module /[Default VFS]/ Checking operation #106 (type 106, layer 0) Making operation type 106 opaque [module /[Default VFS]/] Accepting operation type 106 from module /[Default VFS]/ Checking operation #107 (type 107, layer 0) Making operation type 107 opaque [module /[Default VFS]/] Accepting operation type 107 from module /[Default VFS]/ Checking operation #108 (type 108, layer 0) Making operation type 108 opaque [module /[Default VFS]/] Accepting operation type 108 from module /[Default VFS]/ Checking operation #109 (type 109, layer 0) Making operation type 109 opaque [module /[Default VFS]/] Accepting operation type 109 from module /[Default VFS]/ Checking operation #110 (type 110, layer 0) Making operation type 110 opaque [module /[Default VFS]/] Accepting operation type 110 from module /[Default VFS]/ claiming [IPC$] Locking key 29320000020000004950 Allocated locked data 0x0x7fb624085bd0 Unlocking key 29320000020000004950 user_ok_token: share IPC$ is ok for unix user nobody is_share_read_only_for_user: share IPC$ is read-only for unix user nobody se_map_generic(): mapped mask 0x10000000 to 0x001f01ff push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username nobody, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name nobody, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\nobody, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\nobody\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 from rid 501 setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 5 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups change_to_user uid=(0,65534) gid=(0,65533) czc7487t0x (10.225.5.207) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 12841) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) tconX service=IPC$ got smb length of 110 got message type 0x0 of len 0x6e Transaction 10 of length 114 (0 toread) size=110 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=101 smb_mid=640 smt_wct=15 smb_vwv[ 0]= 42 (0x2A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 42 (0x2A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=45 [0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 [0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ [0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... switch message SMBtrans2 (pid 12841) conn 0x7fb6240867f0 setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 5 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups change_to_user uid=(0,65534) gid=(0,65533) vfs_ChDir to /tmp call_trans2getdfsreferral parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s parse_dfs_path: hostname: 10.225.5.232 parse_dfs_path: servicename: test$ get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND size=35 smb_com=0x32 smb_rcls=37 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=101 smb_mid=640 smt_wct=0 smb_bcc=0 got smb length of 39 got message type 0x0 of len 0x27 Transaction 11 of length 43 (0 toread) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=704 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 switch message SMBulogoffX (pid 12841) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) ulogoffX vuid=101 got smb length of 35 got message type 0x0 of len 0x23 Transaction 12 of length 39 (0 toread) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=768 smt_wct=0 smb_bcc=0 switch message SMBtdis (pid 12841) conn 0x7fb6240867f0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) czc7487t0x (10.225.5.207) closed connection to service IPC$ Yielding connection to IPC$ Locking key 29320000020000004950 Allocated locked data 0x0x7fb62407daa0 Unlocking key 29320000020000004950 vfs_ChDir to / setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=768 smt_wct=0 smb_bcc=0 got smb length of 90 got message type 0x0 of len 0x5a Transaction 13 of length 94 (0 toread) size=90 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=832 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 90 (0x5A) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=47 [0000] 00 5C 00 5C 00 31 00 30 00 2E 00 32 00 32 00 35 .\.\.1.0 ...2.2.5 [0010] 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C 00 49 ...5...2 .3.2.\.I [0020] 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .P.C.$.. .?????. switch message SMBtconX (pid 12841) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [IPC$] making a connection to 'normal' service ipc$ user_ok_token: share IPC$ is ok for unix user Administrator push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Finding user Administrator Trying _Get_Pwnam(), username as lowercase is administrator Trying _Get_Pwnam(), username as given is Administrator Get_Pwnam_internals did find user [Administrator]! set_conn_connectpath: service IPC$, connectpath = /tmp Connect path is '/tmp' for service [IPC$] se_map_generic(): mapped mask 0x10000000 to 0x001f01ff Initialising default vfs hooks Initialising custom vfs hooks from [/[Default VFS]/] vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ Checking operation #103 (type 103, layer 0) Making operation type 103 opaque [module /[Default VFS]/] Accepting operation type 103 from module /[Default VFS]/ Checking operation #104 (type 104, layer 0) Making operation type 104 opaque [module /[Default VFS]/] Accepting operation type 104 from module /[Default VFS]/ Checking operation #105 (type 105, layer 0) Making operation type 105 opaque [module /[Default VFS]/] Accepting operation type 105 from module /[Default VFS]/ Checking operation #106 (type 106, layer 0) Making operation type 106 opaque [module /[Default VFS]/] Accepting operation type 106 from module /[Default VFS]/ Checking operation #107 (type 107, layer 0) Making operation type 107 opaque [module /[Default VFS]/] Accepting operation type 107 from module /[Default VFS]/ Checking operation #108 (type 108, layer 0) Making operation type 108 opaque [module /[Default VFS]/] Accepting operation type 108 from module /[Default VFS]/ Checking operation #109 (type 109, layer 0) Making operation type 109 opaque [module /[Default VFS]/] Accepting operation type 109 from module /[Default VFS]/ Checking operation #110 (type 110, layer 0) Making operation type 110 opaque [module /[Default VFS]/] Accepting operation type 110 from module /[Default VFS]/ claiming [IPC$] Locking key 29320000020000004950 Allocated locked data 0x0x7fb624085c10 Unlocking key 29320000020000004950 user_ok_token: share IPC$ is ok for unix user Administrator is_share_read_only_for_user: share IPC$ is read-only for unix user Administrator se_map_generic(): mapped mask 0x10000000 to 0x001f01ff push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) czc7487t0x (10.225.5.207) connect to service IPC$ initially as user Administrator (uid=123, gid=123) (pid 12841) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) tconX service=IPC$ got smb length of 100 got message type 0x0 of len 0x64 Transaction 14 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=896 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) vfs_ChDir to /tmp reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc nt_open_pipe: Opening pipe \srvsvc. allocated file structure 16009, fnum = 20105 (1 used) Create pipe requested \srvsvc init_pipe_handles: created handle list for pipe \srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 Finding user Administrator Trying _Get_Pwnam(), username as lowercase is administrator Trying _Get_Pwnam(), username as given is Administrator Get_Pwnam_internals did find user [Administrator]! push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \srvsvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \srvsvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 15 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=960 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20105 (0x4E89) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e89) api_fd_reply: p:0x7fb6240754f0 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc api_pipe_bind_req: make response. 1628 check_bind_req for \srvsvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon checking netdfs checking srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\srvsvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b70 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b70 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406a280 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406a280 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=960 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 184 got message type 0x0 of len 0xb8 Transaction 16 of length 188 (0 toread) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=1024 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20105 (0x4E89) smb_bcc=117 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [0020] 00 4C 00 00 00 00 00 10 00 4C DF 7A 10 0F 00 00 .L...... .L.z.... [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ [0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. [0070] 00 01 00 00 00 ..... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=100 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e89) api_fd_reply: p:0x7fb6240754f0 max_trans_reply: 1024 np_write_send: len: 100 write_to_pipe: data_left = 100 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000004c 0004 context_id: 0000 0006 opnum : 0010 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\srvsvc api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO api_rpc_cmds[16].fn == 0x7fb623901588 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo in: struct srvsvc_NetShareGetInfo server_unc : * server_unc : '\\10.225.5.232' share_name : 'test$' level : 0x00000001 (1) _srvsvc_NetShareGetInfo: 1374 _srvsvc_NetShareGetInfo: 1439 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo out: struct srvsvc_NetShareGetInfo info : * info : union srvsvc_NetShareInfo(case 1) info1 : * info1: struct srvsvc_NetShareInfo1 name : * name : 'test$' type : STYPE_DISKTREE (0x0) comment : * comment : 'testshare' result : WERR_OK api_rpcTNP: called \srvsvc successfully free_pipe_context: destroying talloc pool of size 44 write_to_pipe: data_used = 84 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084bb0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084bb0 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0068 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000050 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406a280 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406a280 copy_trans_params_and_data: params[0..0] data[0..104] (align 0) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=1024 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... [0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ [0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ [0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t [0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ [0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r [0060] 00 65 00 00 00 00 00 00 00 .e...... . got smb length of 41 got message type 0x0 of len 0x29 Transaction 17 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=1088 smt_wct=3 smb_vwv[ 0]=20105 (0x4E89) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20105 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \srvsvc freed files structure 20105 (0 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=1088 smt_wct=0 smb_bcc=0 got smb length of 206 got message type 0x0 of len 0xce Transaction 18 of length 210 (0 toread) size=206 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=1152 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 206 (0xCE) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=147 [0000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [0020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... [0030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 05 00 93 08 00 00 00 0F 00 57 00 69 00 6E ........ ...W.i.n [0050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [0060] 00 30 00 20 00 32 00 31 00 39 00 35 00 00 00 57 .0. .2.1 .9.5...W [0070] 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 .i.n.d.o .w.s. .2 [0080] 00 30 00 30 00 30 00 20 00 35 00 2E 00 30 00 00 .0.0.0. .5...0.. [0090] 00 00 00 ... switch message SMBsesssetupX (pid 12841) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] register_initial_vuid: allocated vuid = 102 check_spnego_blob_complete: needed_len = 74, pblob->length = 74 parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 reply_spnego_negotiate: Got secblob of size 40 Making default auth method list for security=server load_auth_module: Attempting to find an auth method to match guest load_auth_module: auth method guest has a valid init load_auth_module: Attempting to find an auth method to match sam load_auth_module: auth method sam has a valid init load_auth_module: Attempting to find an auth method to match smbserver load_auth_module: auth method smbserver has a valid init Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 auth_get_challenge: module guest did not want to specify a challenge auth_get_challenge: module sam did not want to specify a challenge auth_get_challenge: getting challenge from module smbserver Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found sitename_fetch: No stored sitename for internal_resolve_name: looking up *#20 (sitename (null)) Returning valid cache entry: key = NBT/*#20, value = 10.225.3.7:0,10.225.3.6:0,10.225.3.35:0,10.225.3.21:0,10.225.3.193:0,10.225.3.15:0, timeout = Tue Feb 23 09:16:57 2010 name *#20 found. s3_event: Added timed event "tevent_req_timedout": 0x7fb624086680 s3_event: Added timed event "tevent_req_timedout": 0x7fb62406a850 Running timed event "tevent_req_timedout" 0x7fb624086680 s3_event: Destroying timer event 0x7fb624086680 "tevent_req_timedout" s3_event: Added timed event "tevent_req_timedout": 0x7fb624069ce0 Connecting to 10.225.3.7 at port 445 s3_event: Added timed event "tevent_req_timedout": 0x7fb62407b970 connect returned Connection refused s3_event: Destroying timer event 0x7fb62407b970 "tevent_req_timedout" s3_event: Destroying timer event 0x7fb624069ce0 "tevent_req_timedout" Running timed event "tevent_req_timedout" 0x7fb62406a850 s3_event: Destroying timer event 0x7fb62406a850 "tevent_req_timedout" s3_event: Added timed event "tevent_req_timedout": 0x7fb62407bc10 Connecting to 10.225.3.7 at port 139 s3_event: Added timed event "tevent_req_timedout": 0x7fb624081100 connect returned Connection refused s3_event: Destroying timer event 0x7fb624081100 "tevent_req_timedout" s3_event: Destroying timer event 0x7fb62407bc10 "tevent_req_timedout" Error connecting to 10.225.3.7 (Connection refused) server_cryptkey: failed to connect to server *. Error NT_STATUS_CONNECTION_REFUSED password server not available auth_get_challenge: getting challenge from authentication method smbserver FAILED. auth_context challenge created by random challenge is: [0000] D4 90 79 B9 C0 C7 3C E0 ..y...<. size=318 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=1152 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 221 (0xDD) smb_bcc=275 [0000] A1 81 DA 30 81 D7 A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [0010] 06 01 04 01 82 37 02 02 0A A2 81 C1 04 81 BE 4E .....7.. .......N [0020] 54 4C 4D 53 53 50 00 02 00 00 00 0C 00 0C 00 30 TLMSSP.. .......0 [0030] 00 00 00 15 82 8A E2 D4 90 79 B9 C0 C7 3C E0 00 ........ .y...<.. [0040] 00 00 00 00 00 00 00 82 00 82 00 3C 00 00 00 54 ........ ...<...T [0050] 00 45 00 53 00 54 00 50 00 43 00 02 00 0C 00 54 .E.S.T.P .C.....T [0060] 00 45 00 53 00 54 00 50 00 43 00 01 00 0C 00 54 .E.S.T.P .C.....T [0070] 00 45 00 53 00 54 00 50 00 43 00 04 00 1E 00 63 .E.S.T.P .C.....c [0080] 00 6C 00 69 00 65 00 6E 00 74 00 73 00 2E 00 61 .l.i.e.n .t.s...a [0090] 00 68 00 75 00 73 00 2E 00 6E 00 6F 00 03 00 38 .h.u.s.. .n.o...8 [00A0] 00 65 00 72 00 73 00 6F 00 2D 00 64 00 65 00 73 .e.r.s.o .-.d.e.s [00B0] 00 6B 00 74 00 6F 00 70 00 2E 00 63 00 6C 00 69 .k.t.o.p ...c.l.i [00C0] 00 65 00 6E 00 74 00 73 00 2E 00 61 00 68 00 75 .e.n.t.s ...a.h.u [00D0] 00 73 00 2E 00 6E 00 6F 00 00 00 00 00 55 00 6E .s...n.o .....U.n [00E0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a [00F0] 00 20 00 33 00 2E 00 34 00 2E 00 35 00 00 00 54 . .3...4 ...5...T [0100] 00 45 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 .E.S.T.G .R.O.U.P [0110] 00 00 00 ... got smb length of 248 got message type 0x0 of len 0xf8 Transaction 19 of length 252 (0 toread) size=248 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=1216 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 248 (0xF8) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 117 (0x75) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=32768 (0x8000) smb_bcc=189 [0000] A1 73 30 71 A2 6F 04 6D 4E 54 4C 4D 53 53 50 00 .s0q.o.m NTLMSSP. [0010] 03 00 00 00 01 00 01 00 5C 00 00 00 00 00 00 00 ........ \....... [0020] 5D 00 00 00 00 00 00 00 48 00 00 00 00 00 00 00 ]....... H....... [0030] 48 00 00 00 14 00 14 00 48 00 00 00 10 00 10 00 H....... H....... [0040] 5D 00 00 00 15 8A 88 E2 05 00 93 08 00 00 00 0F ]....... ........ [0050] 43 00 5A 00 43 00 37 00 34 00 38 00 37 00 54 00 C.Z.C.7. 4.8.7.T. [0060] 30 00 58 00 00 8A 8A 93 90 34 CE 0A 5B CC DF 36 0.X..... .4..[..6 [0070] 9B A6 78 9D 23 57 00 69 00 6E 00 64 00 6F 00 77 ..x.#W.i .n.d.o.w [0080] 00 73 00 20 00 32 00 30 00 30 00 30 00 20 00 32 .s. .2.0 .0.0. .2 [0090] 00 31 00 39 00 35 00 00 00 57 00 69 00 6E 00 64 .1.9.5.. .W.i.n.d [00A0] 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 00 30 .o.w.s. .2.0.0.0 [00B0] 00 20 00 35 00 2E 00 30 00 00 00 00 00 . .5...0 ..... switch message SMBsesssetupX (pid 12841) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) wct=12 flg2=0xc807 Doing spnego session setup NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] check_spnego_blob_complete: needed_len = 117, pblob->length = 117 Got user=[] domain=[] workstation=[CZC7487T0X] len1=1 len2=0 lp_file_list_changed() file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 Mapping user []\[] from workstation [CZC7487T0X] Mapped domain from [] to [TESTPC] for user [] from workstation [CZC7487T0X] attempting to make a user_info for () making strings for 's user_info struct making blobs for 's user_info struct made an encrypted user_info for () check_ntlm_password: Checking password for unmapped user []\[]@[CZC7487T0X] with the new password interface check_ntlm_password: mapped user is: [TESTPC]\[]@[CZC7487T0X] check_ntlm_password: auth_context challenge created by random challenge is: [0000] D4 90 79 B9 C0 C7 3C E0 ..y...<. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username nobody, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name nobody, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\nobody, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\nobody\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 from rid 501 check_ntlm_password: guest authentication for user [] succeeded check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded attempting to free (and zero) a user_info structure structure was created for Create local NT token for S-1-5-21-783145419-1966905550-2589541370-501 Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found winbind failed to find a gid for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-544 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Failed to fetch domain sid for TESTGROUP pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found winbind failed to find a gid for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-545 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Failed to fetch domain sid for TESTGROUP pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_privileges: No privileges assigned to SID [S-1-5-21-783145419-1966905550-2589541370-501] get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-32-546] Cache entry with key = IDMAP/SID2GID/S-1-1-0 couldn't be found winbind failed to find a gid for sid S-1-1-0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-1-0 Could not convert SID S-1-1-0 to gid, ignoring it Cache entry with key = IDMAP/SID2GID/S-1-5-2 couldn't be found winbind failed to find a gid for sid S-1-5-2 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-2 Could not convert SID S-1-5-2 to gid, ignoring it Cache entry with key = IDMAP/SID2GID/S-1-5-32-546 couldn't be found winbind failed to find a gid for sid S-1-5-32-546 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 LEGACY: mapping failed for sid S-1-5-32-546 Could not convert SID S-1-5-32-546 to gid, ignoring it NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 5 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups Got NT session key of length 16 Got LM session key of length 16 ntlmssp_server_auth: Using unmodified nt session key. NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 register_existing_vuid: (65534,65533) nobody TESTPC guest=1 register_existing_vuid: User name: nobody Real name: nobody register_existing_vuid: UNIX uid 65534 is UNIX user nobody, and will be vuid 102 lp_file_list_changed() file ../lib/smb.conf -> ../lib/smb.conf last mod_time: Tue Feb 23 09:05:04 2010 size=106 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=1216 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=63 [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 34 00 2E 00 35 00 00 00 54 00 45 00 53 ...4...5 ...T.E.S [0030] 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 00 .T.G.R.O .U.P... got smb length of 90 got message type 0x0 of len 0x5a Transaction 20 of length 94 (0 toread) size=90 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=102 smb_mid=1280 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 90 (0x5A) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=47 [0000] 00 5C 00 5C 00 31 00 30 00 2E 00 32 00 32 00 35 .\.\.1.0 ...2.2.5 [0010] 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C 00 49 ...5...2 .3.2.\.I [0020] 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F 00 .P.C.$.. .?????. switch message SMBtconX (pid 12841) conn 0x0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) Client requested device type [?????] for share [IPC$] making a connection to 'normal' service ipc$ push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username nobody, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name nobody, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\nobody, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\nobody\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 from rid 501 Finding user nobody Trying _Get_Pwnam(), username as lowercase is nobody Get_Pwnam_internals did find user [nobody]! set_conn_connectpath: service IPC$, connectpath = /tmp Connect path is '/tmp' for service [IPC$] se_map_generic(): mapped mask 0x10000000 to 0x001f01ff Initialising default vfs hooks Initialising custom vfs hooks from [/[Default VFS]/] vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ Checking operation #103 (type 103, layer 0) Making operation type 103 opaque [module /[Default VFS]/] Accepting operation type 103 from module /[Default VFS]/ Checking operation #104 (type 104, layer 0) Making operation type 104 opaque [module /[Default VFS]/] Accepting operation type 104 from module /[Default VFS]/ Checking operation #105 (type 105, layer 0) Making operation type 105 opaque [module /[Default VFS]/] Accepting operation type 105 from module /[Default VFS]/ Checking operation #106 (type 106, layer 0) Making operation type 106 opaque [module /[Default VFS]/] Accepting operation type 106 from module /[Default VFS]/ Checking operation #107 (type 107, layer 0) Making operation type 107 opaque [module /[Default VFS]/] Accepting operation type 107 from module /[Default VFS]/ Checking operation #108 (type 108, layer 0) Making operation type 108 opaque [module /[Default VFS]/] Accepting operation type 108 from module /[Default VFS]/ Checking operation #109 (type 109, layer 0) Making operation type 109 opaque [module /[Default VFS]/] Accepting operation type 109 from module /[Default VFS]/ Checking operation #110 (type 110, layer 0) Making operation type 110 opaque [module /[Default VFS]/] Accepting operation type 110 from module /[Default VFS]/ claiming [IPC$] Locking key 29320000030000004950 Allocated locked data 0x0x7fb624085c30 Unlocking key 29320000030000004950 user_ok_token: share IPC$ is ok for unix user nobody is_share_read_only_for_user: share IPC$ is read-only for unix user nobody se_map_generic(): mapped mask 0x10000000 to 0x001f01ff push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username nobody, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name nobody, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\nobody, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\nobody\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-501 from rid 501 setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 5 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups change_to_user uid=(0,65534) gid=(0,65533) czc7487t0x (10.225.5.207) connect to service IPC$ initially as user nobody (uid=65534, gid=65533) (pid 12841) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups change_to_root_user: now uid=(0,0) gid=(0,0) tconX service=IPC$ got smb length of 110 got message type 0x0 of len 0x6e Transaction 21 of length 114 (0 toread) size=110 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=1344 smt_wct=15 smb_vwv[ 0]= 42 (0x2A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 42 (0x2A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=45 [0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 [0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ [0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 5 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups change_to_user uid=(0,65534) gid=(0,65533) call_trans2getdfsreferral parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s parse_dfs_path: hostname: 10.225.5.232 parse_dfs_path: servicename: test$ get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND size=35 smb_com=0x32 smb_rcls=37 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=1344 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 22 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=1408 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc nt_open_pipe: Opening pipe \srvsvc. allocated file structure 16010, fnum = 20106 (1 used) Create pipe requested \srvsvc init_pipe_handles: created handle list for pipe \srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \srvsvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \srvsvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 23 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=1472 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20106 (0x4E8A) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e8a) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc api_pipe_bind_req: make response. 1628 check_bind_req for \srvsvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon checking netdfs checking srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\srvsvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b70 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b70 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406acc0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406acc0 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=1472 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 184 got message type 0x0 of len 0xb8 Transaction 24 of length 188 (0 toread) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=1536 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20106 (0x4E8A) smb_bcc=117 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [0020] 00 4C 00 00 00 00 00 10 00 58 BC 7A 10 0F 00 00 .L...... .X.z.... [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ [0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. [0070] 00 01 00 00 00 ..... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=100 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e8a) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 100 write_to_pipe: data_left = 100 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000004c 0004 context_id: 0000 0006 opnum : 0010 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\srvsvc api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO api_rpc_cmds[16].fn == 0x7fb623901588 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo in: struct srvsvc_NetShareGetInfo server_unc : * server_unc : '\\10.225.5.232' share_name : 'test$' level : 0x00000001 (1) _srvsvc_NetShareGetInfo: 1374 _srvsvc_NetShareGetInfo: 1439 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo out: struct srvsvc_NetShareGetInfo info : * info : union srvsvc_NetShareInfo(case 1) info1 : * info1: struct srvsvc_NetShareInfo1 name : * name : 'test$' type : STYPE_DISKTREE (0x0) comment : * comment : 'testshare' result : WERR_OK api_rpcTNP: called \srvsvc successfully free_pipe_context: destroying talloc pool of size 44 write_to_pipe: data_used = 84 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084bb0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084bb0 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0068 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000050 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077890 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077890 copy_trans_params_and_data: params[0..0] data[0..104] (align 0) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=1536 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... [0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ [0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ [0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t [0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ [0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r [0060] 00 65 00 00 00 00 00 00 00 .e...... . got smb length of 41 got message type 0x0 of len 0x29 Transaction 25 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=1600 smt_wct=3 smb_vwv[ 0]=20106 (0x4E8A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20106 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \srvsvc freed files structure 20106 (0 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=1600 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 26 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=1664 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc nt_open_pipe: Opening pipe \wkssvc. allocated file structure 16011, fnum = 20107 (1 used) Create pipe requested \wkssvc init_pipe_handles: created handle list for pipe \wkssvc init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \wkssvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \wkssvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 27 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=1728 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20107 (0x4E8B) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4e8b) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 6bffd098 0014 data : a112 0016 data : 3610 0018 data : 98 33 001a data : 46 c3 f8 7e 34 5a 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc api_pipe_bind_req: make response. 1628 check_bind_req for \wkssvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\wkssvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b70 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b70 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406ada0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406ada0 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=1728 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 160 got message type 0x0 of len 0xa0 Transaction 28 of length 164 (0 toread) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=1792 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20107 (0x4E8B) smb_bcc=93 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... [0020] 00 34 00 00 00 00 00 00 00 A4 BE 7A 10 0F 00 00 .4...... ...z.... [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=76 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4e8b) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 76 write_to_pipe: data_left = 76 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000034 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\wkssvc api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO api_rpc_cmds[0].fn == 0x7fb6238d3580 wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo in: struct wkssvc_NetWkstaGetInfo server_name : * server_name : '\\10.225.5.232' level : 0x00000064 (100) wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo out: struct wkssvc_NetWkstaGetInfo info : * info : union wkssvc_NetWkstaInfo(case 100) info100 : * info100: struct wkssvc_NetWkstaInfo100 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'TESTPC' domain_name : * domain_name : 'TESTGROUP' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) result : WERR_OK api_rpcTNP: called \wkssvc successfully free_pipe_context: destroying talloc pool of size 49 write_to_pipe: data_used = 60 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b80 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0074 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000005c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406ada0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406ada0 copy_trans_params_and_data: params[0..0] data[0..116] (align 0) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=1792 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... [0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... [0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... [0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E [0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. [0070] 00 00 00 00 00 ..... got smb length of 41 got message type 0x0 of len 0x29 Transaction 29 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=1856 smt_wct=3 smb_vwv[ 0]=20107 (0x4E8B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20107 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \wkssvc freed files structure 20107 (0 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=1856 smt_wct=0 smb_bcc=0 got smb length of 110 got message type 0x0 of len 0x6e Transaction 30 of length 114 (0 toread) size=110 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=1920 smt_wct=15 smb_vwv[ 0]= 42 (0x2A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 42 (0x2A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=45 [0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 [0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ [0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 5 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups change_to_user uid=(0,65534) gid=(0,65533) call_trans2getdfsreferral parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s parse_dfs_path: hostname: 10.225.5.232 parse_dfs_path: servicename: test$ get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND size=35 smb_com=0x32 smb_rcls=37 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=1920 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 31 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=1984 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc nt_open_pipe: Opening pipe \srvsvc. allocated file structure 16012, fnum = 20108 (1 used) Create pipe requested \srvsvc init_pipe_handles: created handle list for pipe \srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \srvsvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \srvsvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 32 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2048 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20108 (0x4E8C) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e8c) api_fd_reply: p:0x7fb624081510 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc api_pipe_bind_req: make response. 1628 check_bind_req for \srvsvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon checking netdfs checking srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\srvsvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b70 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b70 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406acc0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406acc0 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2048 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 184 got message type 0x0 of len 0xb8 Transaction 33 of length 188 (0 toread) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2112 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20108 (0x4E8C) smb_bcc=117 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [0020] 00 4C 00 00 00 00 00 10 00 90 C3 7A 10 0F 00 00 .L...... ...z.... [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ [0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. [0070] 00 01 00 00 00 ..... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=100 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e8c) api_fd_reply: p:0x7fb624081510 max_trans_reply: 1024 np_write_send: len: 100 write_to_pipe: data_left = 100 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000004c 0004 context_id: 0000 0006 opnum : 0010 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\srvsvc api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO api_rpc_cmds[16].fn == 0x7fb623901588 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo in: struct srvsvc_NetShareGetInfo server_unc : * server_unc : '\\10.225.5.232' share_name : 'test$' level : 0x00000001 (1) _srvsvc_NetShareGetInfo: 1374 _srvsvc_NetShareGetInfo: 1439 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo out: struct srvsvc_NetShareGetInfo info : * info : union srvsvc_NetShareInfo(case 1) info1 : * info1: struct srvsvc_NetShareInfo1 name : * name : 'test$' type : STYPE_DISKTREE (0x0) comment : * comment : 'testshare' result : WERR_OK api_rpcTNP: called \srvsvc successfully free_pipe_context: destroying talloc pool of size 44 write_to_pipe: data_used = 84 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084bb0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084bb0 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0068 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000050 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077890 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077890 copy_trans_params_and_data: params[0..0] data[0..104] (align 0) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2112 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... [0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ [0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ [0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t [0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ [0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r [0060] 00 65 00 00 00 00 00 00 00 .e...... . got smb length of 41 got message type 0x0 of len 0x29 Transaction 34 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=2176 smt_wct=3 smb_vwv[ 0]=20108 (0x4E8C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20108 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \srvsvc freed files structure 20108 (0 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=2176 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 35 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2240 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc nt_open_pipe: Opening pipe \wkssvc. allocated file structure 16013, fnum = 20109 (1 used) Create pipe requested \wkssvc init_pipe_handles: created handle list for pipe \wkssvc init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \wkssvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \wkssvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 36 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2304 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20109 (0x4E8D) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4e8d) api_fd_reply: p:0x7fb624081510 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 6bffd098 0014 data : a112 0016 data : 3610 0018 data : 98 33 001a data : 46 c3 f8 7e 34 5a 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc api_pipe_bind_req: make response. 1628 check_bind_req for \wkssvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\wkssvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b70 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b70 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406ada0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406ada0 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2304 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 160 got message type 0x0 of len 0xa0 Transaction 37 of length 164 (0 toread) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2368 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20109 (0x4E8D) smb_bcc=93 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... [0020] 00 34 00 00 00 00 00 00 00 DC C5 7A 10 0F 00 00 .4...... ...z.... [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=76 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4e8d) api_fd_reply: p:0x7fb624081510 max_trans_reply: 1024 np_write_send: len: 76 write_to_pipe: data_left = 76 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000034 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\wkssvc api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO api_rpc_cmds[0].fn == 0x7fb6238d3580 wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo in: struct wkssvc_NetWkstaGetInfo server_name : * server_name : '\\10.225.5.232' level : 0x00000064 (100) wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo out: struct wkssvc_NetWkstaGetInfo info : * info : union wkssvc_NetWkstaInfo(case 100) info100 : * info100: struct wkssvc_NetWkstaInfo100 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'TESTPC' domain_name : * domain_name : 'TESTGROUP' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) result : WERR_OK api_rpcTNP: called \wkssvc successfully free_pipe_context: destroying talloc pool of size 49 write_to_pipe: data_used = 60 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b80 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0074 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000005c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406ada0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406ada0 copy_trans_params_and_data: params[0..0] data[0..116] (align 0) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2368 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... [0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... [0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... [0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E [0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. [0070] 00 00 00 00 00 ..... got smb length of 41 got message type 0x0 of len 0x29 Transaction 38 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=2432 smt_wct=3 smb_vwv[ 0]=20109 (0x4E8D) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20109 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \wkssvc freed files structure 20109 (0 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=2432 smt_wct=0 smb_bcc=0 got smb length of 70 got message type 0x0 of len 0x46 Transaction 39 of length 74 (0 toread) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=2496 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [0000] 00 00 00 05 01 ..... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) vfs_ChDir to /testshare call_trans2qfsinfo: level = 261 t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=2496 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T [0010] 00 46 00 53 00 .F.S. SMBtrans2 info_level = 261 got smb length of 110 got message type 0x0 of len 0x6e Transaction 40 of length 114 (0 toread) size=110 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=2560 smt_wct=15 smb_vwv[ 0]= 42 (0x2A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 42 (0x2A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=45 [0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 [0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ [0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 5 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups change_to_user uid=(0,65534) gid=(0,65533) vfs_ChDir to /tmp call_trans2getdfsreferral parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s parse_dfs_path: hostname: 10.225.5.232 parse_dfs_path: servicename: test$ get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND size=35 smb_com=0x32 smb_rcls=37 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=2560 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 41 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2624 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc nt_open_pipe: Opening pipe \srvsvc. allocated file structure 16014, fnum = 20110 (1 used) Create pipe requested \srvsvc init_pipe_handles: created handle list for pipe \srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \srvsvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \srvsvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 42 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2688 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20110 (0x4E8E) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e8e) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc api_pipe_bind_req: make response. 1628 check_bind_req for \srvsvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon checking netdfs checking srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\srvsvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b70 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b70 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406acc0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406acc0 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2688 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 184 got message type 0x0 of len 0xb8 Transaction 43 of length 188 (0 toread) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2752 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20110 (0x4E8E) smb_bcc=117 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [0020] 00 4C 00 00 00 00 00 10 00 E4 CE F5 00 0F 00 00 .L...... ........ [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ [0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. [0070] 00 01 00 00 00 ..... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=100 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e8e) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 100 write_to_pipe: data_left = 100 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000004c 0004 context_id: 0000 0006 opnum : 0010 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\srvsvc api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO api_rpc_cmds[16].fn == 0x7fb623901588 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo in: struct srvsvc_NetShareGetInfo server_unc : * server_unc : '\\10.225.5.232' share_name : 'test$' level : 0x00000001 (1) _srvsvc_NetShareGetInfo: 1374 _srvsvc_NetShareGetInfo: 1439 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo out: struct srvsvc_NetShareGetInfo info : * info : union srvsvc_NetShareInfo(case 1) info1 : * info1: struct srvsvc_NetShareInfo1 name : * name : 'test$' type : STYPE_DISKTREE (0x0) comment : * comment : 'testshare' result : WERR_OK api_rpcTNP: called \srvsvc successfully free_pipe_context: destroying talloc pool of size 44 write_to_pipe: data_used = 84 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084bb0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084bb0 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0068 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000050 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077890 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077890 copy_trans_params_and_data: params[0..0] data[0..104] (align 0) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2752 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... [0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ [0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ [0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t [0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ [0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r [0060] 00 65 00 00 00 00 00 00 00 .e...... . got smb length of 41 got message type 0x0 of len 0x29 Transaction 44 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=2816 smt_wct=3 smb_vwv[ 0]=20110 (0x4E8E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20110 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \srvsvc freed files structure 20110 (0 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=2816 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 45 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2880 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc nt_open_pipe: Opening pipe \wkssvc. allocated file structure 16015, fnum = 20111 (1 used) Create pipe requested \wkssvc init_pipe_handles: created handle list for pipe \wkssvc init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \wkssvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \wkssvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 46 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2944 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20111 (0x4E8F) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4e8f) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 6bffd098 0014 data : a112 0016 data : 3610 0018 data : 98 33 001a data : 46 c3 f8 7e 34 5a 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc api_pipe_bind_req: make response. 1628 check_bind_req for \wkssvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\wkssvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b70 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b70 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406ada0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406ada0 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=2944 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 160 got message type 0x0 of len 0xa0 Transaction 47 of length 164 (0 toread) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=3008 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20111 (0x4E8F) smb_bcc=93 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... [0020] 00 34 00 00 00 00 00 00 00 30 D1 F5 00 0F 00 00 .4...... .0...... [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=76 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4e8f) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 76 write_to_pipe: data_left = 76 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000034 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\wkssvc api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO api_rpc_cmds[0].fn == 0x7fb6238d3580 wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo in: struct wkssvc_NetWkstaGetInfo server_name : * server_name : '\\10.225.5.232' level : 0x00000064 (100) wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo out: struct wkssvc_NetWkstaGetInfo info : * info : union wkssvc_NetWkstaInfo(case 100) info100 : * info100: struct wkssvc_NetWkstaInfo100 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'TESTPC' domain_name : * domain_name : 'TESTGROUP' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) result : WERR_OK api_rpcTNP: called \wkssvc successfully free_pipe_context: destroying talloc pool of size 49 write_to_pipe: data_used = 60 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624084b80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624084b80 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0074 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000005c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62406ada0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62406ada0 copy_trans_params_and_data: params[0..0] data[0..116] (align 0) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=3008 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... [0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... [0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... [0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E [0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. [0070] 00 00 00 00 00 ..... got smb length of 41 got message type 0x0 of len 0x29 Transaction 48 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=3072 smt_wct=3 smb_vwv[ 0]=20111 (0x4E8F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20111 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \wkssvc freed files structure 20111 (0 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=3072 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 49 of length 104 (0 toread) size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=3136 smt_wct=15 smb_vwv[ 0]= 32 (0x20) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 32 (0x20) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=35 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 64 00 65 00 73 ........ .\.d.e.s [0010] 00 6B 00 74 00 6F 00 70 00 2E 00 69 00 6E 00 69 .k.t.o.p ...i.n.i [0020] 00 00 00 ... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) vfs_ChDir to /testshare call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "desktop.ini" stat_cache_lookup: lookup failed for name [DESKTOP.INI] unix_convert begin: name = desktop.ini, dirpath = , start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=3136 smt_wct=0 smb_bcc=0 got smb length of 86 got message type 0x0 of len 0x56 Transaction 50 of length 90 (0 toread) size=86 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=3200 smt_wct=15 smb_vwv[ 0]= 18 (0x12) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 18 (0x12) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=21 [0000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 2A 00 00 00 .*... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 unix_convert called on file "*" stat_cache_lookup: lookup failed for name [*] unix_convert begin: name = *, dirpath = , start = * is_mangled * ? is_mangled_component * (len 1) ? is_mangled * ? is_mangled_component * (len 1) ? New file * dir=./, mask = * dptr_create dir=./ creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = *, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x7fb624011f90 now at offset 0 dos_mode: ./. dos_mode_from_sbuf returning d dos_mode returning d fetch_share_mode_unlocked: no share_mode record around (file not open) get_lanman2_dir_entry: found ./. fname=. get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO get_lanman2_dir_entry:readdir on dirptr 0x7fb624011f90 now at offset 2147483648 dos_mode: ./.. dos_mode_from_sbuf returning d dos_mode returning d fetch_share_mode_unlocked: no share_mode record around (file not open) get_lanman2_dir_entry: found ./.. fname=.. get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO get_lanman2_dir_entry:readdir on dirptr 0x7fb624011f90 now at offset 1385932211 dos_mode: ./test2 dos_mode_from_sbuf returning rd dos_mode returning rd fetch_share_mode_unlocked: no share_mode record around (file not open) get_lanman2_dir_entry: found ./test2 fname=test2 get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO get_lanman2_dir_entry:readdir on dirptr 0x7fb624011f90 now at offset -1 call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 300, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 300, paramsize = 10, datasize = 300 size=368 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=3200 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 300 (0x12C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 300 (0x12C) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=313 [0000] 00 FD FF 03 00 01 00 00 00 C4 00 00 00 60 00 00 ........ .....`.. [0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 90 6A ......i. 1^.....j [0020] 2A 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD *_....i. 1^....i. [0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ [0040] 00 00 00 00 00 10 00 00 00 02 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 2E 00 64 00 00 ........ .....d.. [0070] 00 00 00 00 00 80 56 CD 45 52 B1 CA 01 80 B9 86 ......V. ER...... [0080] DD 5E B4 CA 01 80 56 CD 45 52 B1 CA 01 80 56 CD .^....V. ER....V. [0090] 45 52 B1 CA 01 00 00 00 00 00 00 00 00 00 00 00 ER...... ........ [00A0] 00 00 00 00 00 10 00 00 00 04 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 2E 00 2E 00 00 ........ ........ [00D0] 00 68 00 00 00 00 00 00 00 80 69 DD 31 5E B4 CA .h...... ..i.1^.. [00E0] 01 80 69 DD 31 5E B4 CA 01 80 69 DD 31 5E B4 CA ..i.1^.. ..i.1^.. [00F0] 01 80 69 DD 31 5E B4 CA 01 00 00 00 00 00 00 00 ..i.1^.. ........ [0100] 00 00 00 00 00 00 00 00 00 11 00 00 00 0A 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 ........ .......t [0130] 00 65 00 73 00 74 00 32 00 .e.s.t.2 . SMBtrans2 mask=* directory=./ dirtype=22 numentries=3 hash2_name_to_8_3: * -> 0A877AA5 -> _2X68P~X (cache=1) got smb length of 112 got message type 0x0 of len 0x70 Transaction 51 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=3264 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup failed for name [TEST2] unix_convert begin: name = test2/desktop.ini, dirpath = , start = test2/desktop.ini is_mangled test2/desktop.ini ? is_mangled_component test2/desktop.ini (len 5) ? is_mangled_component desktop.ini (len 11) ? stat_cache_add: Added entry (7fb624084b90:size 5) TEST2 -> test2 is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=3264 smt_wct=0 smb_bcc=0 got smb length of 112 got message type 0x0 of len 0x70 Transaction 52 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=3328 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=3328 smt_wct=0 smb_bcc=0 got smb length of 86 got message type 0x0 of len 0x56 Transaction 53 of length 90 (0 toread) size=86 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=3392 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 256 (0x100) smb_vwv[ 8]= 4096 (0x1000) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 256 (0x100) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=3 [0000] 00 00 00 ... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x10, access_mask = 0x100001 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x1 root_dir_fid = 0x0, fname = create_file: access_mask = 0x100001 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x1 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = unix_convert called on file "" conversion finished "" -> . create_file_unixpath: access_mask = 0x100001 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x1 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = . open_directory: opening directory ., access_mask = 0x100001, share_access = 0x7 create_options = 0x1, create_disposition = 0x1, file_attributes = 0x0 posix_get_nt_acl: called for file . canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms rwx map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff check_open_rights: file . requesting 0x100001 returning 0x100001 (NT_STATUS_OK) allocated file structure 16016, fnum = 20112 (1 used) Locking key 020800000000000001C0 Allocated locked data 0x0x7fb624085730 unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x1, access_mask = 0x100081, mid = 0x0, type= 0x0, gen_id = 8, uid = 123, flags = 0, file_id 802:45c001:0 Unlocking key 020800000000000001C0 create_file_unixpath: info=1 create_file: info=1 dos_mode: . dos_mode_from_sbuf returning d dos_mode returning d reply_ntcreate_and_X: fnum = 20112, open name = . got smb length of 84 got message type 0x0 of len 0x54 Transaction 54 of length 88 (0 toread) size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=3456 smt_wct=23 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 8192 (0x2000) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 4 (0x4) smb_vwv[19]= 23 (0x17) smb_vwv[20]= 0 (0x0) smb_vwv[21]=20112 (0x4E90) smb_vwv[22]= 0 (0x0) smb_bcc=3 [0000] 00 00 00 ... switch message SMBnttrans (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user num_setup=8, param_total=0, this_param=0, max_param=32, data_total=0, this_data=0, max_data=0, param_offset=84, data_offset=0 reply_nttrans: state->setup_count = 8 [0000] 17 00 00 00 90 4E 00 00 .....N.. call_nt_transact_notify_change call_nt_transact_notify_change: notify change called on ., filter = FILE_NAME|DIR_NAME|ATTRIBUTES|LAST_WRITE, recursive = 0 Locking key 6E6F7469667920617272 Allocated locked data 0x0x7fb624077f00 notify_load: notify->array: struct notify_array num_depths : 0x00000000 (0) depth: ARRAY(0) inotify_add_watch for /testshare mask 210003c6 returned wd 1 Unlocking key 6E6F7469667920617272 change_notify_add_request: Adding request for .: max_param = 32 got smb length of 84 got message type 0x0 of len 0x54 Transaction 55 of length 88 (0 toread) size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=3521 smt_wct=23 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 8192 (0x2000) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 4 (0x4) smb_vwv[19]= 3 (0x3) smb_vwv[20]= 0 (0x0) smb_vwv[21]=20112 (0x4E90) smb_vwv[22]= 1 (0x1) smb_bcc=3 [0000] 00 00 00 ... switch message SMBnttrans (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user num_setup=8, param_total=0, this_param=0, max_param=32, data_total=0, this_data=0, max_data=0, param_offset=84, data_offset=0 reply_nttrans: state->setup_count = 8 [0000] 03 00 00 00 90 4E 01 00 .....N.. call_nt_transact_notify_change call_nt_transact_notify_change: notify change called on ., filter = FILE_NAME|DIR_NAME, recursive = 1 change_notify_add_request: Adding request for .: max_param = 32 got smb length of 110 got message type 0x0 of len 0x6e Transaction 56 of length 114 (0 toread) size=110 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=3586 smt_wct=15 smb_vwv[ 0]= 42 (0x2A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 42 (0x2A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=45 [0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 [0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ [0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 5 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups change_to_user uid=(0,65534) gid=(0,65533) vfs_ChDir to /tmp call_trans2getdfsreferral parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s parse_dfs_path: hostname: 10.225.5.232 parse_dfs_path: servicename: test$ get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND size=35 smb_com=0x32 smb_rcls=37 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=3586 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 57 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=3650 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc nt_open_pipe: Opening pipe \srvsvc. allocated file structure 16017, fnum = 20113 (2 used) Create pipe requested \srvsvc init_pipe_handles: created handle list for pipe \srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \srvsvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \srvsvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 58 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=3714 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20113 (0x4E91) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e91) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc api_pipe_bind_req: make response. 1628 check_bind_req for \srvsvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon checking netdfs checking srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\srvsvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=3714 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 184 got message type 0x0 of len 0xb8 Transaction 59 of length 188 (0 toread) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=3778 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20113 (0x4E91) smb_bcc=117 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [0020] 00 4C 00 00 00 00 00 10 00 D4 88 86 10 0F 00 00 .L...... ........ [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ [0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. [0070] 00 01 00 00 00 ..... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=100 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e91) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 100 write_to_pipe: data_left = 100 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000004c 0004 context_id: 0000 0006 opnum : 0010 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\srvsvc api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO api_rpc_cmds[16].fn == 0x7fb623901588 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo in: struct srvsvc_NetShareGetInfo server_unc : * server_unc : '\\10.225.5.232' share_name : 'test$' level : 0x00000001 (1) _srvsvc_NetShareGetInfo: 1374 _srvsvc_NetShareGetInfo: 1439 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo out: struct srvsvc_NetShareGetInfo info : * info : union srvsvc_NetShareInfo(case 1) info1 : * info1: struct srvsvc_NetShareInfo1 name : * name : 'test$' type : STYPE_DISKTREE (0x0) comment : * comment : 'testshare' result : WERR_OK api_rpcTNP: called \srvsvc successfully free_pipe_context: destroying talloc pool of size 44 write_to_pipe: data_used = 84 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af10 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af10 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0068 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000050 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..104] (align 0) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=3778 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... [0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ [0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ [0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t [0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ [0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r [0060] 00 65 00 00 00 00 00 00 00 .e...... . got smb length of 41 got message type 0x0 of len 0x29 Transaction 60 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=3842 smt_wct=3 smb_vwv[ 0]=20113 (0x4E91) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20113 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \srvsvc freed files structure 20113 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=3842 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 61 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=3906 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc nt_open_pipe: Opening pipe \wkssvc. allocated file structure 16018, fnum = 20114 (2 used) Create pipe requested \wkssvc init_pipe_handles: created handle list for pipe \wkssvc init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \wkssvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \wkssvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 62 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=3970 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20114 (0x4E92) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4e92) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 6bffd098 0014 data : a112 0016 data : 3610 0018 data : 98 33 001a data : 46 c3 f8 7e 34 5a 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc api_pipe_bind_req: make response. 1628 check_bind_req for \wkssvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\wkssvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624075a00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624075a00 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=3970 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 160 got message type 0x0 of len 0xa0 Transaction 63 of length 164 (0 toread) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=4034 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20114 (0x4E92) smb_bcc=93 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... [0020] 00 34 00 00 00 00 00 00 00 20 8B 86 10 0F 00 00 .4...... . ...... [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=76 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4e92) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 76 write_to_pipe: data_left = 76 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000034 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\wkssvc api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO api_rpc_cmds[0].fn == 0x7fb6238d3580 wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo in: struct wkssvc_NetWkstaGetInfo server_name : * server_name : '\\10.225.5.232' level : 0x00000064 (100) wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo out: struct wkssvc_NetWkstaGetInfo info : * info : union wkssvc_NetWkstaInfo(case 100) info100 : * info100: struct wkssvc_NetWkstaInfo100 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'TESTPC' domain_name : * domain_name : 'TESTGROUP' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) result : WERR_OK api_rpcTNP: called \wkssvc successfully free_pipe_context: destroying talloc pool of size 49 write_to_pipe: data_used = 60 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0074 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000005c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb6240758b0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb6240758b0 copy_trans_params_and_data: params[0..0] data[0..116] (align 0) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=4034 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... [0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... [0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... [0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E [0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. [0070] 00 00 00 00 00 ..... got smb length of 41 got message type 0x0 of len 0x29 Transaction 64 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=4098 smt_wct=3 smb_vwv[ 0]=20114 (0x4E92) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20114 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \wkssvc freed files structure 20114 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=4098 smt_wct=0 smb_bcc=0 got smb length of 70 got message type 0x0 of len 0x46 Transaction 65 of length 74 (0 toread) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4162 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [0000] 00 00 00 EF 03 ..... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) vfs_ChDir to /testshare call_trans2qfsinfo: level = 1007 sys_get_quota() uid(0, 123) sys_get_linux_gen_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] sys_get_linux_v2_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] sys_get_linux_v1_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] sys_get_vfs_quota() failed for mntpath[/] bdev[/dev/sda2] qtype[2] id[123]: Invalid argument sys_get_quota() uid(0, 123) sys_get_linux_gen_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] sys_get_linux_v2_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] sys_get_linux_v1_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] sys_get_vfs_quota() failed for mntpath[/] bdev[/dev/sda2] qtype[4] id[123]: Invalid argument call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=151763264, cUnitAvail=112242476 t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 size=88 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4162 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [0000] 00 40 B9 0B 09 00 00 00 00 2C AF B0 06 00 00 00 .@...... .,...... [0010] 00 2C AF B0 06 00 00 00 00 02 00 00 00 00 02 00 .,...... ........ [0020] 00 . SMBtrans2 info_level = 1007 got smb length of 112 got message type 0x0 of len 0x70 Transaction 66 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4226 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4226 smt_wct=0 smb_bcc=0 got smb length of 70 got message type 0x0 of len 0x46 Transaction 67 of length 74 (0 toread) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4290 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [0000] 00 00 00 EF 03 ..... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 1007 sys_get_quota() uid(0, 123) sys_get_linux_gen_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] sys_get_linux_v2_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] sys_get_linux_v1_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] sys_get_vfs_quota() failed for mntpath[/] bdev[/dev/sda2] qtype[2] id[123]: Invalid argument sys_get_quota() uid(0, 123) sys_get_linux_gen_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] sys_get_linux_v2_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] sys_get_linux_v1_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] sys_get_vfs_quota() failed for mntpath[/] bdev[/dev/sda2] qtype[4] id[123]: Invalid argument call_trans2qfsinfo : SMB_QUERY_FS_FULL_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=151763264, cUnitAvail=112242472 t2_rep: params_sent_thistime = 0, data_sent_thistime = 32, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 32, paramsize = 0, datasize = 32 size=88 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4290 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [0000] 00 40 B9 0B 09 00 00 00 00 28 AF B0 06 00 00 00 .@...... .(...... [0010] 00 28 AF B0 06 00 00 00 00 02 00 00 00 00 02 00 .(...... ........ [0020] 00 . SMBtrans2 info_level = 1007 got smb length of 94 got message type 0x0 of len 0x5e Transaction 68 of length 98 (0 toread) size=94 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4354 smt_wct=15 smb_vwv[ 0]= 26 (0x1A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 26 (0x1A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=29 [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] dir=./, mask = test2 dptr_create dir=./ creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = test2, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x7fb624011b40 now at offset -1 dos_mode: ./test2 dos_mode_from_sbuf returning rd dos_mode returning rd fetch_share_mode_unlocked: no share_mode record around (file not open) get_lanman2_dir_entry: found ./test2 fname=test2 get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4354 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. [0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 90 6A ......i. 1^.....j [0020] 2A 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD *_....i. 1^....i. [0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ [0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s [0070] 00 74 00 32 00 .t.2. SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 got smb length of 122 got message type 0x0 of len 0x7a Transaction 69 of length 126 (0 toread) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4418 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=39 [0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 5C 00 44 .\.t.e.s .t.2.\.D [0010] 00 65 00 73 00 6B 00 74 00 6F 00 70 00 2E 00 69 .e.s.k.t .o.p...i [0020] 00 6E 00 69 00 00 00 .n.i... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = test2/Desktop.ini create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2/Desktop.ini unix_convert called on file "test2/Desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/Desktop.ini, dirpath = test2, start = Desktop.ini is_mangled Desktop.ini ? is_mangled_component Desktop.ini (len 11) ? is_mangled Desktop.ini ? is_mangled_component Desktop.ini (len 11) ? is_mangled Desktop.ini ? is_mangled_component Desktop.ini (len 11) ? New file Desktop.ini create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2/Desktop.ini allocated file structure 16019, fnum = 20115 (2 used) unix_mode(test2/Desktop.ini) returning 0744 open_file_ntcreate: fname=test2/Desktop.ini, dos_attrs=0x0 access_mask=0x20089 share_access=0x7 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 open_file_ntcreate: FILE_OPEN requested for file test2/Desktop.ini and file doesn't exist. freed files structure 20115 (1 used) create_file_unixpath: NT_STATUS_OBJECT_NAME_NOT_FOUND create_file: NT_STATUS_OBJECT_NAME_NOT_FOUND error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0xa2 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4418 smt_wct=0 smb_bcc=0 got smb length of 88 got message type 0x0 of len 0x58 Transaction 70 of length 92 (0 toread) size=88 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4482 smt_wct=15 smb_vwv[ 0]= 20 (0x14) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 20 (0x14) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=23 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 00 00 .t.2... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] fetch_share_mode_unlocked: no share_mode record around (file not open) call_trans2qfilepathinfo test2 (fnum = -1) level=1004 call=5 total_data=0 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION SMB_QFBI - create: Tue Feb 23 08:59:59 2010 access: Tue Feb 23 09:06:57 2010 write: Tue Feb 23 08:59:59 2010 change: Tue Feb 23 08:59:59 2010 mode: 11 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4482 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [0000] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 80 26 03 ......i. 1^....&. [0010] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0020] 31 5E B4 CA 01 11 00 00 00 00 00 00 00 1^...... ..... got smb length of 98 got message type 0x0 of len 0x62 Transaction 71 of length 102 (0 toread) size=98 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4546 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=15 [0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = test2 create_file: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] create_file_unixpath: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2 allocated file structure 16020, fnum = 20116 (2 used) unix_mode(test2) returning 0744 open_file_ntcreate: fname=test2, dos_attrs=0x80 access_mask=0x20089 share_access=0x7 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd open_file_ntcreate: fname=test2, after mapping access_mask=0x20089 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408afa0 delay_for_oplocks: oplock type 0x3 on file delay_for_oplocks: oplock type 0x3 on file calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 fd_open: name test2, flags = 00 mode = 0744, fd = 28. get_windows_lock_count for file = 0 delete_windows_lock_ref_count for file Unlocking key 0208000000000000D748 freed files structure 20116 (1 used) open_directory: opening directory test2, access_mask = 0x20089, share_access = 0x7 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x80 posix_get_nt_acl: called for file test2 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 check_open_rights: file test2 requesting 0x20089 returning 0x20009 (NT_STATUS_OK) allocated file structure 16021, fnum = 20117 (2 used) Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408bfd0 unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x0, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 13, uid = 123, flags = 0, file_id 802:4648d7:0 Unlocking key 0208000000000000D748 create_file_unixpath: info=1 create_file: info=1 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd reply_ntcreate_and_X: fnum = 20117, open name = test2 got smb length of 72 got message type 0x0 of len 0x48 Transaction 72 of length 76 (0 toread) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4610 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 2046 (0x7FE) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [0000] 00 00 00 95 4E FE 03 ....N.. switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x0, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 13, uid = 123, flags = 0, file_id 802:4648d7:0 call_trans2qfilepathinfo test2 (fnum = 20117) level=1022 call=7 total_data=0 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd call_trans2qfilepathinfo: SMB_FILE_STREAM_INFORMATION t2_rep: params_sent_thistime = 2, data_sent_thistime = 0, useable_space = 131012 t2_rep: params_to_send = 2, data_to_send = 0, paramsize = 2, datasize = 0 size=58 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4610 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=3 [0000] 00 00 00 ... got smb length of 72 got message type 0x0 of len 0x48 Transaction 73 of length 76 (0 toread) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4674 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [0000] 00 00 00 95 4E EC 03 ....N.. switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x0, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 13, uid = 123, flags = 0, file_id 802:4648d7:0 call_trans2qfilepathinfo test2 (fnum = 20117) level=1004 call=7 total_data=0 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION SMB_QFBI - create: Tue Feb 23 08:59:59 2010 access: Tue Feb 23 09:06:57 2010 write: Tue Feb 23 08:59:59 2010 change: Tue Feb 23 08:59:59 2010 mode: 11 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=4674 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [0000] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 80 26 03 ......i. 1^....&. [0010] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0020] 31 5E B4 CA 01 11 00 00 00 00 00 00 00 1^...... ..... got smb length of 41 got message type 0x0 of len 0x29 Transaction 74 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=4738 smt_wct=3 smb_vwv[ 0]=20117 (0x4E95) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user close directory fnum=20117 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408ad60 parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x0, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 13, uid = 123, flags = 0, file_id 802:4648d7:0 Unlocking key 0208000000000000D748 freed files structure 20117 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=4738 smt_wct=0 smb_bcc=0 got smb length of 110 got message type 0x0 of len 0x6e Transaction 75 of length 114 (0 toread) size=110 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=4802 smt_wct=15 smb_vwv[ 0]= 42 (0x2A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 42 (0x2A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=45 [0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 [0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ [0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 5 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups change_to_user uid=(0,65534) gid=(0,65533) vfs_ChDir to /tmp call_trans2getdfsreferral parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s parse_dfs_path: hostname: 10.225.5.232 parse_dfs_path: servicename: test$ get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND size=35 smb_com=0x32 smb_rcls=37 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=4802 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 76 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=4866 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc nt_open_pipe: Opening pipe \srvsvc. allocated file structure 16022, fnum = 20118 (2 used) Create pipe requested \srvsvc init_pipe_handles: created handle list for pipe \srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \srvsvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \srvsvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 77 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=4930 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20118 (0x4E96) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e96) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc api_pipe_bind_req: make response. 1628 check_bind_req for \srvsvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon checking netdfs checking srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\srvsvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=4930 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 184 got message type 0x0 of len 0xb8 Transaction 78 of length 188 (0 toread) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=4994 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20118 (0x4E96) smb_bcc=117 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [0020] 00 4C 00 00 00 00 00 10 00 AC B9 86 10 0F 00 00 .L...... ........ [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ [0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. [0070] 00 01 00 00 00 ..... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=100 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e96) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 100 write_to_pipe: data_left = 100 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000004c 0004 context_id: 0000 0006 opnum : 0010 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\srvsvc api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO api_rpc_cmds[16].fn == 0x7fb623901588 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo in: struct srvsvc_NetShareGetInfo server_unc : * server_unc : '\\10.225.5.232' share_name : 'test$' level : 0x00000001 (1) _srvsvc_NetShareGetInfo: 1374 _srvsvc_NetShareGetInfo: 1439 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo out: struct srvsvc_NetShareGetInfo info : * info : union srvsvc_NetShareInfo(case 1) info1 : * info1: struct srvsvc_NetShareInfo1 name : * name : 'test$' type : STYPE_DISKTREE (0x0) comment : * comment : 'testshare' result : WERR_OK api_rpcTNP: called \srvsvc successfully free_pipe_context: destroying talloc pool of size 44 write_to_pipe: data_used = 84 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af10 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af10 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0068 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000050 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..104] (align 0) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=4994 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... [0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ [0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ [0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t [0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ [0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r [0060] 00 65 00 00 00 00 00 00 00 .e...... . got smb length of 41 got message type 0x0 of len 0x29 Transaction 79 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=5058 smt_wct=3 smb_vwv[ 0]=20118 (0x4E96) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20118 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \srvsvc freed files structure 20118 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=5058 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 80 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=5122 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc nt_open_pipe: Opening pipe \wkssvc. allocated file structure 16023, fnum = 20119 (2 used) Create pipe requested \wkssvc init_pipe_handles: created handle list for pipe \wkssvc init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \wkssvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \wkssvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 81 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=5186 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20119 (0x4E97) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4e97) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 6bffd098 0014 data : a112 0016 data : 3610 0018 data : 98 33 001a data : 46 c3 f8 7e 34 5a 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc api_pipe_bind_req: make response. 1628 check_bind_req for \wkssvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\wkssvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624075a00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624075a00 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=5186 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 160 got message type 0x0 of len 0xa0 Transaction 82 of length 164 (0 toread) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=5250 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20119 (0x4E97) smb_bcc=93 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... [0020] 00 34 00 00 00 00 00 00 00 F8 BB 86 10 0F 00 00 .4...... ........ [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=76 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4e97) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 76 write_to_pipe: data_left = 76 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000034 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\wkssvc api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO api_rpc_cmds[0].fn == 0x7fb6238d3580 wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo in: struct wkssvc_NetWkstaGetInfo server_name : * server_name : '\\10.225.5.232' level : 0x00000064 (100) wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo out: struct wkssvc_NetWkstaGetInfo info : * info : union wkssvc_NetWkstaInfo(case 100) info100 : * info100: struct wkssvc_NetWkstaInfo100 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'TESTPC' domain_name : * domain_name : 'TESTGROUP' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) result : WERR_OK api_rpcTNP: called \wkssvc successfully free_pipe_context: destroying talloc pool of size 49 write_to_pipe: data_used = 60 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0074 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000005c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb6240758b0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb6240758b0 copy_trans_params_and_data: params[0..0] data[0..116] (align 0) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=5250 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... [0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... [0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... [0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E [0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. [0070] 00 00 00 00 00 ..... got smb length of 41 got message type 0x0 of len 0x29 Transaction 83 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=5314 smt_wct=3 smb_vwv[ 0]=20119 (0x4E97) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20119 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \wkssvc freed files structure 20119 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=5314 smt_wct=0 smb_bcc=0 got smb length of 94 got message type 0x0 of len 0x5e Transaction 84 of length 98 (0 toread) size=94 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=5378 smt_wct=15 smb_vwv[ 0]= 26 (0x1A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 26 (0x1A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=29 [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) vfs_ChDir to /testshare call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] dir=./, mask = test2 dptr_create dir=./ creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = test2, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x7fb624053a50 now at offset -1 dos_mode: ./test2 dos_mode_from_sbuf returning rd dos_mode returning rd fetch_share_mode_unlocked: no share_mode record around (file not open) get_lanman2_dir_entry: found ./test2 fname=test2 get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=5378 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. [0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 80 26 03 ......i. 1^....&. [0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ [0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s [0070] 00 74 00 32 00 .t.2. SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 got smb length of 112 got message type 0x0 of len 0x70 Transaction 85 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=5442 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=5442 smt_wct=0 smb_bcc=0 got smb length of 112 got message type 0x0 of len 0x70 Transaction 86 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=5506 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=5506 smt_wct=0 smb_bcc=0 got smb length of 112 got message type 0x0 of len 0x70 Transaction 87 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=5570 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=5570 smt_wct=0 smb_bcc=0 got smb length of 70 got message type 0x0 of len 0x46 Transaction 88 of length 74 (0 toread) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=5634 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [0000] 00 00 00 05 01 ..... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 261 t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=5634 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T [0010] 00 46 00 53 00 .F.S. SMBtrans2 info_level = 261 got smb length of 122 got message type 0x0 of len 0x7a Transaction 89 of length 126 (0 toread) size=122 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=5698 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9216 (0x2400) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=39 [0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 5C 00 44 .\.t.e.s .t.2.\.D [0010] 00 65 00 73 00 6B 00 74 00 6F 00 70 00 2E 00 69 .e.s.k.t .o.p...i [0020] 00 6E 00 69 00 00 00 .n.i... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = test2/Desktop.ini create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2/Desktop.ini unix_convert called on file "test2/Desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/Desktop.ini, dirpath = test2, start = Desktop.ini is_mangled Desktop.ini ? is_mangled_component Desktop.ini (len 11) ? is_mangled Desktop.ini ? is_mangled_component Desktop.ini (len 11) ? is_mangled Desktop.ini ? is_mangled_component Desktop.ini (len 11) ? New file Desktop.ini create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2/Desktop.ini allocated file structure 16024, fnum = 20120 (2 used) unix_mode(test2/Desktop.ini) returning 0744 open_file_ntcreate: fname=test2/Desktop.ini, dos_attrs=0x0 access_mask=0x20089 share_access=0x7 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 open_file_ntcreate: FILE_OPEN requested for file test2/Desktop.ini and file doesn't exist. freed files structure 20120 (1 used) create_file_unixpath: NT_STATUS_OBJECT_NAME_NOT_FOUND create_file: NT_STATUS_OBJECT_NAME_NOT_FOUND error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0xa2 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=5698 smt_wct=0 smb_bcc=0 got smb length of 110 got message type 0x0 of len 0x6e Transaction 90 of length 114 (0 toread) size=110 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=5762 smt_wct=15 smb_vwv[ 0]= 42 (0x2A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 42 (0x2A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=45 [0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 [0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ [0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 5 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups change_to_user uid=(0,65534) gid=(0,65533) vfs_ChDir to /tmp call_trans2getdfsreferral parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s parse_dfs_path: hostname: 10.225.5.232 parse_dfs_path: servicename: test$ get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND size=35 smb_com=0x32 smb_rcls=37 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=5762 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 91 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=5826 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc nt_open_pipe: Opening pipe \srvsvc. allocated file structure 16025, fnum = 20121 (2 used) Create pipe requested \srvsvc init_pipe_handles: created handle list for pipe \srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \srvsvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \srvsvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 92 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=5890 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20121 (0x4E99) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e99) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc api_pipe_bind_req: make response. 1628 check_bind_req for \srvsvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon checking netdfs checking srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\srvsvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=5890 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 184 got message type 0x0 of len 0xb8 Transaction 93 of length 188 (0 toread) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=5954 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20121 (0x4E99) smb_bcc=117 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [0020] 00 4C 00 00 00 00 00 10 00 70 AC 86 10 0F 00 00 .L...... .p...... [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ [0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. [0070] 00 01 00 00 00 ..... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=100 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e99) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 100 write_to_pipe: data_left = 100 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000004c 0004 context_id: 0000 0006 opnum : 0010 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\srvsvc api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO api_rpc_cmds[16].fn == 0x7fb623901588 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo in: struct srvsvc_NetShareGetInfo server_unc : * server_unc : '\\10.225.5.232' share_name : 'test$' level : 0x00000001 (1) _srvsvc_NetShareGetInfo: 1374 _srvsvc_NetShareGetInfo: 1439 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo out: struct srvsvc_NetShareGetInfo info : * info : union srvsvc_NetShareInfo(case 1) info1 : * info1: struct srvsvc_NetShareInfo1 name : * name : 'test$' type : STYPE_DISKTREE (0x0) comment : * comment : 'testshare' result : WERR_OK api_rpcTNP: called \srvsvc successfully free_pipe_context: destroying talloc pool of size 44 write_to_pipe: data_used = 84 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af10 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af10 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0068 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000050 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..104] (align 0) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=5954 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... [0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ [0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ [0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t [0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ [0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r [0060] 00 65 00 00 00 00 00 00 00 .e...... . got smb length of 41 got message type 0x0 of len 0x29 Transaction 94 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=6018 smt_wct=3 smb_vwv[ 0]=20121 (0x4E99) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20121 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \srvsvc freed files structure 20121 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=6018 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 95 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6082 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc nt_open_pipe: Opening pipe \wkssvc. allocated file structure 16026, fnum = 20122 (2 used) Create pipe requested \wkssvc init_pipe_handles: created handle list for pipe \wkssvc init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \wkssvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \wkssvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 96 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6146 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20122 (0x4E9A) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4e9a) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 6bffd098 0014 data : a112 0016 data : 3610 0018 data : 98 33 001a data : 46 c3 f8 7e 34 5a 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc api_pipe_bind_req: make response. 1628 check_bind_req for \wkssvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\wkssvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624075a00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624075a00 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6146 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 160 got message type 0x0 of len 0xa0 Transaction 97 of length 164 (0 toread) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6210 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20122 (0x4E9A) smb_bcc=93 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... [0020] 00 34 00 00 00 00 00 00 00 BC AE 86 10 0F 00 00 .4...... ........ [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=76 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4e9a) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 76 write_to_pipe: data_left = 76 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000034 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\wkssvc api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO api_rpc_cmds[0].fn == 0x7fb6238d3580 wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo in: struct wkssvc_NetWkstaGetInfo server_name : * server_name : '\\10.225.5.232' level : 0x00000064 (100) wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo out: struct wkssvc_NetWkstaGetInfo info : * info : union wkssvc_NetWkstaInfo(case 100) info100 : * info100: struct wkssvc_NetWkstaInfo100 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'TESTPC' domain_name : * domain_name : 'TESTGROUP' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) result : WERR_OK api_rpcTNP: called \wkssvc successfully free_pipe_context: destroying talloc pool of size 49 write_to_pipe: data_used = 60 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0074 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000005c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb6240758b0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb6240758b0 copy_trans_params_and_data: params[0..0] data[0..116] (align 0) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6210 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... [0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... [0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... [0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E [0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. [0070] 00 00 00 00 00 ..... got smb length of 41 got message type 0x0 of len 0x29 Transaction 98 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=6274 smt_wct=3 smb_vwv[ 0]=20122 (0x4E9A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20122 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \wkssvc freed files structure 20122 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=6274 smt_wct=0 smb_bcc=0 got smb length of 94 got message type 0x0 of len 0x5e Transaction 99 of length 98 (0 toread) size=94 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=6338 smt_wct=15 smb_vwv[ 0]= 26 (0x1A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 26 (0x1A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=29 [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) vfs_ChDir to /testshare call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] dir=./, mask = test2 dptr_create dir=./ creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = test2, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x7fb624011f90 now at offset -1 dos_mode: ./test2 dos_mode_from_sbuf returning rd dos_mode returning rd fetch_share_mode_unlocked: no share_mode record around (file not open) get_lanman2_dir_entry: found ./test2 fname=test2 get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=6338 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. [0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... [0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ [0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s [0070] 00 74 00 32 00 .t.2. SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 got smb length of 112 got message type 0x0 of len 0x70 Transaction 100 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=6402 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=6402 smt_wct=0 smb_bcc=0 got smb length of 112 got message type 0x0 of len 0x70 Transaction 101 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=6466 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=6466 smt_wct=0 smb_bcc=0 got smb length of 110 got message type 0x0 of len 0x6e Transaction 102 of length 114 (0 toread) size=110 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=6530 smt_wct=15 smb_vwv[ 0]= 42 (0x2A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 42 (0x2A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=45 [0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 [0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ [0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 5 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups change_to_user uid=(0,65534) gid=(0,65533) vfs_ChDir to /tmp call_trans2getdfsreferral parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s parse_dfs_path: hostname: 10.225.5.232 parse_dfs_path: servicename: test$ get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND size=35 smb_com=0x32 smb_rcls=37 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=6530 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 103 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6594 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc nt_open_pipe: Opening pipe \srvsvc. allocated file structure 16027, fnum = 20123 (2 used) Create pipe requested \srvsvc init_pipe_handles: created handle list for pipe \srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \srvsvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \srvsvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 104 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6658 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20123 (0x4E9B) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e9b) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc api_pipe_bind_req: make response. 1628 check_bind_req for \srvsvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon checking netdfs checking srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\srvsvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6658 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 184 got message type 0x0 of len 0xb8 Transaction 105 of length 188 (0 toread) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6722 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20123 (0x4E9B) smb_bcc=117 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [0020] 00 4C 00 00 00 00 00 10 00 70 AC 86 10 0F 00 00 .L...... .p...... [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ [0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. [0070] 00 01 00 00 00 ..... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=100 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e9b) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 100 write_to_pipe: data_left = 100 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000004c 0004 context_id: 0000 0006 opnum : 0010 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\srvsvc api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO api_rpc_cmds[16].fn == 0x7fb623901588 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo in: struct srvsvc_NetShareGetInfo server_unc : * server_unc : '\\10.225.5.232' share_name : 'test$' level : 0x00000001 (1) _srvsvc_NetShareGetInfo: 1374 _srvsvc_NetShareGetInfo: 1439 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo out: struct srvsvc_NetShareGetInfo info : * info : union srvsvc_NetShareInfo(case 1) info1 : * info1: struct srvsvc_NetShareInfo1 name : * name : 'test$' type : STYPE_DISKTREE (0x0) comment : * comment : 'testshare' result : WERR_OK api_rpcTNP: called \srvsvc successfully free_pipe_context: destroying talloc pool of size 44 write_to_pipe: data_used = 84 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af10 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af10 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0068 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000050 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..104] (align 0) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6722 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... [0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ [0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ [0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t [0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ [0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r [0060] 00 65 00 00 00 00 00 00 00 .e...... . got smb length of 41 got message type 0x0 of len 0x29 Transaction 106 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=6786 smt_wct=3 smb_vwv[ 0]=20123 (0x4E9B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20123 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \srvsvc freed files structure 20123 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=6786 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 107 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6850 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc nt_open_pipe: Opening pipe \wkssvc. allocated file structure 16028, fnum = 20124 (2 used) Create pipe requested \wkssvc init_pipe_handles: created handle list for pipe \wkssvc init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \wkssvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \wkssvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 108 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6914 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20124 (0x4E9C) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4e9c) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 6bffd098 0014 data : a112 0016 data : 3610 0018 data : 98 33 001a data : 46 c3 f8 7e 34 5a 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc api_pipe_bind_req: make response. 1628 check_bind_req for \wkssvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\wkssvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624075a00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624075a00 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6914 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 160 got message type 0x0 of len 0xa0 Transaction 109 of length 164 (0 toread) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6978 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20124 (0x4E9C) smb_bcc=93 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... [0020] 00 34 00 00 00 00 00 00 00 BC AE 86 10 0F 00 00 .4...... ........ [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=76 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4e9c) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 76 write_to_pipe: data_left = 76 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000034 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\wkssvc api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO api_rpc_cmds[0].fn == 0x7fb6238d3580 wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo in: struct wkssvc_NetWkstaGetInfo server_name : * server_name : '\\10.225.5.232' level : 0x00000064 (100) wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo out: struct wkssvc_NetWkstaGetInfo info : * info : union wkssvc_NetWkstaInfo(case 100) info100 : * info100: struct wkssvc_NetWkstaInfo100 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'TESTPC' domain_name : * domain_name : 'TESTGROUP' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) result : WERR_OK api_rpcTNP: called \wkssvc successfully free_pipe_context: destroying talloc pool of size 49 write_to_pipe: data_used = 60 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0074 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000005c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb6240758b0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb6240758b0 copy_trans_params_and_data: params[0..0] data[0..116] (align 0) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=6978 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... [0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... [0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... [0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E [0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. [0070] 00 00 00 00 00 ..... got smb length of 41 got message type 0x0 of len 0x29 Transaction 110 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=7042 smt_wct=3 smb_vwv[ 0]=20124 (0x4E9C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20124 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \wkssvc freed files structure 20124 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=7042 smt_wct=0 smb_bcc=0 got smb length of 94 got message type 0x0 of len 0x5e Transaction 111 of length 98 (0 toread) size=94 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=7106 smt_wct=15 smb_vwv[ 0]= 26 (0x1A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 26 (0x1A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=29 [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) vfs_ChDir to /testshare call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] dir=./, mask = test2 dptr_create dir=./ creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = test2, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x7fb624053b40 now at offset -1 dos_mode: ./test2 dos_mode_from_sbuf returning rd dos_mode returning rd fetch_share_mode_unlocked: no share_mode record around (file not open) get_lanman2_dir_entry: found ./test2 fname=test2 get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=7106 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. [0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... [0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ [0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s [0070] 00 74 00 32 00 .t.2. SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 got smb length of 112 got message type 0x0 of len 0x70 Transaction 112 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=7170 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=7170 smt_wct=0 smb_bcc=0 got smb length of 112 got message type 0x0 of len 0x70 Transaction 113 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=7234 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=7234 smt_wct=0 smb_bcc=0 got smb length of 112 got message type 0x0 of len 0x70 Transaction 114 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=7298 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=7298 smt_wct=0 smb_bcc=0 got smb length of 94 got message type 0x0 of len 0x5e Transaction 115 of length 98 (0 toread) size=94 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=7362 smt_wct=15 smb_vwv[ 0]= 26 (0x1A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 26 (0x1A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=29 [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] dir=./, mask = test2 dptr_create dir=./ creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = test2, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x7fb62406f9f0 now at offset -1 dos_mode: ./test2 dos_mode_from_sbuf returning rd dos_mode returning rd fetch_share_mode_unlocked: no share_mode record around (file not open) get_lanman2_dir_entry: found ./test2 fname=test2 get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=7362 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. [0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... [0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ [0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s [0070] 00 74 00 32 00 .t.2. SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 got smb length of 98 got message type 0x0 of len 0x62 Transaction 116 of length 102 (0 toread) size=98 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=7426 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=15 [0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0, fname = test2 create_file: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] create_file_unixpath: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2 allocated file structure 16029, fnum = 20125 (2 used) unix_mode(test2) returning 0744 open_file_ntcreate: fname=test2, dos_attrs=0x80 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x200000 unix mode=0744 oplock_request=3 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd open_file_ntcreate: fname=test2, after mapping access_mask=0x20089 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408afa0 delay_for_oplocks: oplock type 0x3 on file delay_for_oplocks: oplock type 0x3 on file calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 fd_open: name test2, flags = 00 mode = 0744, fd = 28. get_windows_lock_count for file = 0 delete_windows_lock_ref_count for file Unlocking key 0208000000000000D748 freed files structure 20125 (1 used) open_directory: opening directory test2, access_mask = 0x20089, share_access = 0x3 create_options = 0x200000, create_disposition = 0x1, file_attributes = 0x80 posix_get_nt_acl: called for file test2 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 check_open_rights: file test2 requesting 0x20089 returning 0x20009 (NT_STATUS_OK) allocated file structure 16030, fnum = 20126 (2 used) Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408bfd0 unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 22, uid = 123, flags = 0, file_id 802:4648d7:0 Unlocking key 0208000000000000D748 create_file_unixpath: info=1 create_file: info=1 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd reply_ntcreate_and_X: fnum = 20126, open name = test2 got smb length of 84 got message type 0x0 of len 0x54 Transaction 117 of length 88 (0 toread) size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=7490 smt_wct=23 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 64 (0x40) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 2 (0x2) smb_vwv[19]= 168 (0xA8) smb_vwv[20]= 9 (0x9) smb_vwv[21]=20126 (0x4E9E) smb_vwv[22]= 1 (0x1) smb_bcc=3 [0000] 00 00 00 ... switch message SMBnttrans (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user num_setup=8, param_total=0, this_param=0, max_param=0, data_total=0, this_data=0, max_data=16384, param_offset=84, data_offset=0 reply_nttrans: state->setup_count = 8 [0000] A8 00 09 00 9E 4E 01 00 .....N.. call_nt_transact_ioctl: function[0x000900A8] FID[0x4E9E] isFSctl[0x01] compfilter[0x00] FSCTL_GET_REPARSE_POINT: called on FID[0x4E9E](but not implemented) error packet at smbd/nttrans.c(1922) cmd=160 (SMBnttrans) NT_STATUS_NOT_A_REPARSE_POINT size=35 smb_com=0xa0 smb_rcls=117 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=7490 smt_wct=0 smb_bcc=0 got smb length of 41 got message type 0x0 of len 0x29 Transaction 118 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=7554 smt_wct=3 smb_vwv[ 0]=20126 (0x4E9E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user close directory fnum=20126 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408ad60 parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 22, uid = 123, flags = 0, file_id 802:4648d7:0 Unlocking key 0208000000000000D748 freed files structure 20126 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=7554 smt_wct=0 smb_bcc=0 got smb length of 110 got message type 0x0 of len 0x6e Transaction 119 of length 114 (0 toread) size=110 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=7618 smt_wct=15 smb_vwv[ 0]= 42 (0x2A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 42 (0x2A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=45 [0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 [0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ [0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 5 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups change_to_user uid=(0,65534) gid=(0,65533) vfs_ChDir to /tmp call_trans2getdfsreferral parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s parse_dfs_path: hostname: 10.225.5.232 parse_dfs_path: servicename: test$ get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND size=35 smb_com=0x32 smb_rcls=37 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=7618 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 120 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=7682 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc nt_open_pipe: Opening pipe \srvsvc. allocated file structure 16031, fnum = 20127 (2 used) Create pipe requested \srvsvc init_pipe_handles: created handle list for pipe \srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \srvsvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \srvsvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 121 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=7746 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20127 (0x4E9F) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e9f) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc api_pipe_bind_req: make response. 1628 check_bind_req for \srvsvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon checking netdfs checking srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\srvsvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=7746 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 184 got message type 0x0 of len 0xb8 Transaction 122 of length 188 (0 toread) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=7810 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20127 (0x4E9F) smb_bcc=117 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [0020] 00 4C 00 00 00 00 00 10 00 D8 BB A4 10 0F 00 00 .L...... ........ [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ [0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. [0070] 00 01 00 00 00 ..... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=100 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4e9f) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 100 write_to_pipe: data_left = 100 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000004c 0004 context_id: 0000 0006 opnum : 0010 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\srvsvc api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO api_rpc_cmds[16].fn == 0x7fb623901588 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo in: struct srvsvc_NetShareGetInfo server_unc : * server_unc : '\\10.225.5.232' share_name : 'test$' level : 0x00000001 (1) _srvsvc_NetShareGetInfo: 1374 _srvsvc_NetShareGetInfo: 1439 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo out: struct srvsvc_NetShareGetInfo info : * info : union srvsvc_NetShareInfo(case 1) info1 : * info1: struct srvsvc_NetShareInfo1 name : * name : 'test$' type : STYPE_DISKTREE (0x0) comment : * comment : 'testshare' result : WERR_OK api_rpcTNP: called \srvsvc successfully free_pipe_context: destroying talloc pool of size 44 write_to_pipe: data_used = 84 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af10 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af10 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0068 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000050 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..104] (align 0) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=7810 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... [0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ [0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ [0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t [0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ [0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r [0060] 00 65 00 00 00 00 00 00 00 .e...... . got smb length of 41 got message type 0x0 of len 0x29 Transaction 123 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=7874 smt_wct=3 smb_vwv[ 0]=20127 (0x4E9F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20127 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \srvsvc freed files structure 20127 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=7874 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 124 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=7938 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc nt_open_pipe: Opening pipe \wkssvc. allocated file structure 16032, fnum = 20128 (2 used) Create pipe requested \wkssvc init_pipe_handles: created handle list for pipe \wkssvc init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \wkssvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \wkssvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 125 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=8002 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20128 (0x4EA0) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4ea0) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 6bffd098 0014 data : a112 0016 data : 3610 0018 data : 98 33 001a data : 46 c3 f8 7e 34 5a 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc api_pipe_bind_req: make response. 1628 check_bind_req for \wkssvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\wkssvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624075a00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624075a00 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=8002 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 160 got message type 0x0 of len 0xa0 Transaction 126 of length 164 (0 toread) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=8066 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20128 (0x4EA0) smb_bcc=93 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... [0020] 00 34 00 00 00 00 00 00 00 24 BE A4 10 0F 00 00 .4...... .$...... [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=76 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4ea0) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 76 write_to_pipe: data_left = 76 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000034 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\wkssvc api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO api_rpc_cmds[0].fn == 0x7fb6238d3580 wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo in: struct wkssvc_NetWkstaGetInfo server_name : * server_name : '\\10.225.5.232' level : 0x00000064 (100) wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo out: struct wkssvc_NetWkstaGetInfo info : * info : union wkssvc_NetWkstaInfo(case 100) info100 : * info100: struct wkssvc_NetWkstaInfo100 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'TESTPC' domain_name : * domain_name : 'TESTGROUP' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) result : WERR_OK api_rpcTNP: called \wkssvc successfully free_pipe_context: destroying talloc pool of size 49 write_to_pipe: data_used = 60 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0074 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000005c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb6240758b0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb6240758b0 copy_trans_params_and_data: params[0..0] data[0..116] (align 0) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=8066 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... [0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... [0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... [0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E [0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. [0070] 00 00 00 00 00 ..... got smb length of 41 got message type 0x0 of len 0x29 Transaction 127 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=8130 smt_wct=3 smb_vwv[ 0]=20128 (0x4EA0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20128 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \wkssvc freed files structure 20128 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=8130 smt_wct=0 smb_bcc=0 got smb length of 94 got message type 0x0 of len 0x5e Transaction 128 of length 98 (0 toread) size=94 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8194 smt_wct=15 smb_vwv[ 0]= 26 (0x1A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 26 (0x1A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=29 [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) vfs_ChDir to /testshare call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] dir=./, mask = test2 dptr_create dir=./ creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = test2, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x7fb624011f90 now at offset -1 dos_mode: ./test2 dos_mode_from_sbuf returning rd dos_mode returning rd fetch_share_mode_unlocked: no share_mode record around (file not open) get_lanman2_dir_entry: found ./test2 fname=test2 get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8194 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. [0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... [0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ [0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s [0070] 00 74 00 32 00 .t.2. SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 got smb length of 112 got message type 0x0 of len 0x70 Transaction 129 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8258 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8258 smt_wct=0 smb_bcc=0 got smb length of 112 got message type 0x0 of len 0x70 Transaction 130 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8322 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8322 smt_wct=0 smb_bcc=0 got smb length of 70 got message type 0x0 of len 0x46 Transaction 131 of length 74 (0 toread) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8386 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [0000] 00 00 00 05 01 ..... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 261 t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8386 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T [0010] 00 46 00 53 00 .F.S. SMBtrans2 info_level = 261 got smb length of 96 got message type 0x0 of len 0x60 Transaction 132 of length 100 (0 toread) size=96 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8450 smt_wct=15 smb_vwv[ 0]= 28 (0x1C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 28 (0x1C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=31 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 2E 00 64 00 6C 00 6C 00 00 00 .t.2...d .l.l... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2.dll" stat_cache_lookup: lookup failed for name [TEST2.DLL] unix_convert begin: name = test2.dll, dirpath = , start = test2.dll is_mangled test2.dll ? is_mangled_component test2.dll (len 9) ? is_mangled test2.dll ? is_mangled_component test2.dll (len 9) ? is_mangled test2.dll ? is_mangled_component test2.dll (len 9) ? New file test2.dll call_trans2qfilepathinfo: SMB_VFS_STAT of test2.dll failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8450 smt_wct=0 smb_bcc=0 got smb length of 98 got message type 0x0 of len 0x62 Transaction 133 of length 102 (0 toread) size=98 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8514 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1280 (0x500) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=15 [0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = test2 create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2 allocated file structure 16033, fnum = 20129 (2 used) unix_mode(test2) returning 0744 open_file_ntcreate: fname=test2, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd open_file_ntcreate: fname=test2, after mapping access_mask=0x20089 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408afa0 delay_for_oplocks: oplock type 0x3 on file delay_for_oplocks: oplock type 0x3 on file calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 fd_open: name test2, flags = 00 mode = 0744, fd = 28. get_windows_lock_count for file = 0 delete_windows_lock_ref_count for file Unlocking key 0208000000000000D748 freed files structure 20129 (1 used) create_file_unixpath: NT_STATUS_FILE_IS_A_DIRECTORY create_file: NT_STATUS_FILE_IS_A_DIRECTORY error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY size=35 smb_com=0xa2 smb_rcls=186 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8514 smt_wct=0 smb_bcc=0 got smb length of 98 got message type 0x0 of len 0x62 Transaction 134 of length 102 (0 toread) size=98 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8578 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 256 (0x100) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=15 [0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = test2 create_file: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] create_file_unixpath: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2 allocated file structure 16034, fnum = 20130 (2 used) unix_mode(test2) returning 0744 open_file_ntcreate: fname=test2, dos_attrs=0x80 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd open_file_ntcreate: fname=test2, after mapping access_mask=0x20089 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408afa0 delay_for_oplocks: oplock type 0x3 on file delay_for_oplocks: oplock type 0x3 on file calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 fd_open: name test2, flags = 00 mode = 0744, fd = 28. get_windows_lock_count for file = 0 delete_windows_lock_ref_count for file Unlocking key 0208000000000000D748 freed files structure 20130 (1 used) create_file_unixpath: NT_STATUS_FILE_IS_A_DIRECTORY create_file: NT_STATUS_FILE_IS_A_DIRECTORY error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY size=35 smb_com=0xa2 smb_rcls=186 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8578 smt_wct=0 smb_bcc=0 got smb length of 98 got message type 0x0 of len 0x62 Transaction 135 of length 102 (0 toread) size=98 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8642 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=15 [0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x0, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = test2 create_file: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x0, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] create_file_unixpath: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x0, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2 allocated file structure 16035, fnum = 20131 (2 used) unix_mode(test2) returning 0744 open_file_ntcreate: fname=test2, dos_attrs=0x80 access_mask=0x20089 share_access=0x0 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd open_file_ntcreate: fname=test2, after mapping access_mask=0x20089 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408afa0 delay_for_oplocks: oplock type 0x3 on file delay_for_oplocks: oplock type 0x3 on file calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 fd_open: name test2, flags = 00 mode = 0744, fd = 28. get_windows_lock_count for file = 0 delete_windows_lock_ref_count for file Unlocking key 0208000000000000D748 freed files structure 20131 (1 used) create_file_unixpath: NT_STATUS_FILE_IS_A_DIRECTORY create_file: NT_STATUS_FILE_IS_A_DIRECTORY error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY size=35 smb_com=0xa2 smb_rcls=186 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8642 smt_wct=0 smb_bcc=0 got smb length of 88 got message type 0x0 of len 0x58 Transaction 136 of length 92 (0 toread) size=88 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8706 smt_wct=15 smb_vwv[ 0]= 20 (0x14) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 20 (0x14) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=23 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 00 00 .t.2... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] fetch_share_mode_unlocked: no share_mode record around (file not open) call_trans2qfilepathinfo test2 (fnum = -1) level=1004 call=5 total_data=0 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION SMB_QFBI - create: Tue Feb 23 08:59:59 2010 access: Tue Feb 23 09:06:58 2010 write: Tue Feb 23 08:59:59 2010 change: Tue Feb 23 08:59:59 2010 mode: 11 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8706 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [0000] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... [0010] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0020] 31 5E B4 CA 01 11 00 00 00 00 00 00 00 1^...... ..... got smb length of 70 got message type 0x0 of len 0x46 Transaction 137 of length 74 (0 toread) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8770 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [0000] 00 00 00 05 01 ..... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 261 t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 size=76 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8770 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 20 (0x14) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 20 (0x14) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=21 [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T [0010] 00 46 00 53 00 .F.S. SMBtrans2 info_level = 261 got smb length of 98 got message type 0x0 of len 0x62 Transaction 138 of length 102 (0 toread) size=98 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8834 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 3584 (0xE00) smb_vwv[ 9]= 1 (0x1) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=15 [0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x10, access_mask = 0x10e0000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = test2 create_file: access_mask = 0x10e0000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] create_file_unixpath: access_mask = 0x10e0000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = test2 create_file_unixpath: NT_STATUS_PRIVILEGE_NOT_HELD create_file: NT_STATUS_PRIVILEGE_NOT_HELD error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_PRIVILEGE_NOT_HELD size=35 smb_com=0xa2 smb_rcls=97 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8834 smt_wct=0 smb_bcc=0 got smb length of 98 got message type 0x0 of len 0x62 Transaction 139 of length 102 (0 toread) size=98 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=8898 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=15 [0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x10, access_mask = 0x20000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = test2 create_file: access_mask = 0x20000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] create_file_unixpath: access_mask = 0x20000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = test2 allocated file structure 16036, fnum = 20132 (2 used) unix_mode(test2) returning 0744 open_file_ntcreate: fname=test2, dos_attrs=0x0 access_mask=0x20000 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=0 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd open_file_ntcreate: fname=test2, after mapping access_mask=0x20000 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408afa0 delay_for_oplocks: oplock type 0x10 on file delay_for_oplocks: oplock type 0x10 on file calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20000, open_access_mask = 0x20000 posix_get_nt_acl: called for file test2 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 check_open_rights: file test2 requesting 0x20000 returning 0x20000 (NT_STATUS_OK) Unlocking key 0208000000000000D748 freed files structure 20132 (1 used) open_directory: opening directory test2, access_mask = 0x20000, share_access = 0x3 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x0 posix_get_nt_acl: called for file test2 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 check_open_rights: file test2 requesting 0x20000 returning 0x20000 (NT_STATUS_OK) allocated file structure 16037, fnum = 20133 (2 used) Locking key 0208000000000000D748 Allocated locked data 0x0x7fb624066940 unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x0, access_mask = 0x20080, mid = 0x0, type= 0x0, gen_id = 29, uid = 123, flags = 0, file_id 802:4648d7:0 Unlocking key 0208000000000000D748 create_file_unixpath: info=1 create_file: info=1 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd reply_ntcreate_and_X: fnum = 20133, open name = test2 got smb length of 41 got message type 0x0 of len 0x29 Transaction 140 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=8962 smt_wct=3 smb_vwv[ 0]=20133 (0x4EA5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user close directory fnum=20133 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408ad60 parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x0, access_mask = 0x20080, mid = 0x0, type= 0x0, gen_id = 29, uid = 123, flags = 0, file_id 802:4648d7:0 Unlocking key 0208000000000000D748 freed files structure 20133 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=8962 smt_wct=0 smb_bcc=0 got smb length of 98 got message type 0x0 of len 0x62 Transaction 141 of length 102 (0 toread) size=98 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=9026 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 1024 (0x400) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=15 [0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x10, access_mask = 0x40000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = test2 create_file: access_mask = 0x40000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] create_file_unixpath: access_mask = 0x40000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = test2 allocated file structure 16038, fnum = 20134 (2 used) unix_mode(test2) returning 0744 open_file_ntcreate: fname=test2, dos_attrs=0x0 access_mask=0x40000 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=0 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd open_file_ntcreate: fname=test2, after mapping access_mask=0x40000 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408afa0 delay_for_oplocks: oplock type 0x10 on file delay_for_oplocks: oplock type 0x10 on file calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x40000, open_access_mask = 0x40000 posix_get_nt_acl: called for file test2 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 check_open_rights: file test2 requesting 0x40000 returning 0x40000 (NT_STATUS_OK) Unlocking key 0208000000000000D748 freed files structure 20134 (1 used) open_directory: opening directory test2, access_mask = 0x40000, share_access = 0x3 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x0 posix_get_nt_acl: called for file test2 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 check_open_rights: file test2 requesting 0x40000 returning 0x40000 (NT_STATUS_OK) allocated file structure 16039, fnum = 20135 (2 used) Locking key 0208000000000000D748 Allocated locked data 0x0x7fb624066940 unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x0, access_mask = 0x40080, mid = 0x0, type= 0x0, gen_id = 31, uid = 123, flags = 0, file_id 802:4648d7:0 Unlocking key 0208000000000000D748 create_file_unixpath: info=1 create_file: info=1 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd reply_ntcreate_and_X: fnum = 20135, open name = test2 got smb length of 41 got message type 0x0 of len 0x29 Transaction 142 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=9090 smt_wct=3 smb_vwv[ 0]=20135 (0x4EA7) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user close directory fnum=20135 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408ad60 parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x0, access_mask = 0x40080, mid = 0x0, type= 0x0, gen_id = 31, uid = 123, flags = 0, file_id 802:4648d7:0 Unlocking key 0208000000000000D748 freed files structure 20135 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=9090 smt_wct=0 smb_bcc=0 got smb length of 98 got message type 0x0 of len 0x62 Transaction 143 of length 102 (0 toread) size=98 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=9154 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 2048 (0x800) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=15 [0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x10, access_mask = 0x80000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = test2 create_file: access_mask = 0x80000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] create_file_unixpath: access_mask = 0x80000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = test2 allocated file structure 16040, fnum = 20136 (2 used) unix_mode(test2) returning 0744 open_file_ntcreate: fname=test2, dos_attrs=0x0 access_mask=0x80000 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=0 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd open_file_ntcreate: fname=test2, after mapping access_mask=0x80000 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408afa0 delay_for_oplocks: oplock type 0x10 on file delay_for_oplocks: oplock type 0x10 on file calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x80000, open_access_mask = 0x80000 posix_get_nt_acl: called for file test2 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 check_open_rights: file test2 requesting 0x80000 returning 0x80000 (NT_STATUS_OK) Unlocking key 0208000000000000D748 freed files structure 20136 (1 used) open_directory: opening directory test2, access_mask = 0x80000, share_access = 0x3 create_options = 0x0, create_disposition = 0x1, file_attributes = 0x0 posix_get_nt_acl: called for file test2 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 check_open_rights: file test2 requesting 0x80000 returning 0x80000 (NT_STATUS_OK) allocated file structure 16041, fnum = 20137 (2 used) Locking key 0208000000000000D748 Allocated locked data 0x0x7fb624066940 unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x0, access_mask = 0x80080, mid = 0x0, type= 0x0, gen_id = 33, uid = 123, flags = 0, file_id 802:4648d7:0 Unlocking key 0208000000000000D748 create_file_unixpath: info=1 create_file: info=1 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd reply_ntcreate_and_X: fnum = 20137, open name = test2 got smb length of 41 got message type 0x0 of len 0x29 Transaction 144 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=9218 smt_wct=3 smb_vwv[ 0]=20137 (0x4EA9) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user close directory fnum=20137 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408ad60 parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x0, access_mask = 0x80080, mid = 0x0, type= 0x0, gen_id = 33, uid = 123, flags = 0, file_id 802:4648d7:0 Unlocking key 0208000000000000D748 freed files structure 20137 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=9218 smt_wct=0 smb_bcc=0 got smb length of 98 got message type 0x0 of len 0x62 Transaction 145 of length 102 (0 toread) size=98 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=9282 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 1 (0x1) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=15 [0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x10, access_mask = 0x1000000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = test2 create_file: access_mask = 0x1000000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] create_file_unixpath: access_mask = 0x1000000 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = test2 create_file_unixpath: NT_STATUS_PRIVILEGE_NOT_HELD create_file: NT_STATUS_PRIVILEGE_NOT_HELD error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_PRIVILEGE_NOT_HELD size=35 smb_com=0xa2 smb_rcls=97 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=9282 smt_wct=0 smb_bcc=0 got smb length of 88 got message type 0x0 of len 0x58 Transaction 146 of length 92 (0 toread) size=88 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=9346 smt_wct=15 smb_vwv[ 0]= 20 (0x14) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 20 (0x14) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=23 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 00 00 .t.2... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] fetch_share_mode_unlocked: no share_mode record around (file not open) call_trans2qfilepathinfo test2 (fnum = -1) level=1004 call=5 total_data=0 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd call_trans2qfilepathinfo: SMB_FILE_BASIC_INFORMATION SMB_QFBI - create: Tue Feb 23 08:59:59 2010 access: Tue Feb 23 09:06:58 2010 write: Tue Feb 23 08:59:59 2010 change: Tue Feb 23 08:59:59 2010 mode: 11 t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 size=100 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=9346 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [0000] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... [0010] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0020] 31 5E B4 CA 01 11 00 00 00 00 00 00 00 1^...... ..... got smb length of 94 got message type 0x0 of len 0x5e Transaction 147 of length 98 (0 toread) size=94 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=9410 smt_wct=15 smb_vwv[ 0]= 26 (0x1A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 26 (0x1A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=29 [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] dir=./, mask = test2 dptr_create dir=./ creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = test2, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x7fb624011f90 now at offset -1 dos_mode: ./test2 dos_mode_from_sbuf returning rd dos_mode returning rd fetch_share_mode_unlocked: no share_mode record around (file not open) get_lanman2_dir_entry: found ./test2 fname=test2 get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=9410 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. [0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... [0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ [0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s [0070] 00 74 00 32 00 .t.2. SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 got smb length of 110 got message type 0x0 of len 0x6e Transaction 148 of length 114 (0 toread) size=110 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=9474 smt_wct=15 smb_vwv[ 0]= 42 (0x2A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 42 (0x2A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 16 (0x10) smb_bcc=45 [0000] 00 00 00 03 00 5C 00 31 00 30 00 2E 00 32 00 32 .....\.1 .0...2.2 [0010] 00 35 00 2E 00 35 00 2E 00 32 00 33 00 32 00 5C .5...5.. .2.3.2.\ [0020] 00 74 00 65 00 73 00 74 00 24 00 00 00 .t.e.s.t .$... switch message SMBtrans2 (pid 12841) conn 0x7fb624087930 setting sec ctx (65534, 65533) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-501 contains 5 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-65534 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 65534 Primary group is 65533 and contains 0 supplementary groups change_to_user uid=(0,65534) gid=(0,65533) vfs_ChDir to /tmp call_trans2getdfsreferral parse_dfs_path: temp = |10.225.5.232\test$| after trimming \'s parse_dfs_path: hostname: 10.225.5.232 parse_dfs_path: servicename: test$ get_referred_path: |test$| in dfs path \10.225.5.232\test$ is not a dfs root. error packet at smbd/trans2.c(7421) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND size=35 smb_com=0x32 smb_rcls=37 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=3 smb_pid=1596 smb_uid=102 smb_mid=9474 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 149 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=9538 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 73 00 72 00 76 00 73 00 76 00 63 00 00 .\.s.r.v .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = srvsvc nt_open_pipe: Opening pipe \srvsvc. allocated file structure 16042, fnum = 20138 (2 used) Create pipe requested \srvsvc init_pipe_handles: created handle list for pipe \srvsvc init_pipe_handles: pipe_handles ref count = 1 for pipe \srvsvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \srvsvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \srvsvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 150 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=9602 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20138 (0x4EAA) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 C8 4F 32 4B 70 16 D3 01 12 78 5A 47 BF 6E E1 ..O2Kp.. ..xZG.n. [0040] 88 03 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4eaa) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 4b324fc8 0014 data : 1670 0016 data : 01d3 0018 data : 12 78 001a data : 5a 47 bf 6e e1 88 0020 version: 00000003 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\srvsvc api_pipe_bind_req: make response. 1628 check_bind_req for \srvsvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon checking netdfs checking srvsvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\srvsvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=9602 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 73 72 76 73 76 63 00 00 01 00 00 00 00 00 00 \srvsvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 184 got message type 0x0 of len 0xb8 Transaction 151 of length 188 (0 toread) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=9666 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 100 (0x64) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20138 (0x4EAA) smb_bcc=117 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [0020] 00 4C 00 00 00 00 00 10 00 84 B3 A4 10 0F 00 00 .L...... ........ [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 06 00 00 00 00 00 00 .3.2.... ........ [0060] 00 06 00 00 00 74 00 65 00 73 00 74 00 24 00 00 .....t.e .s.t.$.. [0070] 00 01 00 00 00 ..... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=100 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "srvsvc" (pnum 4eaa) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 100 write_to_pipe: data_left = 100 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 84 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000004c 0004 context_id: 0000 0006 opnum : 0010 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\srvsvc api_rpcTNP: \srvsvc op 0x10 - api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO api_rpc_cmds[16].fn == 0x7fb623901588 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo in: struct srvsvc_NetShareGetInfo server_unc : * server_unc : '\\10.225.5.232' share_name : 'test$' level : 0x00000001 (1) _srvsvc_NetShareGetInfo: 1374 _srvsvc_NetShareGetInfo: 1439 srvsvc_NetShareGetInfo: struct srvsvc_NetShareGetInfo out: struct srvsvc_NetShareGetInfo info : * info : union srvsvc_NetShareInfo(case 1) info1 : * info1: struct srvsvc_NetShareInfo1 name : * name : 'test$' type : STYPE_DISKTREE (0x0) comment : * comment : 'testshare' result : WERR_OK api_rpcTNP: called \srvsvc successfully free_pipe_context: destroying talloc pool of size 44 write_to_pipe: data_used = 84 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af10 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af10 name: \srvsvc len: 1024 read_from_pipe: \srvsvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 80. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0068 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000050 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..104] (align 0) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=9666 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=105 [0000] 00 05 00 02 03 10 00 00 00 68 00 00 00 01 00 00 ........ .h...... [0010] 00 50 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .P...... ........ [0020] 00 04 00 02 00 00 00 00 00 08 00 02 00 06 00 00 ........ ........ [0030] 00 00 00 00 00 06 00 00 00 74 00 65 00 73 00 74 ........ .t.e.s.t [0040] 00 24 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 .$...... ........ [0050] 00 74 00 65 00 73 00 74 00 73 00 68 00 61 00 72 .t.e.s.t .s.h.a.r [0060] 00 65 00 00 00 00 00 00 00 .e...... . got smb length of 41 got message type 0x0 of len 0x29 Transaction 152 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=9730 smt_wct=3 smb_vwv[ 0]=20138 (0x4EAA) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20138 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \srvsvc freed files structure 20138 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=9730 smt_wct=0 smb_bcc=0 got smb length of 100 got message type 0x0 of len 0x64 Transaction 153 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=9794 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 256 (0x100) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=17 [0000] 00 5C 00 77 00 6B 00 73 00 73 00 76 00 63 00 00 .\.w.k.s .s.v.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = wkssvc nt_open_pipe: Opening pipe \wkssvc. allocated file structure 16043, fnum = 20139 (2 used) Create pipe requested \wkssvc init_pipe_handles: created handle list for pipe \wkssvc init_pipe_handles: pipe_handles ref count = 1 for pipe \wkssvc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \wkssvc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \wkssvc got smb length of 156 got message type 0x0 of len 0x9c Transaction 154 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=9858 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20139 (0x4EAB) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 98 D0 FF 6B 12 A1 10 36 98 33 46 C3 F8 7E 34 ....k... 6.3F..~4 [0040] 5A 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 Z.....]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4eab) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 6bffd098 0014 data : a112 0016 data : 3610 0018 data : 98 33 001a data : 46 c3 f8 7e 34 5a 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\wkssvc api_pipe_bind_req: make response. 1628 check_bind_req for \wkssvc checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\wkssvc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624075a00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624075a00 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=9858 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 77 6B 73 73 76 63 00 00 01 00 00 00 00 00 00 \wkssvc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 160 got message type 0x0 of len 0xa0 Transaction 155 of length 164 (0 toread) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=9922 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20139 (0x4EAB) smb_bcc=93 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 01 00 00 ........ .L...... [0020] 00 34 00 00 00 00 00 00 00 D0 B5 A4 10 0F 00 00 .4...... ........ [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 64 00 00 00 .3.2.... .d... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=76 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "wkssvc" (pnum 4eab) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 76 write_to_pipe: data_left = 76 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000034 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\wkssvc api_rpcTNP: \wkssvc op 0x0 - api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO api_rpc_cmds[0].fn == 0x7fb6238d3580 wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo in: struct wkssvc_NetWkstaGetInfo server_name : * server_name : '\\10.225.5.232' level : 0x00000064 (100) wkssvc_NetWkstaGetInfo: struct wkssvc_NetWkstaGetInfo out: struct wkssvc_NetWkstaGetInfo info : * info : union wkssvc_NetWkstaInfo(case 100) info100 : * info100: struct wkssvc_NetWkstaInfo100 platform_id : PLATFORM_ID_NT (500) server_name : * server_name : 'TESTPC' domain_name : * domain_name : 'TESTGROUP' version_major : 0x00000004 (4) version_minor : 0x00000009 (9) result : WERR_OK api_rpcTNP: called \wkssvc successfully free_pipe_context: destroying talloc pool of size 49 write_to_pipe: data_used = 60 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 name: \wkssvc len: 1024 read_from_pipe: \wkssvc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 92. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0074 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000005c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb6240758b0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb6240758b0 copy_trans_params_and_data: params[0..0] data[0..116] (align 0) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=9922 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 116 (0x74) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 116 (0x74) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 05 00 02 03 10 00 00 00 74 00 00 00 01 00 00 ........ .t...... [0010] 00 5C 00 00 00 00 00 00 00 64 00 00 00 00 00 02 .\...... .d...... [0020] 00 F4 01 00 00 04 00 02 00 08 00 02 00 04 00 00 ........ ........ [0030] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0040] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... [0050] 00 0A 00 00 00 00 00 00 00 0A 00 00 00 54 00 45 ........ .....T.E [0060] 00 53 00 54 00 47 00 52 00 4F 00 55 00 50 00 00 .S.T.G.R .O.U.P.. [0070] 00 00 00 00 00 ..... got smb length of 41 got message type 0x0 of len 0x29 Transaction 156 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=9986 smt_wct=3 smb_vwv[ 0]=20139 (0x4EAB) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20139 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \wkssvc freed files structure 20139 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=9986 smt_wct=0 smb_bcc=0 got smb length of 94 got message type 0x0 of len 0x5e Transaction 157 of length 98 (0 toread) size=94 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10050 smt_wct=15 smb_vwv[ 0]= 26 (0x1A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 26 (0x1A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=29 [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) vfs_ChDir to /testshare call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] dir=./, mask = test2 dptr_create dir=./ creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = test2, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x7fb624011b40 now at offset -1 dos_mode: ./test2 dos_mode_from_sbuf returning rd dos_mode returning rd fetch_share_mode_unlocked: no share_mode record around (file not open) get_lanman2_dir_entry: found ./test2 fname=test2 get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10050 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. [0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... [0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ [0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s [0070] 00 74 00 32 00 .t.2. SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 got smb length of 112 got message type 0x0 of len 0x70 Transaction 158 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10114 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10114 smt_wct=0 smb_bcc=0 got smb length of 112 got message type 0x0 of len 0x70 Transaction 159 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10178 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10178 smt_wct=0 smb_bcc=0 got smb length of 112 got message type 0x0 of len 0x70 Transaction 160 of length 116 (0 toread) size=112 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10242 smt_wct=15 smb_vwv[ 0]= 44 (0x2C) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 40 (0x28) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 44 (0x2C) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 5 (0x5) smb_bcc=47 [0000] 00 00 00 EC 03 00 00 00 00 5C 00 74 00 65 00 73 ........ .\.t.e.s [0010] 00 74 00 32 00 5C 00 64 00 65 00 73 00 6B 00 74 .t.2.\.d .e.s.k.t [0020] 00 6F 00 70 00 2E 00 69 00 6E 00 69 00 00 00 .o.p...i .n.i... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 unix_convert called on file "test2/desktop.ini" stat_cache_lookup: lookup failed for name [TEST2/DESKTOP.INI] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/desktop.ini, dirpath = test2, start = desktop.ini is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? is_mangled desktop.ini ? is_mangled_component desktop.ini (len 11) ? New file desktop.ini call_trans2qfilepathinfo: SMB_VFS_STAT of test2/desktop.ini failed (No such file or directory) unix_error_packet: error string = No such file or directory error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND size=35 smb_com=0x32 smb_rcls=52 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10242 smt_wct=0 smb_bcc=0 got smb length of 94 got message type 0x0 of len 0x5e Transaction 161 of length 98 (0 toread) size=94 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10306 smt_wct=15 smb_vwv[ 0]= 26 (0x1A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 26 (0x1A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=29 [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] dir=./, mask = test2 dptr_create dir=./ creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = test2, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x7fb624053b40 now at offset -1 dos_mode: ./test2 dos_mode_from_sbuf returning rd dos_mode returning rd fetch_share_mode_unlocked: no share_mode record around (file not open) get_lanman2_dir_entry: found ./test2 fname=test2 get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10306 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. [0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... [0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ [0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s [0070] 00 74 00 32 00 .t.2. SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 got smb length of 98 got message type 0x0 of len 0x62 Transaction 162 of length 102 (0 toread) size=98 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10370 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=15 [0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0, fname = test2 create_file: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] create_file_unixpath: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = test2 allocated file structure 16044, fnum = 20140 (2 used) unix_mode(test2) returning 0744 open_file_ntcreate: fname=test2, dos_attrs=0x80 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x200000 unix mode=0744 oplock_request=3 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd open_file_ntcreate: fname=test2, after mapping access_mask=0x20089 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408afa0 delay_for_oplocks: oplock type 0x3 on file delay_for_oplocks: oplock type 0x3 on file calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 fd_open: name test2, flags = 00 mode = 0744, fd = 28. get_windows_lock_count for file = 0 delete_windows_lock_ref_count for file Unlocking key 0208000000000000D748 freed files structure 20140 (1 used) open_directory: opening directory test2, access_mask = 0x20089, share_access = 0x3 create_options = 0x200000, create_disposition = 0x1, file_attributes = 0x80 posix_get_nt_acl: called for file test2 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 check_open_rights: file test2 requesting 0x20089 returning 0x20009 (NT_STATUS_OK) allocated file structure 16045, fnum = 20141 (2 used) Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408bfd0 unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 37, uid = 123, flags = 0, file_id 802:4648d7:0 Unlocking key 0208000000000000D748 create_file_unixpath: info=1 create_file: info=1 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd reply_ntcreate_and_X: fnum = 20141, open name = test2 got smb length of 84 got message type 0x0 of len 0x54 Transaction 163 of length 88 (0 toread) size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10434 smt_wct=23 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 64 (0x40) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 2 (0x2) smb_vwv[19]= 168 (0xA8) smb_vwv[20]= 9 (0x9) smb_vwv[21]=20141 (0x4EAD) smb_vwv[22]= 1 (0x1) smb_bcc=3 [0000] 00 00 00 ... switch message SMBnttrans (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user num_setup=8, param_total=0, this_param=0, max_param=0, data_total=0, this_data=0, max_data=16384, param_offset=84, data_offset=0 reply_nttrans: state->setup_count = 8 [0000] A8 00 09 00 AD 4E 01 00 .....N.. call_nt_transact_ioctl: function[0x000900A8] FID[0x4EAD] isFSctl[0x01] compfilter[0x00] FSCTL_GET_REPARSE_POINT: called on FID[0x4EAD](but not implemented) error packet at smbd/nttrans.c(1922) cmd=160 (SMBnttrans) NT_STATUS_NOT_A_REPARSE_POINT size=35 smb_com=0xa0 smb_rcls=117 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10434 smt_wct=0 smb_bcc=0 got smb length of 41 got message type 0x0 of len 0x29 Transaction 164 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=10498 smt_wct=3 smb_vwv[ 0]=20141 (0x4EAD) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user close directory fnum=20141 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408ad60 parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 37, uid = 123, flags = 0, file_id 802:4648d7:0 Unlocking key 0208000000000000D748 freed files structure 20141 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=10498 smt_wct=0 smb_bcc=0 got smb length of 88 got message type 0x0 of len 0x58 Transaction 165 of length 92 (0 toread) size=88 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10562 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 512 (0x200) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=35072 (0x8900) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]=32768 (0x8000) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=5 [0000] 00 5C 00 00 00 .\... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0, fname = create_file: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = unix_convert called on file "" conversion finished "" -> . create_file_unixpath: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = . allocated file structure 16046, fnum = 20142 (2 used) unix_mode(.) returning 0744 open_file_ntcreate: fname=., dos_attrs=0x80 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x200000 unix mode=0744 oplock_request=3 dos_mode: . dos_mode_from_sbuf returning d dos_mode returning d open_file_ntcreate: fname=., after mapping access_mask=0x20089 Locking key 020800000000000001C0 Allocated locked data 0x0x7fb62408aeb0 parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x1, access_mask = 0x100081, mid = 0x0, type= 0x0, gen_id = 8, uid = 123, flags = 0, file_id 802:45c001:0 delay_for_oplocks: oplock type 0x0 on file share_conflict: entry->access_mask = 0x100081, entry->share_access = 0x7, entry->private_options = 0x1 share_conflict: access_mask = 0x20089, share_access = 0x3 share_conflict: [1] am (0x100081) & right (0x6) = 0x0 share_conflict: [1] sa (0x3) & share (0x2) = 0x2 share_conflict: [2] am (0x20089) & right (0x6) = 0x0 share_conflict: [2] sa (0x7) & share (0x2) = 0x2 share_conflict: [3] am (0x100081) & right (0x21) = 0x1 share_conflict: [3] sa (0x3) & share (0x1) = 0x1 share_conflict: [4] am (0x20089) & right (0x21) = 0x1 share_conflict: [4] sa (0x7) & share (0x1) = 0x1 share_conflict: [5] am (0x100081) & right (0x10000) = 0x0 share_conflict: [5] sa (0x3) & share (0x4) = 0x0 share_conflict: [6] am (0x20089) & right (0x10000) = 0x0 share_conflict: [6] sa (0x7) & share (0x4) = 0x4 share_conflict: No conflict. delay_for_oplocks: oplock type 0x0 on file calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 fd_open: name ., flags = 00 mode = 0744, fd = 28. get_windows_lock_count for file = 0 delete_windows_lock_ref_count for file Unlocking key 020800000000000001C0 freed files structure 20142 (1 used) open_directory: opening directory ., access_mask = 0x20089, share_access = 0x3 create_options = 0x200000, create_disposition = 0x1, file_attributes = 0x80 posix_get_nt_acl: called for file . canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms rwx map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff check_open_rights: file . requesting 0x20089 returning 0x20009 (NT_STATUS_OK) allocated file structure 16047, fnum = 20143 (2 used) Locking key 020800000000000001C0 Allocated locked data 0x0x7fb62408c030 parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 1 parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x1, access_mask = 0x100081, mid = 0x0, type= 0x0, gen_id = 8, uid = 123, flags = 0, file_id 802:45c001:0 share_conflict: entry->access_mask = 0x100081, entry->share_access = 0x7, entry->private_options = 0x1 share_conflict: access_mask = 0x20089, share_access = 0x3 share_conflict: [1] am (0x100081) & right (0x6) = 0x0 share_conflict: [1] sa (0x3) & share (0x2) = 0x2 share_conflict: [2] am (0x20089) & right (0x6) = 0x0 share_conflict: [2] sa (0x7) & share (0x2) = 0x2 share_conflict: [3] am (0x100081) & right (0x21) = 0x1 share_conflict: [3] sa (0x3) & share (0x1) = 0x1 share_conflict: [4] am (0x20089) & right (0x21) = 0x1 share_conflict: [4] sa (0x7) & share (0x1) = 0x1 share_conflict: [5] am (0x100081) & right (0x10000) = 0x0 share_conflict: [5] sa (0x3) & share (0x4) = 0x0 share_conflict: [6] am (0x20089) & right (0x10000) = 0x0 share_conflict: [6] sa (0x7) & share (0x4) = 0x4 share_conflict: No conflict. unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 2 print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x1, access_mask = 0x100081, mid = 0x0, type= 0x0, gen_id = 8, uid = 123, flags = 0, file_id 802:45c001:0 print_share_mode_table: share_mode_entry[1]: pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 39, uid = 123, flags = 0, file_id 802:45c001:0 Unlocking key 020800000000000001C0 create_file_unixpath: info=1 create_file: info=1 dos_mode: . dos_mode_from_sbuf returning d dos_mode returning d reply_ntcreate_and_X: fnum = 20143, open name = . got smb length of 84 got message type 0x0 of len 0x54 Transaction 166 of length 88 (0 toread) size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10626 smt_wct=23 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 64 (0x40) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=21504 (0x5400) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 1024 (0x400) smb_vwv[18]= 2 (0x2) smb_vwv[19]= 168 (0xA8) smb_vwv[20]= 9 (0x9) smb_vwv[21]=20143 (0x4EAF) smb_vwv[22]= 1 (0x1) smb_bcc=3 [0000] 00 00 00 ... switch message SMBnttrans (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user num_setup=8, param_total=0, this_param=0, max_param=0, data_total=0, this_data=0, max_data=16384, param_offset=84, data_offset=0 reply_nttrans: state->setup_count = 8 [0000] A8 00 09 00 AF 4E 01 00 .....N.. call_nt_transact_ioctl: function[0x000900A8] FID[0x4EAF] isFSctl[0x01] compfilter[0x00] FSCTL_GET_REPARSE_POINT: called on FID[0x4EAF](but not implemented) error packet at smbd/nttrans.c(1922) cmd=160 (SMBnttrans) NT_STATUS_NOT_A_REPARSE_POINT size=35 smb_com=0xa0 smb_rcls=117 smb_reh=2 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10626 smt_wct=0 smb_bcc=0 got smb length of 41 got message type 0x0 of len 0x29 Transaction 167 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=10690 smt_wct=3 smb_vwv[ 0]=20143 (0x4EAF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user close directory fnum=20143 Locking key 020800000000000001C0 Allocated locked data 0x0x7fb62408ad60 parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 2 parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x1, access_mask = 0x100081, mid = 0x0, type= 0x0, gen_id = 8, uid = 123, flags = 0, file_id 802:45c001:0 parse_share_modes: share_mode_entry[1]: pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x0, gen_id = 39, uid = 123, flags = 0, file_id 802:45c001:0 unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 2 print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x1, access_mask = 0x100081, mid = 0x0, type= 0x0, gen_id = 8, uid = 123, flags = 0, file_id 802:45c001:0 print_share_mode_table: share_mode_entry[1]: UNUSED pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x40, gen_id = 39, uid = 123, flags = 0, file_id 802:45c001:0 Unlocking key 020800000000000001C0 freed files structure 20143 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=10690 smt_wct=0 smb_bcc=0 got smb length of 70 got message type 0x0 of len 0x46 Transaction 168 of length 74 (0 toread) size=70 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10754 smt_wct=15 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 560 (0x230) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2 (0x2) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 3 (0x3) smb_bcc=5 [0000] 00 00 00 03 01 ..... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2qfsinfo: level = 259 sys_get_quota() uid(0, 123) sys_get_linux_gen_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] sys_get_linux_v2_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] sys_get_linux_v1_quota: path[/] bdev[/dev/sda2] SMB_USER_QUOTA_TYPE uid[123] sys_get_vfs_quota() failed for mntpath[/] bdev[/dev/sda2] qtype[2] id[123]: Invalid argument sys_get_quota() uid(0, 123) sys_get_linux_gen_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] sys_get_linux_v2_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] sys_get_linux_v1_quota: path[/] bdev[/dev/sda2] SMB_GROUP_QUOTA_TYPE gid[123] sys_get_vfs_quota() failed for mntpath[/] bdev[/dev/sda2] qtype[4] id[123]: Invalid argument call_trans2qfsinfo : SMB_QUERY_FS_SIZE_INFO bsize=1024, cSectorUnit=2, cBytesSector=512, cUnitTotal=151763264, cUnitAvail=112242172 t2_rep: params_sent_thistime = 0, data_sent_thistime = 24, useable_space = 131012 t2_rep: params_to_send = 0, data_to_send = 24, paramsize = 0, datasize = 24 size=80 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10754 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=25 [0000] 00 40 B9 0B 09 00 00 00 00 FC AD B0 06 00 00 00 .@...... ........ [0010] 00 02 00 00 00 00 02 00 00 ........ . SMBtrans2 info_level = 259 got smb length of 94 got message type 0x0 of len 0x5e Transaction 169 of length 98 (0 toread) size=94 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10818 smt_wct=15 smb_vwv[ 0]= 26 (0x1A) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 26 (0x1A) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=29 [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 74 00 65 00 73 00 74 00 32 00 00 00 .t.e.s.t .2... switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] dir=./, mask = test2 dptr_create dir=./ creating new dirptr 256 for path ./, expect_close = 1 dptr_num is 256, wcard = test2, attr = 22 dirpath=<./> dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x7fb624053b40 now at offset -1 dos_mode: ./test2 dos_mode_from_sbuf returning rd dos_mode returning rd fetch_share_mode_unlocked: no share_mode record around (file not open) get_lanman2_dir_entry: found ./test2 fname=test2 get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 104, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 104, paramsize = 10, datasize = 104 size=172 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10818 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 104 (0x68) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 104 (0x68) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=117 [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 68 00 00 ........ .....h.. [0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... [0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ [0040] 00 00 00 00 00 11 00 00 00 0A 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 74 00 65 00 73 ........ ...t.e.s [0070] 00 74 00 32 00 .t.2. SMBtrans2 mask=test2 directory=./ dirtype=22 numentries=1 got smb length of 98 got message type 0x0 of len 0x62 Transaction 170 of length 102 (0 toread) size=98 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10882 smt_wct=15 smb_vwv[ 0]= 30 (0x1E) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 10 (0xA) smb_vwv[ 3]=16384 (0x4000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 30 (0x1E) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 1 (0x1) smb_bcc=33 [0000] 00 00 00 16 00 56 05 06 00 04 01 00 00 00 00 5C .....V.. .......\ [0010] 00 74 00 65 00 73 00 74 00 32 00 5C 00 2A 00 00 .t.e.s.t .2.\.*.. [0020] 00 . switch message SMBtrans2 (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 unix_convert called on file "test2/*" stat_cache_lookup: lookup failed for name [TEST2/*] stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] unix_convert begin: name = test2/*, dirpath = test2, start = * is_mangled * ? is_mangled_component * (len 1) ? is_mangled * ? is_mangled_component * (len 1) ? New file * dir=test2, mask = * dptr_create dir=test2 creating new dirptr 256 for path test2, expect_close = 1 dptr_num is 256, wcard = *, attr = 22 dirpath= dontdescend=<> get_lanman2_dir_entry:readdir on dirptr 0x7fb62406f9f0 now at offset 0 dos_mode: test2/. dos_mode_from_sbuf returning rd dos_mode returning rd fetch_share_mode_unlocked: no share_mode record around (file not open) get_lanman2_dir_entry: found test2/. fname=. get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO get_lanman2_dir_entry:readdir on dirptr 0x7fb62406f9f0 now at offset 2147483648 dos_mode: test2/.. dos_mode_from_sbuf returning d dos_mode returning d parse_share_modes: delete_on_close: 0, owrt: Tue Feb 23 08:59:59 2010 CET, cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num_share_modes: 2 parse_share_modes: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x1, access_mask = 0x100081, mid = 0x0, type= 0x0, gen_id = 8, uid = 123, flags = 0, file_id 802:45c001:0 parse_share_modes: share_mode_entry[1]: UNUSED pid = 12841, share_access = 0x3, private_options = 0x200000, access_mask = 0x20089, mid = 0x0, type= 0x40, gen_id = 39, uid = 123, flags = 0, file_id 802:45c001:0 get_lanman2_dir_entry: found test2/.. fname=.. get_lanman2_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO get_lanman2_dir_entry:readdir on dirptr 0x7fb62406f9f0 now at offset -1 call_trans2findfirst - (2) closing dptr_num 256 closing dptr key 256 t2_rep: params_sent_thistime = 10, data_sent_thistime = 196, useable_space = 131010 t2_rep: params_to_send = 10, data_to_send = 196, paramsize = 10, datasize = 196 size=264 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=10882 smt_wct=10 smb_vwv[ 0]= 10 (0xA) smb_vwv[ 1]= 196 (0xC4) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 10 (0xA) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 196 (0xC4) smb_vwv[ 7]= 68 (0x44) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=209 [0000] 00 FD FF 02 00 01 00 00 00 60 00 00 00 60 00 00 ........ .`...`.. [0010] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... [0020] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0030] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ [0040] 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 2E 00 64 00 00 ........ .....d.. [0070] 00 00 00 00 00 80 69 DD 31 5E B4 CA 01 00 BD 9B ......i. 1^...... [0080] 2B 5F B4 CA 01 80 69 DD 31 5E B4 CA 01 80 69 DD +_....i. 1^....i. [0090] 31 5E B4 CA 01 00 00 00 00 00 00 00 00 00 00 00 1^...... ........ [00A0] 00 00 00 00 00 10 00 00 00 04 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 2E 00 2E 00 00 ........ ........ [00D0] 00 . SMBtrans2 mask=* directory=test2 dirtype=22 numentries=2 hash2_name_to_8_3: * -> 0A877AA5 -> _2X68P~X (cache=1) got smb length of 100 got message type 0x0 of len 0x64 Transaction 171 of length 104 (0 toread) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=10946 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [0010] 00 . switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) vfs_ChDir to /tmp reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc nt_open_pipe: Opening pipe \lsarpc. allocated file structure 16048, fnum = 20144 (2 used) Create pipe requested \lsarpc init_pipe_handles: created handle list for pipe \lsarpc init_pipe_handles: pipe_handles ref count = 1 for pipe \lsarpc push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \lsarpc (pipes_open=0) do_ntcreate_pipe_open: open pipe = \lsarpc got smb length of 156 got message type 0x0 of len 0x9c Transaction 172 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11010 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20144 (0x4EB0) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E .j(.9... .....O.. [0040] F5 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "lsarpc" (pnum 4eb0) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 3919286a 0014 data : b10c 0016 data : 11d0 0018 data : 9b a8 001a data : 00 c0 4f d9 2e f5 0020 version: 00000000 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\dssetup -> \PIPE\dssetup api_pipe_bind_req: make response. 1628 check_bind_req for \lsarpc checking lsarpc checking winreg checking initshutdown checking dssetup 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000e 000a str: \PIPE\dssetup. 000018 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \lsarpc len: 1024 read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11010 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0E 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 64 73 73 65 74 75 70 00 01 00 00 00 00 00 00 \dssetup ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 110 got message type 0x0 of len 0x6e Transaction 173 of length 114 (0 toread) size=110 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11074 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 26 (0x1A) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 26 (0x1A) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20144 (0x4EB0) smb_bcc=43 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 1A 00 00 00 01 00 00 ........ ........ [0020] 00 02 00 00 00 00 00 00 00 01 00 ........ ... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=26 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "lsarpc" (pnum 4eb0) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 26 write_to_pipe: data_left = 26 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 10 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 001a 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 10 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000002 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\lsarpc api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION api_rpc_cmds[0].fn == 0x7fb6238ceff0 dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation in: struct dssetup_DsRoleGetPrimaryDomainInformation level : DS_ROLE_BASIC_INFORMATION (1) fill_dsrole_dominfo_basic: enter dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation out: struct dssetup_DsRoleGetPrimaryDomainInformation info : * info : union dssetup_DsRoleInfo(case 1) basic: struct dssetup_DsRolePrimaryDomInfoBasic role : DS_ROLE_STANDALONE_SERVER (2) flags : 0x00000000 (0) 0: DS_ROLE_PRIMARY_DS_RUNNING 0: DS_ROLE_PRIMARY_DS_MIXED_MODE 0: DS_ROLE_UPGRADE_IN_PROGRESS 0: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT domain : * domain : 'TESTPC' dns_domain : NULL forest : NULL domain_guid : 00000000-0000-0000-0000-000000000000 result : WERR_OK api_rpcTNP: called \lsarpc successfully free_pipe_context: destroying talloc pool of size 48 write_to_pipe: data_used = 10 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408ae80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408ae80 name: \lsarpc len: 1024 read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000004c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..100] (align 0) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11074 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [0000] 00 05 00 02 03 10 00 00 00 64 00 00 00 01 00 00 ........ .d...... [0010] 00 4C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .L...... ........ [0020] 00 02 00 00 00 00 00 00 00 04 00 02 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0050] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... [0060] 00 00 00 00 00 ..... got smb length of 41 got message type 0x0 of len 0x29 Transaction 174 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=11138 smt_wct=3 smb_vwv[ 0]=20144 (0x4EB0) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20144 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \lsarpc freed files structure 20144 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=11138 smt_wct=0 smb_bcc=0 got smb length of 98 got message type 0x0 of len 0x62 Transaction 175 of length 102 (0 toread) size=98 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=11202 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3072 (0xC00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=32768 (0x8000) smb_vwv[ 8]= 512 (0x200) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]= 0 (0x0) smb_vwv[20]= 8192 (0x2000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 0 (0x0) smb_bcc=15 [0000] 00 5C 00 74 00 65 00 73 00 74 00 32 00 00 00 .\.t.e.s .t.2... switch message SMBntcreateX (pid 12841) conn 0x7fb624079b30 setting sec ctx (123, 123) - sec_ctx_stack_ndx = 0 NT user token of user S-1-5-21-783145419-1966905550-2589541370-1001 contains 6 SIDs SID[ 0]: S-1-5-21-783145419-1966905550-2589541370-1001 SID[ 1]: S-1-22-2-123 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-123 SE_PRIV 0x0 0x0 0x0 0x0 UNIX token of user 123 Primary group is 123 and contains 1 supplementary groups Group[ 0]: 123 change_to_user uid=(0,123) gid=(0,123) vfs_ChDir to /testshare reply_ntcreate_and_X: flags = 0x10, access_mask = 0x20080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200000 root_dir_fid = 0x0, fname = test2 create_file: access_mask = 0x20080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = test2 unix_convert called on file "test2" stat_cache_lookup: lookup succeeded for name [TEST2] -> [test2] create_file_unixpath: access_mask = 0x20080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200000 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = test2 allocated file structure 16049, fnum = 20145 (2 used) unix_mode(test2) returning 0744 open_file_ntcreate: fname=test2, dos_attrs=0x0 access_mask=0x20080 share_access=0x7 create_disposition = 0x1 create_options=0x200000 unix mode=0744 oplock_request=0 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd open_file_ntcreate: fname=test2, after mapping access_mask=0x20080 Locking key 0208000000000000D748 Allocated locked data 0x0x7fb62408b050 delay_for_oplocks: oplock type 0x10 on file delay_for_oplocks: oplock type 0x10 on file calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20080, open_access_mask = 0x20080 posix_get_nt_acl: called for file test2 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 check_open_rights: file test2 requesting 0x20080 returning 0x20000 (NT_STATUS_OK) Unlocking key 0208000000000000D748 freed files structure 20145 (1 used) open_directory: opening directory test2, access_mask = 0x20080, share_access = 0x7 create_options = 0x200000, create_disposition = 0x1, file_attributes = 0x0 posix_get_nt_acl: called for file test2 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 check_open_rights: file test2 requesting 0x20080 returning 0x20000 (NT_STATUS_OK) allocated file structure 16050, fnum = 20146 (2 used) Locking key 0208000000000000D748 Allocated locked data 0x0x7fb624075760 unparse_share_modes: del: 0, owrt: Tue Feb 23 08:59:59 2010 CET cwrt: Thu Jan 1 01:00:00 1970 CET, tok: 0, num: 1 print_share_mode_table: share_mode_entry[0]: pid = 12841, share_access = 0x7, private_options = 0x200000, access_mask = 0x20080, mid = 0x0, type= 0x0, gen_id = 42, uid = 123, flags = 0, file_id 802:4648d7:0 Unlocking key 0208000000000000D748 create_file_unixpath: info=1 create_file: info=1 dos_mode: test2 dos_mode_from_sbuf returning rd dos_mode returning rd reply_ntcreate_and_X: fnum = 20146, open name = test2 got smb length of 84 got message type 0x0 of len 0x54 Transaction 176 of length 88 (0 toread) size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=11266 smt_wct=19 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2048 (0x800) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2048 (0x800) smb_vwv[10]= 0 (0x0) smb_vwv[11]=19456 (0x4C00) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 6 (0x6) smb_bcc=11 [0000] 00 00 00 B2 4E 00 00 04 00 00 00 ....N... ... switch message SMBnttrans (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user num_setup=0, param_total=8, this_param=8, max_param=4, data_total=0, this_data=0, max_data=0, param_offset=76, data_offset=0 call_nt_transact_query_security_desc: file = test2, info_wanted = 0x4 posix_fget_nt_acl: called for file test2 posix_get_nt_acl: called for file test2 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 call_nt_transact_query_security_desc: sd_size = 108. call_nt_transact_query_security_desc for file test2 psd: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x9004 (36868) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 1: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : NULL group_sid : NULL sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x0058 (88) num_aces : 0x00000003 (3) aces: ARRAY(3) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x00120089 (1179785) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-783145419-1966905550-2589541370-1000 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x001f01ff (2032127) object : union security_ace_object_ctr(case 0) trustee : S-1-22-2-123 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x00000000 (0) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 nt_rep: params_sent_thistime = 4, data_sent_thistime = 0, useable_space = 130994 nt_rep: params_to_send = 4, data_to_send = 0, paramsize = 4, datasize = 0 error packet at smbd/nttrans.c(226) cmd=160 (SMBnttrans) NT_STATUS_BUFFER_TOO_SMALL size=78 smb_com=0xa0 smb_rcls=35 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=11266 smt_wct=18 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=18944 (0x4A00) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_bcc=7 [0000] 00 00 00 6C 00 00 00 ...l... got smb length of 84 got message type 0x0 of len 0x54 Transaction 177 of length 88 (0 toread) size=84 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=11330 smt_wct=19 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 2048 (0x800) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=27648 (0x6C00) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 2048 (0x800) smb_vwv[10]= 0 (0x0) smb_vwv[11]=19456 (0x4C00) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_vwv[18]= 6 (0x6) smb_bcc=11 [0000] 00 00 00 B2 4E 00 00 04 00 00 00 ....N... ... switch message SMBnttrans (pid 12841) conn 0x7fb624079b30 change_to_user: Skipping user change - already user num_setup=0, param_total=8, this_param=8, max_param=4, data_total=0, this_data=0, max_data=108, param_offset=76, data_offset=0 call_nt_transact_query_security_desc: file = test2, info_wanted = 0x4 posix_fget_nt_acl: called for file test2 posix_get_nt_acl: called for file test2 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-783145419-1966905550-2589541370-1000 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms r-- canon_ace index 1. Type = allow SID = S-1-22-2-123 gid 123 (gruppetest) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089 map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 call_nt_transact_query_security_desc: sd_size = 108. call_nt_transact_query_security_desc for file test2 psd: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x9004 (36868) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 1: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : NULL group_sid : NULL sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x0058 (88) num_aces : 0x00000003 (3) aces: ARRAY(3) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x00120089 (1179785) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-783145419-1966905550-2589541370-1000 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x001f01ff (2032127) object : union security_ace_object_ctr(case 0) trustee : S-1-22-2-123 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x00000000 (0) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 nt_rep: params_sent_thistime = 4, data_sent_thistime = 108, useable_space = 130994 nt_rep: params_to_send = 4, data_to_send = 108, paramsize = 4, datasize = 108 size=186 smb_com=0xa0 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=1596 smb_uid=100 smb_mid=11330 smt_wct=18 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]=27648 (0x6C00) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=18944 (0x4A00) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=27648 (0x6C00) smb_vwv[12]= 0 (0x0) smb_vwv[13]=19968 (0x4E00) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 0 (0x0) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 0 (0x0) smb_bcc=115 [0000] 00 00 00 6C 00 00 00 01 00 04 90 00 00 00 00 00 ...l.... ........ [0010] 00 00 00 00 00 00 00 14 00 00 00 02 00 58 00 03 ........ .....X.. [0020] 00 00 00 00 00 24 00 89 00 12 00 01 05 00 00 00 .....$.. ........ [0030] 00 00 05 15 00 00 00 CB D9 AD 2E CE 98 3C 75 FA ........ ..... data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "lsarpc" (pnum 4eb3) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 12345778 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 89 ab 0020 version: 00000000 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc api_pipe_bind_req: make response. 1628 check_bind_req for \lsarpc checking lsarpc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\lsarpc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \lsarpc len: 1024 read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11587 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 192 got message type 0x0 of len 0xc0 Transaction 182 of length 196 (0 toread) size=192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11651 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 108 (0x6C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20147 (0x4EB3) smb_bcc=125 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 6C 00 00 00 01 00 00 ........ .l...... [0020] 00 54 00 00 00 00 00 2C 00 18 14 14 00 0F 00 00 .T....., ........ [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 18 00 00 00 00 00 00 .3.2.... ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 90 FA A9 ........ ........ [0070] 10 0C 00 00 00 02 00 01 00 00 08 00 00 ........ ..... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=108 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "lsarpc" (pnum 4eb3) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 108 write_to_pipe: data_left = 108 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 108 fill_rpc_header: data_to_copy = 108, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 92 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 92 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 92 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 92, incoming data = 92 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000054 0004 context_id: 0000 0006 opnum : 002c free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\lsarpc api_rpcTNP: \lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 api_rpc_cmds[44].fn == 0x7fb6238bebc8 lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : '\\10.225.5.232' attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x00000800 (2048) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 1: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION _lsa_OpenPolicy2: access GRANTED (requested: 0x00000800, granted: 0x00000800) Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-834b-a58c29320000 result : NT_STATUS_OK api_rpcTNP: called \lsarpc successfully free_pipe_context: destroying talloc pool of size 1084 write_to_pipe: data_used = 92 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af20 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af20 name: \lsarpc len: 1024 read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..48] (align 0) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11651 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0020] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 00 00 ......K. .)2..... [0030] 00 . got smb length of 156 got message type 0x0 of len 0x9c Transaction 183 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11714 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20148 (0x4EB4) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 02 00 00 ........ .H...... [0020] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 00 00 01 ......S. ........ [0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [0040] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "lsarpc" (pnum 4eb4) api_fd_reply: p:0x7fb624066a00 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000002 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 12345778 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 89 ab 0020 version: 00000000 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc api_pipe_bind_req: make response. 1628 check_bind_req for \lsarpc checking lsarpc 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\lsarpc. 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000002 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \lsarpc len: 1024 read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11714 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 02 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0D 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 6C 73 61 72 70 63 00 00 01 00 00 00 00 00 00 \lsarpc. ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 224 got message type 0x0 of len 0xe0 Transaction 184 of length 228 (0 toread) size=224 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11779 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 140 (0x8C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 140 (0x8C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20147 (0x4EB3) smb_bcc=157 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 8C 00 00 00 03 00 00 ........ ........ [0020] 00 74 00 00 00 00 00 39 00 00 00 00 00 01 00 00 .t.....9 ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 02 00 00 ......K. .)2..... [0040] 00 E8 0E F9 04 02 00 00 00 88 BF F7 04 50 95 15 ........ .....P.. [0050] 00 05 00 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ [0060] 00 CB D9 AD 2E CE 98 3C 75 FA 43 59 9A E8 03 00 .......< u.CY.... [0070] 00 02 00 00 00 01 02 00 00 00 00 00 16 02 00 00 ........ ........ [0080] 00 7B 00 00 00 00 00 00 00 00 00 00 00 01 00 00 .{...... ........ [0090] 00 00 00 00 00 00 00 00 00 02 00 00 00 ........ ..... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=140 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "lsarpc" (pnum 4eb3) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 140 write_to_pipe: data_left = 140 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 140 fill_rpc_header: data_to_copy = 140, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 124 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 124 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 008c 000a auth_len : 0000 000c call_id : 00000003 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 124 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 124, incoming data = 124 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000074 0004 context_id: 0000 0006 opnum : 0039 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\lsarpc api_rpcTNP: \lsarpc op 0x39 - api_rpcTNP: rpc command: LSA_LOOKUPSIDS2 api_rpc_cmds[57].fn == 0x7fb6238bce80 lsa_LookupSids2: struct lsa_LookupSids2 in: struct lsa_LookupSids2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-834b-a58c29320000 sids : * sids: struct lsa_SidArray num_sids : 0x00000002 (2) sids : * sids: ARRAY(2) sids: struct lsa_SidPtr sid : * sid : S-1-5-21-783145419-1966905550-2589541370-1000 sids: struct lsa_SidPtr sid : * sid : S-1-22-2-123 names : * names: struct lsa_TransNameArray2 count : 0x00000000 (0) names : NULL level : 0x0001 (1) count : * count : 0x00000000 (0) unknown1 : 0x00000000 (0) unknown2 : 0x00000002 (2) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. Accepting SID S-1-5-21-783145419-1966905550-2589541370 in level 1 Accepting SID S-1-22-2 in level 1 lookup_rids called for domain sid 'S-1-5-21-783145419-1966905550-2589541370' push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups lookup_global_sam_rid: looking up RID 1000. push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_set_username: setting username root, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\root\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 push_conn_ctx(100) : conn_ctx_stack_ndx = 2 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 lookup_rids: root:1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 lookup_rids called for domain sid 'S-1-22-2' num_sids 2, mapped_count 2, status NT_STATUS_OK lsa_LookupSids2: struct lsa_LookupSids2 out: struct lsa_LookupSids2 domains : * domains : * domains: struct lsa_RefDomainList count : 0x00000002 (2) domains : * domains: ARRAY(2) domains: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : * string : 'TESTPC' sid : * sid : S-1-5-21-783145419-1966905550-2589541370 domains: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : * string : 'Unix Group' sid : * sid : S-1-22-2 max_size : 0x00000020 (32) names : * names: struct lsa_TransNameArray2 count : 0x00000002 (2) names : * names: ARRAY(2) names: struct lsa_TranslatedName2 sid_type : SID_NAME_USER (1) name: struct lsa_String length : 0x7075 (28789) size : 0x0000 (0) string : * string : 'root' sid_index : 0x00000000 (0) unknown : 0x00000000 (0) names: struct lsa_TranslatedName2 sid_type : SID_NAME_DOM_GRP (2) name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : 'gruppetest' sid_index : 0x00000001 (1) unknown : 0x00000000 (0) count : * count : 0x00000002 (2) result : NT_STATUS_OK api_rpcTNP: called \lsarpc successfully free_pipe_context: destroying talloc pool of size 3450 write_to_pipe: data_used = 124 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af60 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af60 name: \lsarpc len: 1024 read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 256. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0118 000a auth_len : 0000 000c call_id : 00000003 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000100 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..280] (align 0) size=336 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11779 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 280 (0x118) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 280 (0x118) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=281 [0000] 00 05 00 02 03 10 00 00 00 18 01 00 00 03 00 00 ........ ........ [0010] 00 00 01 00 00 00 00 00 00 00 00 02 00 02 00 00 ........ ........ [0020] 00 04 00 02 00 20 00 00 00 02 00 00 00 0C 00 0E ..... .. ........ [0030] 00 08 00 02 00 0C 00 02 00 14 00 16 00 10 00 02 ........ ........ [0040] 00 14 00 02 00 07 00 00 00 00 00 00 00 06 00 00 ........ ........ [0050] 00 54 00 45 00 53 00 54 00 50 00 43 00 04 00 00 .T.E.S.T .P.C.... [0060] 00 01 04 00 00 00 00 00 05 15 00 00 00 CB D9 AD ........ ........ [0070] 2E CE 98 3C 75 FA 43 59 9A 0B 00 00 00 00 00 00 ... data=108 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "lsarpc" (pnum 4eb4) api_fd_reply: p:0x7fb624066a00 max_trans_reply: 1024 np_write_send: len: 108 write_to_pipe: data_left = 108 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 108 fill_rpc_header: data_to_copy = 108, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 92 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 92 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 00000002 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 92 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 92, incoming data = 92 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000054 0004 context_id: 0000 0006 opnum : 002c free_pipe_context: destroying talloc pool of size 80 Requested \PIPE\\lsarpc api_rpcTNP: \lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 api_rpc_cmds[44].fn == 0x7fb6238bebc8 lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : '\\10.225.5.232' attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x00000001 (1) 1: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION _lsa_OpenPolicy2: access GRANTED (requested: 0x00000001, granted: 0x00000001) Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-834b-a58c29320000 result : NT_STATUS_OK api_rpcTNP: called \lsarpc successfully free_pipe_context: destroying talloc pool of size 1084 write_to_pipe: data_used = 92 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af20 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af20 name: \lsarpc len: 1024 read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..48] (align 0) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11842 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [0020] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 00 00 ......K. .)2..... [0030] 00 . got smb length of 156 got message type 0x0 of len 0x9c Transaction 186 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11907 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20147 (0x4EB3) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0E 03 10 00 00 00 48 00 00 00 04 00 00 ........ .H...... [0020] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 01 ......S. ........ [0030] 00 6A 28 19 39 0C B1 D0 11 9B A8 00 C0 4F D9 2E .j(.9... .....O.. [0040] F5 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "lsarpc" (pnum 4eb3) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0e 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000004 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 14, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 14 api_pipe_alter_context: decode request. 1840 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 0008 num_contexts: 01 000c context_id : 0001 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 3919286a 0014 data : b10c 0016 data : 11d0 0018 data : 9b a8 001a data : 00 c0 4f d9 2e f5 0020 version: 00000000 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_alter_context: make response. 1854 check_bind_req for \lsarpc checking lsarpc checking winreg checking initshutdown checking dssetup 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 0001 000a str: . 00000b smb_io_rpc_results 000c num_results: 01 0010 result : 0000 0012 reason : 0000 000014 smb_io_rpc_iface 000014 smb_io_uuid uuid 0014 data : 8a885d04 0018 data : 1ceb 001a data : 11c9 001c data : 9f e8 001e data : 08 00 2b 10 48 60 0024 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0f 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0038 000a auth_len : 0000 000c call_id : 00000004 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \lsarpc len: 1024 read_from_pipe: \lsarpc: current_pdu_len = 56, current_pdu_sent = 0 returning 56 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..56] (align 0) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11907 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [0000] 00 05 00 0F 03 10 00 00 00 38 00 00 00 04 00 00 ........ .8...... [0010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 01 00 00 ......S. ........ [0020] 00 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0030] 00 2B 10 48 60 02 00 00 00 .+.H`... . got smb length of 130 got message type 0x0 of len 0x82 Transaction 187 of length 134 (0 toread) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11970 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20148 (0x4EB4) smb_bcc=63 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 05 00 00 ........ ........ [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 02 00 00 ........ ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 05 00 ......K. .)2.... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=46 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "lsarpc" (pnum 4eb4) api_fd_reply: p:0x7fb624066a00 max_trans_reply: 1024 np_write_send: len: 46 write_to_pipe: data_left = 46 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 30 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002e 000a auth_len : 0000 000c call_id : 00000005 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 30 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000016 0004 context_id: 0000 0006 opnum : 0007 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\lsarpc api_rpcTNP: \lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY api_rpc_cmds[7].fn == 0x7fb6238c3ec0 lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-834b-a58c29320000 level : LSA_POLICY_INFO_ACCOUNT_DOMAIN (5) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 5) account_domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : * string : 'TESTPC' sid : * sid : S-1-5-21-783145419-1966905550-2589541370 result : NT_STATUS_OK api_rpcTNP: called \lsarpc successfully free_pipe_context: destroying talloc pool of size 72 write_to_pipe: data_used = 30 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 name: \lsarpc len: 1024 read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000005 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000004c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..100] (align 0) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=11970 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [0000] 00 05 00 02 03 10 00 00 00 64 00 00 00 05 00 00 ........ .d...... [0010] 00 4C 00 00 00 00 00 00 00 00 00 02 00 05 00 00 .L...... ........ [0020] 00 0C 00 0E 00 04 00 02 00 08 00 02 00 07 00 00 ........ ........ [0030] 00 00 00 00 00 06 00 00 00 54 00 45 00 53 00 54 ........ .T.E.S.T [0040] 00 50 00 43 00 04 00 00 00 01 04 00 00 00 00 00 .P.C.... ........ [0050] 05 15 00 00 00 CB D9 AD 2E CE 98 3C 75 FA 43 59 ........ ... data=26 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "lsarpc" (pnum 4eb3) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 26 write_to_pipe: data_left = 26 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 26 fill_rpc_header: data_to_copy = 26, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 10 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 10 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 001a 000a auth_len : 0000 000c call_id : 00000004 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 10 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 10, incoming data = 10 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000002 0004 context_id: 0001 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 52 Requested \PIPE\\lsarpc api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION api_rpc_cmds[0].fn == 0x7fb6238ceff0 dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation in: struct dssetup_DsRoleGetPrimaryDomainInformation level : DS_ROLE_BASIC_INFORMATION (1) fill_dsrole_dominfo_basic: enter dssetup_DsRoleGetPrimaryDomainInformation: struct dssetup_DsRoleGetPrimaryDomainInformation out: struct dssetup_DsRoleGetPrimaryDomainInformation info : * info : union dssetup_DsRoleInfo(case 1) basic: struct dssetup_DsRolePrimaryDomInfoBasic role : DS_ROLE_STANDALONE_SERVER (2) flags : 0x00000000 (0) 0: DS_ROLE_PRIMARY_DS_RUNNING 0: DS_ROLE_PRIMARY_DS_MIXED_MODE 0: DS_ROLE_UPGRADE_IN_PROGRESS 0: DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT domain : * domain : 'TESTPC' dns_domain : NULL forest : NULL domain_guid : 00000000-0000-0000-0000-000000000000 result : WERR_OK api_rpcTNP: called \lsarpc successfully free_pipe_context: destroying talloc pool of size 48 write_to_pipe: data_used = 10 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408ae80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408ae80 name: \lsarpc len: 1024 read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 76. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000004 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000004c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624066bb0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624066bb0 copy_trans_params_and_data: params[0..0] data[0..100] (align 0) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12035 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 100 (0x64) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 100 (0x64) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=101 [0000] 00 05 00 02 03 10 00 00 00 64 00 00 00 04 00 00 ........ .d...... [0010] 00 4C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 .L...... ........ [0020] 00 02 00 00 00 00 00 00 00 04 00 02 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0050] 00 54 00 45 00 53 00 54 00 50 00 43 00 00 00 00 .T.E.S.T .P.C.... [0060] 00 00 00 00 00 ..... got smb length of 128 got message type 0x0 of len 0x80 Transaction 189 of length 132 (0 toread) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12098 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20148 (0x4EB4) smb_bcc=61 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 06 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 ......K. .)2.. switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=44 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "lsarpc" (pnum 4eb4) api_fd_reply: p:0x7fb624066a00 max_trans_reply: 1024 np_write_send: len: 44 write_to_pipe: data_left = 44 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000006 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\lsarpc api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE api_rpc_cmds[0].fn == 0x7fb6238c4e50 lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-834b-a58c29320000 Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. Closed policy lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK api_rpcTNP: called \lsarpc successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 28 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 name: \lsarpc len: 1024 read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000006 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..48] (align 0) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12098 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 06 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . got smb length of 96 got message type 0x0 of len 0x60 Transaction 190 of length 100 (0 toread) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12163 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 5632 (0x1600) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 513 (0x201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 768 (0x300) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=13 [0000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... switch message SMBntcreateX (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = samr nt_open_pipe: Opening pipe \samr. allocated file structure 16053, fnum = 20149 (4 used) Create pipe requested \samr init_pipe_handles: pipe_handles ref count = 3 for pipe \samr push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_username: setting username Administrator, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name Administrator, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\administrator, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\administrator\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1001 from rid 1001 Created internal pipe \samr (pipes_open=0) do_ntcreate_pipe_open: open pipe = \samr got smb length of 156 got message type 0x0 of len 0x9c Transaction 191 of length 160 (0 toread) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12227 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20149 (0x4EB5) smb_bcc=89 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 0B 03 10 00 00 00 48 00 00 00 01 00 00 ........ .H...... [0020] 00 B8 10 B8 10 00 00 00 00 01 00 00 00 00 00 01 ........ ........ [0030] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [0040] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0050] 00 2B 10 48 60 02 00 00 00 .+.H`... . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=72 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 72 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 11, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 56 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 process_complete_pdu: processing packet type 11 api_pipe_bind_req: decode request. 1558 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 00000f smb_io_rpc_iface 000010 smb_io_uuid uuid 0010 data : 12345778 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 89 ac 0020 version: 00000001 000024 smb_io_rpc_iface 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 api_pipe_bind_req: \PIPE\samr -> \PIPE\samr api_pipe_bind_req: make response. 1628 check_bind_req for \samr checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon checking netdfs checking srvsvc checking spoolss checking eventlog checking samr 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 000008 smb_io_rpc_addr_str 0008 len: 000b 000a str: \PIPE\samr. 000015 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 000020 smb_io_rpc_iface 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 write_to_pipe: data_used = 56 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aed0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aed0 name: \samr len: 1024 read_from_pipe: \samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..68] (align 0) size=124 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12227 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 68 (0x44) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 68 (0x44) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=69 [0000] 00 05 00 0C 03 10 00 00 00 44 00 00 00 01 00 00 ........ .D...... [0010] 00 B8 10 B8 10 F0 53 00 00 0B 00 5C 50 49 50 45 ......S. ...\PIPE [0020] 5C 73 61 6D 72 00 00 00 00 01 00 00 00 00 00 00 \samr... ........ [0030] 00 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 ..]..... .....+.H [0040] 60 02 00 00 00 `.... got smb length of 164 got message type 0x0 of len 0xa4 Transaction 192 of length 168 (0 toread) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12291 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20149 (0x4EB5) smb_bcc=97 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 50 00 00 00 01 00 00 ........ .P...... [0020] 00 38 00 00 00 00 00 3E 00 48 3B 0C 00 0F 00 00 .8.....> .H;..... [0030] 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 31 00 30 ........ .\.\.1.0 [0040] 00 2E 00 32 00 32 00 35 00 2E 00 35 00 2E 00 32 ...2.2.5 ...5...2 [0050] 00 33 00 32 00 00 00 00 00 02 00 00 00 30 00 00 .3.2.... .....0.. [0060] 00 . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=80 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 80 write_to_pipe: data_left = 80 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 64 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0050 000a auth_len : 0000 000c call_id : 00000001 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 64 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000038 0004 context_id: 0000 0006 opnum : 003e free_pipe_context: destroying talloc pool of size 78 Requested \PIPE\\samr api_rpcTNP: \samr op 0x3e - api_rpcTNP: rpc command: SAMR_CONNECT4 api_rpc_cmds[62].fn == 0x7fb62393bec0 samr_Connect4: struct samr_Connect4 in: struct samr_Connect4 system_name : * system_name : '\\10.225.5.232' client_version : SAMR_CONNECT_W2K (2) access_mask : 0x00000030 (48) 0: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 1: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN _samr_Connect4: 3976 _samr_Connect4: access GRANTED (requested: 0x00000030, granted: 0x00000030) get_samr_info_by_sid: created new info for sid (NULL) get_samr_info_by_sid: created new info for NULL sid. Opened policy hnd[2] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. _samr_Connect4: 4007 samr_Connect4: struct samr_Connect4 out: struct samr_Connect4 connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-834b-a58c29320000 result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 784 write_to_pipe: data_used = 64 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000001 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 copy_trans_params_and_data: params[0..0] data[0..48] (align 0) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12291 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 01 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ [0020] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 00 00 ......K. .)2..... [0030] 00 . got smb length of 136 got message type 0x0 of len 0x88 Transaction 193 of length 140 (0 toread) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12355 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20149 (0x4EB5) smb_bcc=69 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 34 00 00 00 02 00 00 ........ .4...... [0020] 00 1C 00 00 00 00 00 06 00 00 00 00 00 03 00 00 ........ ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 00 00 ......K. .)2..... [0040] 00 00 20 00 00 .. .. switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=52 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 52 write_to_pipe: data_left = 52 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 36 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0034 000a auth_len : 0000 000c call_id : 00000002 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 36 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000001c 0004 context_id: 0000 0006 opnum : 0006 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\samr api_rpcTNP: \samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUMDOMAINS api_rpc_cmds[6].fn == 0x7fb623943fc0 samr_EnumDomains: struct samr_EnumDomains in: struct samr_EnumDomains connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-834b-a58c29320000 resume_handle : * resume_handle : 0x00000000 (0) buf_size : 0x00002000 (8192) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. _samr_EnumDomains: access check ((granted: 0x00000030; required: 0x00000010) samr_EnumDomains: struct samr_EnumDomains out: struct samr_EnumDomains resume_handle : * resume_handle : 0x00000000 (0) sam : * sam : * sam: struct samr_SamArray count : 0x00000002 (2) entries : * entries: ARRAY(2) entries: struct samr_SamEntry idx : 0x00000000 (0) name: struct lsa_String length : 0x000c (12) size : 0x000c (12) string : * string : 'TESTPC' entries: struct samr_SamEntry idx : 0x00000001 (1) name: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'Builtin' num_entries : * num_entries : 0x00000002 (2) result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 64 write_to_pipe: data_used = 36 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aeb0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aeb0 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 104. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0080 000a auth_len : 0000 000c call_id : 00000002 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000068 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624066bb0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624066bb0 copy_trans_params_and_data: params[0..0] data[0..128] (align 0) size=184 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12355 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 128 (0x80) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 128 (0x80) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=129 [0000] 00 05 00 02 03 10 00 00 00 80 00 00 00 02 00 00 ........ ........ [0010] 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 02 .h...... ........ [0020] 00 02 00 00 00 04 00 02 00 02 00 00 00 00 00 00 ........ ........ [0030] 00 0C 00 0C 00 08 00 02 00 01 00 00 00 0E 00 0E ........ ........ [0040] 00 0C 00 02 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ [0050] 00 54 00 45 00 53 00 54 00 50 00 43 00 07 00 00 .T.E.S.T .P.C.... [0060] 00 00 00 00 00 07 00 00 00 42 00 75 00 69 00 6C ........ .B.u.i.l [0070] 00 74 00 69 00 6E 00 00 00 02 00 00 00 00 00 00 .t.i.n.. ........ [0080] 00 . got smb length of 160 got message type 0x0 of len 0xa0 Transaction 194 of length 164 (0 toread) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12419 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20149 (0x4EB5) smb_bcc=93 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 03 00 00 ........ .L...... [0020] 00 34 00 00 00 00 00 05 00 00 00 00 00 03 00 00 .4...... ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 0C 00 0C ......K. .)2..... [0040] 00 A8 AC F8 04 06 00 00 00 00 00 00 00 06 00 00 ........ ........ [0050] 00 54 00 45 00 53 00 54 00 50 00 43 00 .T.E.S.T .P.C. switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=76 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 76 write_to_pipe: data_left = 76 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000003 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000034 0004 context_id: 0000 0006 opnum : 0005 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\samr api_rpcTNP: \samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUPDOMAIN api_rpc_cmds[5].fn == 0x7fb623944260 samr_LookupDomain: struct samr_LookupDomain in: struct samr_LookupDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-834b-a58c29320000 domain_name : * domain_name: struct lsa_String length : 0x000c (12) size : 0x000c (12) string : * string : 'TESTPC' Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. _samr_LookupDomain: access check ((granted: 0x00000030; required: 0x00000020) Returning domain sid for domain TESTPC -> S-1-5-21-783145419-1966905550-2589541370 samr_LookupDomain: struct samr_LookupDomain out: struct samr_LookupDomain sid : * sid : * sid : S-1-5-21-783145419-1966905550-2589541370 result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 68 write_to_pipe: data_used = 60 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 003c 000a auth_len : 0000 000c call_id : 00000003 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000024 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 copy_trans_params_and_data: params[0..0] data[0..60] (align 0) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12419 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [0000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 03 00 00 ........ .<...... [0010] 00 24 00 00 00 00 00 00 00 00 00 02 00 04 00 00 .$...... ........ [0020] 00 01 04 00 00 00 00 00 05 15 00 00 00 CB D9 AD ........ ........ [0030] 2E CE 98 3C 75 FA 43 59 9A 00 00 00 00 ... data=76 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 76 write_to_pipe: data_left = 76 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000004 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 60 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000034 0004 context_id: 0000 0006 opnum : 0007 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\samr api_rpcTNP: \samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPENDOMAIN api_rpc_cmds[7].fn == 0x7fb623943d68 samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-834b-a58c29320000 access_mask : 0x00000200 (512) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-21-783145419-1966905550-2589541370 Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. _samr_OpenDomain: access GRANTED (requested: 0x00000200, granted: 0x00000210) get_samr_info_by_sid: created new info for sid S-1-5-21-783145419-1966905550-2589541370 Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. _samr_OpenDomain: 662 samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-834b-a58c29320000 result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 784 write_to_pipe: data_used = 60 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aee0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aee0 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000004 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624066bb0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624066bb0 copy_trans_params_and_data: params[0..0] data[0..48] (align 0) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12483 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 04 00 00 ........ ........ [0020] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 00 00 ......K. .)2..... [0030] 00 . got smb length of 148 got message type 0x0 of len 0x94 Transaction 196 of length 152 (0 toread) size=148 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12547 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20149 (0x4EB5) smb_bcc=81 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 40 00 00 00 05 00 00 ........ .@...... [0020] 00 28 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .(...... ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 80 02 00 ......K. .)2..... [0040] 00 01 00 00 00 01 01 00 00 00 00 00 05 20 00 00 ........ ..... .. [0050] 00 . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=64 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 64 write_to_pipe: data_left = 64 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 64 fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 48 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 48 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0040 000a auth_len : 0000 000c call_id : 00000005 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 48 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 48, incoming data = 48 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000028 0004 context_id: 0000 0006 opnum : 0007 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\samr api_rpcTNP: \samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPENDOMAIN api_rpc_cmds[7].fn == 0x7fb623943d68 samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-834b-a58c29320000 access_mask : 0x00000280 (640) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 1: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-32 Found policy hnd[1] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. _samr_OpenDomain: access GRANTED (requested: 0x00000280, granted: 0x00000290) get_samr_info_by_sid: created new info for sid S-1-5-32 Opened policy hnd[4] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. _samr_OpenDomain: 662 samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-834b-a58c29320000 result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 784 write_to_pipe: data_used = 48 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aec0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aec0 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000005 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 copy_trans_params_and_data: params[0..0] data[0..48] (align 0) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12547 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ........ ........ [0020] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 00 00 ......K. .)2..... [0030] 00 . got smb length of 172 got message type 0x0 of len 0xac Transaction 197 of length 176 (0 toread) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12611 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20149 (0x4EB5) smb_bcc=105 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 58 00 00 00 06 00 00 ........ .X...... [0020] 00 40 00 00 00 00 00 11 00 00 00 00 00 04 00 00 .@...... ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 01 00 00 ......K. .)2..... [0040] 00 E8 03 00 00 00 00 00 00 01 00 00 00 08 00 0A ........ ........ [0050] 00 CC FC A9 10 05 00 00 00 00 00 00 00 04 00 00 ........ ........ [0060] 00 72 00 6F 00 6F 00 74 00 .r.o.o.t . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=88 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 88 write_to_pipe: data_left = 88 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0058 000a auth_len : 0000 000c call_id : 00000006 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 72 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 72, incoming data = 72 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000040 0004 context_id: 0000 0006 opnum : 0011 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\samr api_rpcTNP: \samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUPNAMES api_rpc_cmds[17].fn == 0x7fb623942488 samr_LookupNames: struct samr_LookupNames in: struct samr_LookupNames domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-834b-a58c29320000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x0008 (8) size : 0x0008 (8) string : * string : 'root' _samr_LookupNames: 1816 Found policy hnd[1] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. _samr_LookupNames: access check ((granted: 0x00000210; required: 0000000000) _samr_LookupNames: looking name on SID S-1-5-21-783145419-1966905550-2589541370 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pdb_set_username: setting username root, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\root\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Finding user root Trying _Get_Pwnam(), username as lowercase is root Get_Pwnam_internals did find user [root]! push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_username: setting username root, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\root\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 _samr_LookupNames: 1883 samr_LookupNames: struct samr_LookupNames out: struct samr_LookupNames rids : * rids: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x000003e8 (1000) types : * types: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000001 (1) result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 8 write_to_pipe: data_used = 72 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aef0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aef0 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 003c 000a auth_len : 0000 000c call_id : 00000006 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000024 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624066bb0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624066bb0 copy_trans_params_and_data: params[0..0] data[0..60] (align 0) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12611 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [0000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 06 00 00 ........ .<...... [0010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ [0020] 00 01 00 00 00 E8 03 00 00 01 00 00 00 04 00 02 ........ ........ [0030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... got smb length of 136 got message type 0x0 of len 0x88 Transaction 198 of length 140 (0 toread) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12675 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20149 (0x4EB5) smb_bcc=69 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 34 00 00 00 07 00 00 ........ .4...... [0020] 00 1C 00 00 00 00 00 22 00 00 00 00 00 04 00 00 ......." ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 1B 01 02 ......K. .)2..... [0040] 00 E8 03 00 00 ..... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=52 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 52 write_to_pipe: data_left = 52 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 36 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0034 000a auth_len : 0000 000c call_id : 00000007 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 36 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000001c 0004 context_id: 0000 0006 opnum : 0022 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\samr api_rpcTNP: \samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPENUSER api_rpc_cmds[34].fn == 0x7fb62393fec0 samr_OpenUser: struct samr_OpenUser in: struct samr_OpenUser domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-834b-a58c29320000 access_mask : 0x0002011b (131355) 1: SAMR_USER_ACCESS_GET_NAME_ETC 1: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 1: SAMR_USER_ACCESS_GET_LOGONINFO 1: SAMR_USER_ACCESS_GET_ATTRIBUTES 0: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 0: SAMR_USER_ACCESS_SET_PASSWORD 1: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP rid : 0x000003e8 (1000) Found policy hnd[1] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. _samr_OpenUser: access check ((granted: 0x00000210; required: 0x00000200) push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 Finding user root Trying _Get_Pwnam(), username as lowercase is root Get_Pwnam_internals did find user [root]! push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_username: setting username root, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\root\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 _samr_OpenUser: access GRANTED (requested: 0x0002011b, granted: 0x000f05ff) get_samr_info_by_sid: created new info for sid S-1-5-21-783145419-1966905550-2589541370-1000 Opened policy hnd[5] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. samr_OpenUser: struct samr_OpenUser out: struct samr_OpenUser user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-834b-a58c29320000 result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 1016 write_to_pipe: data_used = 36 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aeb0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aeb0 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000007 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 copy_trans_params_and_data: params[0..0] data[0..48] (align 0) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12675 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 06 00 00 ........ ........ [0020] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 00 00 00 ......K. .)2..... [0030] 00 . got smb length of 130 got message type 0x0 of len 0x82 Transaction 199 of length 134 (0 toread) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12739 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20149 (0x4EB5) smb_bcc=63 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 08 00 00 ........ ........ [0020] 00 16 00 00 00 00 00 24 00 00 00 00 00 06 00 00 .......$ ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 15 00 ......K. .)2.... switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=46 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 46 write_to_pipe: data_left = 46 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 30 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002e 000a auth_len : 0000 000c call_id : 00000008 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 30 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000016 0004 context_id: 0000 0006 opnum : 0024 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\samr api_rpcTNP: \samr op 0x24 - api_rpcTNP: rpc command: SAMR_QUERYUSERINFO api_rpc_cmds[36].fn == 0x7fb62393fa38 samr_QueryUserInfo: struct samr_QueryUserInfo in: struct samr_QueryUserInfo user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-834b-a58c29320000 level : 0x0015 (21) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. _samr_QueryUserInfo: access check ((granted: 0x000f05ff; required: 0x00000010) _samr_QueryUserInfo: sid:S-1-5-21-783145419-1966905550-2589541370-1000 _samr_QueryUserInfo: user info level: 21 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_username: setting username root, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\root\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 User:[root] push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Finding user root Trying _Get_Pwnam(), username as lowercase is root Get_Pwnam_internals did find user [root]! pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: minimum password age, val: 0 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 _samr_QueryUserInfo: 3232 samr_QueryUserInfo: struct samr_QueryUserInfo out: struct samr_QueryUserInfo info : * info : * info : union samr_UserInfo(case 21) info21: struct samr_UserInfo21 last_logon : NTTIME(0) last_logoff : Thu Jan 1 01:00:00 1970 CET last_password_change : Wed Feb 17 16:00:32 2010 CET acct_expiry : Thu Jan 1 01:00:00 1970 CET allow_password_change : Wed Feb 17 16:00:32 2010 CET force_password_change : Thu Jan 1 01:00:00 1970 CET account_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : 'root' full_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : 'root' home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '\\testpc\root' home_drive: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '\\testpc\root\profile' description: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' workstations: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' comment: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '' parameters: struct lsa_BinaryString length : 0x0000 (0) size : 0x0000 (0) array : * array: ARRAY(0) lm_owf_password: struct lsa_BinaryString length : 0x0000 (0) size : 0x0000 (0) array : NULL nt_owf_password: struct lsa_BinaryString length : 0x0000 (0) size : 0x0000 (0) array : NULL unknown3: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL buf_count : 0x00000000 (0) buffer : NULL rid : 0x000003e8 (1000) primary_gid : 0x00000201 (513) acct_flags : 0x00000010 (16) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_NO_AUTH_DATA_REQD fields_present : 0x00ffffff (16777215) 1: SAMR_FIELD_ACCOUNT_NAME 1: SAMR_FIELD_FULL_NAME 1: SAMR_FIELD_RID 1: SAMR_FIELD_PRIMARY_GID 1: SAMR_FIELD_DESCRIPTION 1: SAMR_FIELD_COMMENT 1: SAMR_FIELD_HOME_DIRECTORY 1: SAMR_FIELD_HOME_DRIVE 1: SAMR_FIELD_LOGON_SCRIPT 1: SAMR_FIELD_PROFILE_PATH 1: SAMR_FIELD_WORKSTATIONS 1: SAMR_FIELD_LAST_LOGON 1: SAMR_FIELD_LAST_LOGOFF 1: SAMR_FIELD_LOGON_HOURS 1: SAMR_FIELD_BAD_PWD_COUNT 1: SAMR_FIELD_NUM_LOGONS 1: SAMR_FIELD_ALLOW_PWD_CHANGE 1: SAMR_FIELD_FORCE_PWD_CHANGE 1: SAMR_FIELD_LAST_PWD_CHANGE 1: SAMR_FIELD_ACCT_EXPIRY 1: SAMR_FIELD_ACCT_FLAGS 1: SAMR_FIELD_PARAMETERS 1: SAMR_FIELD_COUNTRY_CODE 1: SAMR_FIELD_CODE_PAGE 0: SAMR_FIELD_NT_PASSWORD_PRESENT 0: SAMR_FIELD_LM_PASSWORD_PRESENT 0: SAMR_FIELD_PRIVATE_DATA 0: SAMR_FIELD_EXPIRED_FLAG 0: SAMR_FIELD_SEC_DESC 0: SAMR_FIELD_OWF_PWD logon_hours: struct samr_LogonHours units_per_week : 0x00a8 (168) bits : * bits : ffffffffffffffffffffffffffffffffffffffffff bad_password_count : 0x0000 (0) logon_count : 0x0000 (0) country_code : 0x0000 (0) code_page : 0x0000 (0) lm_password_set : 0x00 (0) nt_password_set : 0x00 (0) password_expired : 0x00 (0) unknown4 : 0x00 (0) result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 1091 write_to_pipe: data_used = 30 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 452. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 01dc 000a auth_len : 0000 000c call_id : 00000008 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 000001c4 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 copy_trans_params_and_data: params[0..0] data[0..476] (align 0) size=532 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12739 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 476 (0x1DC) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 476 (0x1DC) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=477 [0000] 00 05 00 02 03 10 00 00 00 DC 01 00 00 08 00 00 ........ ........ [0010] 00 C4 01 00 00 00 00 00 00 00 00 02 00 15 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 80 E9 A5 D4 DE B1 9D ........ ........ [0030] 01 00 28 6D F3 E1 AF CA 01 80 E9 A5 D4 DE B1 9D ..(m.... ........ [0040] 01 00 28 6D F3 E1 AF CA 01 7F 96 98 00 C0 B4 B3 ..(m.... ........ [0050] FF 08 00 08 00 04 00 02 00 08 00 08 00 08 00 02 ........ ........ [0060] 00 1A 00 1A 00 0C 00 02 00 00 00 00 00 10 00 02 ........ ........ [0070] 00 00 00 00 00 14 00 02 00 2A 00 2A 00 18 00 02 ........ .*.*.... [0080] 00 00 00 00 00 1C 00 02 00 00 00 00 00 20 00 02 ........ ..... .. [0090] 00 00 00 00 00 24 00 02 00 00 00 00 00 28 00 02 .....$.. .....(.. [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 E8 03 00 00 01 02 00 00 10 00 00 00 FF FF FF ........ ........ [00D0] 00 A8 00 00 00 2C 00 02 00 00 00 00 00 00 00 00 .....,.. ........ [00E0] 00 00 00 00 00 04 00 00 00 00 00 00 00 04 00 00 ........ ........ [00F0] 00 72 00 6F 00 6F 00 74 00 04 00 00 00 00 00 00 .r.o.o.t ........ [0100] 00 04 00 00 00 72 00 6F 00 6F 00 74 00 0D 00 00 .....r.o .o.t.... [0110] 00 00 00 00 00 0D 00 00 00 5C 00 5C 00 74 00 65 ........ .\.\.t.e [0120] 00 73 00 74 00 70 00 63 00 5C 00 72 00 6F 00 6F .s.t.p.c .\.r.o.o [0130] 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .t...... ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 15 00 00 ........ ........ [0150] 00 00 00 00 00 15 00 00 00 5C 00 5C 00 74 00 65 ........ .\.\.t.e [0160] 00 73 00 74 00 70 00 63 00 5C 00 72 00 6F 00 6F .s.t.p.c .\.r.o.o [0170] 00 74 00 5C 00 70 00 72 00 6F 00 66 00 69 00 6C .t.\.p.r .o.f.i.l [0180] 00 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .e...... ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 EC 04 00 00 00 00 00 00 15 00 00 ........ ........ [01C0] 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ........ ........ [01D0] FF FF FF FF FF FF 00 00 00 00 00 00 00 ........ ..... got smb length of 132 got message type 0x0 of len 0x84 Transaction 200 of length 136 (0 toread) size=132 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12803 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 48 (0x30) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20149 (0x4EB5) smb_bcc=65 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... [0020] 00 18 00 00 00 00 00 03 00 00 00 00 00 06 00 00 ........ ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 04 00 00 ......K. .)2..... [0040] 00 . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=48 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 48 write_to_pipe: data_left = 48 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 48 fill_rpc_header: data_to_copy = 48, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 32 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 32 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000009 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 32 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 32, incoming data = 32 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000018 0004 context_id: 0000 0006 opnum : 0003 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\samr api_rpcTNP: \samr op 0x3 - api_rpcTNP: rpc command: SAMR_QUERYSECURITY api_rpc_cmds[3].fn == 0x7fb6239446c8 samr_QuerySecurity: struct samr_QuerySecurity in: struct samr_QuerySecurity handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-834b-a58c29320000 sec_info : 0x00000004 (4) 0: SECINFO_OWNER 0: SECINFO_GROUP 1: SECINFO_DACL 0: SECINFO_SACL 0: SECINFO_UNPROTECTED_SACL 0: SECINFO_UNPROTECTED_DACL 0: SECINFO_PROTECTED_SACL 0: SECINFO_PROTECTED_DACL Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. _samr_QuerySecurity: querying security on SID: S-1-5-21-783145419-1966905550-2589541370-1000 _samr_QuerySecurity: access check ((granted: 0x000f05ff; required: 0x00020000) _samr_QuerySecurity: querying security on Object with SID: S-1-5-21-783145419-1966905550-2589541370-1000 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_username: setting username root, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\root\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 User:[root] samr_QuerySecurity: struct samr_QuerySecurity out: struct samr_QuerySecurity sdbuf : * sdbuf : * sdbuf: struct sec_desc_buf sd_size : 0x00000084 (132) sd : * sd: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : NULL group_sid : NULL sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x0070 (112) num_aces : 0x00000004 (4) aces: ARRAY(4) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x0002035b (131931) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x000f07ff (985087) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x000f07ff (985087) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-548 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x00 (0) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x00020044 (131140) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-783145419-1966905550-2589541370-1000 result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 1560 write_to_pipe: data_used = 32 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 152. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00b0 000a auth_len : 0000 000c call_id : 00000009 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000098 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 copy_trans_params_and_data: params[0..0] data[0..176] (align 0) size=232 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12803 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 176 (0xB0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 176 (0xB0) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=177 [0000] 00 05 00 02 03 10 00 00 00 B0 00 00 00 09 00 00 ........ ........ [0010] 00 98 00 00 00 00 00 00 00 00 00 02 00 84 00 00 ........ ........ [0020] 00 04 00 02 00 84 00 00 00 01 00 04 80 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 70 ........ .......p [0040] 00 04 00 00 00 00 00 14 00 5B 03 02 00 01 01 00 ........ .[...... [0050] 00 00 00 00 01 00 00 00 00 00 00 18 00 FF 07 0F ........ ........ [0060] 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 ........ . ... .. [0070] 00 00 00 18 00 FF 07 0F 00 01 02 00 00 00 00 00 ........ ........ [0080] 05 20 00 00 00 24 02 00 00 00 00 24 00 44 00 02 . ...$.. ...$.D.. [0090] 00 01 05 00 00 00 00 00 05 15 00 00 00 CB D9 AD ........ ........ [00A0] 2E CE 98 3C 75 FA 43 59 9A E8 03 00 00 00 00 00 ... data=44 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 44 write_to_pipe: data_left = 44 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 0000000a unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0027 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\samr api_rpcTNP: \samr op 0x27 - api_rpcTNP: rpc command: SAMR_GETGROUPSFORUSER api_rpc_cmds[39].fn == 0x7fb62393f3c0 samr_GetGroupsForUser: struct samr_GetGroupsForUser in: struct samr_GetGroupsForUser user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-834b-a58c29320000 _samr_GetGroupsForUser: 3287 Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. _samr_GetGroupsForUser: access check ((granted: 0x000f05ff; required: 0x00000100) push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: maximum password age, val: -1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_username: setting username root, was pdb_set_domain: setting domain TESTPC, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: testpc pdb_set_homedir: setting home dir \\testpc\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: testpc pdb_set_profile_path: setting profile path \\testpc\root\profile, was pdb_set_workstations: setting workstations , was push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups account_policy_get: name: password history, val: 0 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pdb_set_user_sid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-783145419-1966905550-2589541370-1000 from rid 1000 pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups sys_getgrouplist: user [root] Cache entry with key = IDMAP/GID2SID/104 couldn't be found gid_to_sid: winbind failed to find a sid for gid 104 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(100) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 LEGACY: gid 104 -> sid S-1-22-2-104 Finding user root Trying _Get_Pwnam(), username as lowercase is root Get_Pwnam_internals did find user [root]! pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 Found sid S-1-22-2-0 not in our domain Found sid S-1-22-2-104 not in our domain _samr_GetGroupsForUser: 3381 samr_GetGroupsForUser: struct samr_GetGroupsForUser out: struct samr_GetGroupsForUser rids : * rids : * rids: struct samr_RidWithAttributeArray count : 0x00000001 (1) rids : * rids: ARRAY(1) rids: struct samr_RidWithAttribute rid : 0x00000201 (513) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 872 write_to_pipe: data_used = 28 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 28. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0034 000a auth_len : 0000 000c call_id : 0000000a 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000001c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624066bb0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624066bb0 copy_trans_params_and_data: params[0..0] data[0..52] (align 0) size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12867 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 52 (0x34) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=53 [0000] 00 05 00 02 03 10 00 00 00 34 00 00 00 0A 00 00 ........ .4...... [0010] 00 1C 00 00 00 00 00 00 00 00 00 02 00 01 00 00 ........ ........ [0020] 00 04 00 02 00 01 00 00 00 01 02 00 00 07 00 00 ........ ........ [0030] 00 00 00 00 00 ..... got smb length of 212 got message type 0x0 of len 0xd4 Transaction 202 of length 216 (0 toread) size=212 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12931 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 128 (0x80) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 128 (0x80) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20149 (0x4EB5) smb_bcc=145 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 80 00 00 00 0B 00 00 ........ ........ [0020] 00 68 00 00 00 00 00 10 00 00 00 00 00 05 00 00 .h...... ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 02 00 00 ......K. .)2..... [0040] 00 58 9A 0C 00 02 00 00 00 90 40 FD 04 C8 2C 0E .X...... ..@...,. [0050] 00 05 00 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ [0060] 00 CB D9 AD 2E CE 98 3C 75 FA 43 59 9A E8 03 00 .......< u.CY.... [0070] 00 05 00 00 00 01 05 00 00 00 00 00 05 15 00 00 ........ ........ [0080] 00 CB D9 AD 2E CE 98 3C 75 FA 43 59 9A 01 02 00 .......< u.CY.... [0090] 00 . switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=128 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 128 write_to_pipe: data_left = 128 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 128 fill_rpc_header: data_to_copy = 128, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 112 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 112 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0080 000a auth_len : 0000 000c call_id : 0000000b unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 112 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 112, incoming data = 112 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000068 0004 context_id: 0000 0006 opnum : 0010 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\samr api_rpcTNP: \samr op 0x10 - api_rpcTNP: rpc command: SAMR_GETALIASMEMBERSHIP api_rpc_cmds[16].fn == 0x7fb623942718 samr_GetAliasMembership: struct samr_GetAliasMembership in: struct samr_GetAliasMembership domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-834b-a58c29320000 sids : * sids: struct lsa_SidArray num_sids : 0x00000002 (2) sids : * sids: ARRAY(2) sids: struct lsa_SidPtr sid : * sid : S-1-5-21-783145419-1966905550-2589541370-1000 sids: struct lsa_SidPtr sid : * sid : S-1-5-21-783145419-1966905550-2589541370-513 _samr_GetAliasMembership: 5341 Found policy hnd[1] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. _samr_GetAliasMembership: access check ((granted: 0x00000290; required: 0x00000080) _samr_GetAliasMembership: access check ((granted: 0x00000290; required: 0x00000200) push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 samr_GetAliasMembership: struct samr_GetAliasMembership out: struct samr_GetAliasMembership rids : * rids: struct samr_Ids count : 0x00000000 (0) ids : * ids: ARRAY(0) result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 140 write_to_pipe: data_used = 112 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408af40 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408af40 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0028 000a auth_len : 0000 000c call_id : 0000000b 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000010 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624075ae0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624075ae0 copy_trans_params_and_data: params[0..0] data[0..40] (align 0) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12931 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [0000] 00 05 00 02 03 10 00 00 00 28 00 00 00 0B 00 00 ........ .(...... [0010] 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 02 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 ........ . got smb length of 128 got message type 0x0 of len 0x80 Transaction 203 of length 132 (0 toread) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12995 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20149 (0x4EB5) smb_bcc=61 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0C 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 06 00 00 ........ ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 ......K. .)2.. switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=44 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 44 write_to_pipe: data_left = 44 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 0000000c unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0001 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\samr api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE api_rpc_cmds[1].fn == 0x7fb623944b28 samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-834b-a58c29320000 Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. Closed policy free_samr_cache: deleting cache for SID S-1-5-21-783145419-1966905550-2589541370 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 28 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 0000000c 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624094420 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624094420 copy_trans_params_and_data: params[0..0] data[0..48] (align 0) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=12995 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0C 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . got smb length of 128 got message type 0x0 of len 0x80 Transaction 204 of length 132 (0 toread) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=13059 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20149 (0x4EB5) smb_bcc=61 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0D 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 04 00 00 ........ ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 ......K. .)2.. switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=44 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 44 write_to_pipe: data_left = 44 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 0000000d unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0001 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\samr api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE api_rpc_cmds[1].fn == 0x7fb623944b28 samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-834b-a58c29320000 Found policy hnd[1] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. Closed policy free_samr_cache: deleting cache for SID S-1-5-21-783145419-1966905550-2589541370 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 28 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 0000000d 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 copy_trans_params_and_data: params[0..0] data[0..48] (align 0) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=13059 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0D 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . got smb length of 128 got message type 0x0 of len 0x80 Transaction 205 of length 132 (0 toread) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=13123 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20149 (0x4EB5) smb_bcc=61 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0E 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 05 00 00 ........ ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 ......K. .)2.. switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=44 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 44 write_to_pipe: data_left = 44 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 0000000e unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0001 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\samr api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE api_rpc_cmds[1].fn == 0x7fb623944b28 samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-834b-a58c29320000 Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. Closed policy free_samr_cache: deleting cache for SID S-1-5-32 push_sec_ctx(123, 123) : sec_ctx_stack_ndx = 1 push_conn_ctx(100) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups pop_sec_ctx (123, 123) - sec_ctx_stack_ndx = 0 samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 28 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 0000000e 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624067c80 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624067c80 copy_trans_params_and_data: params[0..0] data[0..48] (align 0) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=13123 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0E 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . got smb length of 128 got message type 0x0 of len 0x80 Transaction 206 of length 132 (0 toread) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=13187 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20149 (0x4EB5) smb_bcc=61 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0F 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 03 00 00 ........ ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 ......K. .)2.. switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=44 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "samr" (pnum 4eb5) api_fd_reply: p:0x7fb62408cdf0 max_trans_reply: 1024 np_write_send: len: 44 write_to_pipe: data_left = 44 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 0000000f unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0001 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\samr api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE api_rpc_cmds[1].fn == 0x7fb623944b28 samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-834b-a58c29320000 Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. Closed policy samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK api_rpcTNP: called \samr successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 28 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 name: \samr len: 1024 read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 0000000f 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 copy_trans_params_and_data: params[0..0] data[0..48] (align 0) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=13187 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0F 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . got smb length of 41 got message type 0x0 of len 0x29 Transaction 207 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=13251 smt_wct=3 smb_vwv[ 0]=20149 (0x4EB5) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20149 (numopen=3) close_write_time: Sun Feb 7 07:28:15 2106 freed files structure 20149 (3 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=13251 smt_wct=0 smb_bcc=0 got smb length of 128 got message type 0x0 of len 0x80 Transaction 208 of length 132 (0 toread) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=13315 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=20147 (0x4EB3) smb_bcc=61 [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 07 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0030] 00 00 00 00 00 83 4B A5 8C 29 32 00 00 ......K. .)2.. switch message SMBtrans (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user trans <\PIPE\> data=44 params=0 setup=2 calling named_pipe named pipe command on <> name api_fd_reply Got API command 0x26 on pipe "lsarpc" (pnum 4eb3) api_fd_reply: p:0x7fb624073a50 max_trans_reply: 1024 np_write_send: len: 44 write_to_pipe: data_left = 44 process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 write_to_pipe: data_used = 16 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000007 unmarshall_rpc_header: using little-endian RPC unmarshall_rpc_header: type = 0, flags = 3 write_to_pipe: data_used = 0 write_to_pipe: data_left = 28 process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 process_complete_pdu: processing packet type 0 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0000 free_pipe_context: destroying talloc pool of size 0 Requested \PIPE\\lsarpc api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE api_rpc_cmds[0].fn == 0x7fb6238c4e50 lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-834b-a58c29320000 Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 83 4B A5 8C ........ .....K.. [0010] 29 32 00 00 )2.. Closed policy lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK api_rpcTNP: called \lsarpc successfully free_pipe_context: destroying talloc pool of size 0 write_to_pipe: data_used = 28 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb62408aea0 s3_event: Run immediate event "tevent_req_trigger": 0x7fb62408aea0 name: \lsarpc len: 1024 read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000007 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 s3_event: Schedule immediate event "tevent_req_trigger": 0x7fb624077f00 s3_event: Run immediate event "tevent_req_trigger": 0x7fb624077f00 copy_trans_params_and_data: params[0..0] data[0..48] (align 0) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=1596 smb_uid=100 smb_mid=13315 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . got smb length of 41 got message type 0x0 of len 0x29 Transaction 209 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=13379 smt_wct=3 smb_vwv[ 0]=20147 (0x4EB3) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20147 (numopen=2) close_write_time: Sun Feb 7 07:28:15 2106 freed files structure 20147 (2 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=13379 smt_wct=0 smb_bcc=0 got smb length of 41 got message type 0x0 of len 0x29 Transaction 210 of length 45 (0 toread) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=13443 smt_wct=3 smb_vwv[ 0]=20148 (0x4EB4) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 12841) conn 0x7fb6240867f0 change_to_user: Skipping user change - already user close fd=-1 fnum=20148 (numopen=1) close_write_time: Sun Feb 7 07:28:15 2106 close_policy_by_pipe: deleted handle list for pipe \lsarpc freed files structure 20148 (1 used) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=2 smb_pid=65279 smb_uid=100 smb_mid=13443 smt_wct=0 smb_bcc=0