[2010/04/13 08:30:34, 0] smbd/server.c:1119(main) smbd version 3.5.2 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [2010/04/13 08:30:34.297291, 5] lib/debug.c:405(debug_dump_status) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 [2010/04/13 08:30:34.297432, 4] param/loadparm.c:9192(lp_load_ex) pm_process() returned Yes [2010/04/13 08:30:34.297458, 7] param/loadparm.c:9398(lp_servicenumber) lp_servicenumber: couldn't find homes [2010/04/13 08:30:34.297484, 10] param/loadparm.c:8402(set_server_role) set_server_role: role = ROLE_DOMAIN_MEMBER [2010/04/13 08:30:34.297662, 2] lib/tallocmsg.c:106(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2010/04/13 08:30:34.297683, 2] lib/dmallocmsg.c:77(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2010/04/13 08:30:34.297734, 3] param/loadparm.c:9157(lp_load_ex) lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) [2010/04/13 08:30:34.297833, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/usr/local/samba-3.5.2-run/lib/smb.conf" [2010/04/13 08:30:34.297858, 3] param/loadparm.c:7841(do_section) Processing section "[global]" doing parameter dos charset = 850 [2010/04/13 08:30:34.297902, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.297944, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.297989, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298024, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298059, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298090, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298119, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298155, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298201, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298237, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298281, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298323, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298361, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298396, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE doing parameter unix charset = utf8 [2010/04/13 08:30:34.298460, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298505, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298549, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298580, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298615, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298644, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298673, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298715, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298745, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298774, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298813, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298849, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298882, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2010/04/13 08:30:34.298914, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ANSI_X3.4-1968' for LOCALE doing parameter display charset = utf8 doing parameter workgroup = baumann doing parameter realm = BAUMANN.LOCAL doing parameter security = ADS doing parameter domain master = No doing parameter password server = baad2.baumann.local doing parameter client use spnego = Yes doing parameter winbind trusted domains only = No doing parameter winbind use default domain = Yes doing parameter winbind nested groups = yes doing parameter winbind cache time = 10 doing parameter winbind separator = / doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter winbind expand groups = 3 doing parameter idmap uid = 10000-20000 doing parameter idmap gid = 10000-20000 doing parameter encrypt passwords = Yes doing parameter netbios name = bafs2 [2010/04/13 08:30:34.299368, 4] param/loadparm.c:7203(handle_netbios_name) handle_netbios_name: set global_myname to: BAFS2 doing parameter server string = %h doing parameter lanman auth = No doing parameter socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 doing parameter log level = 10 [2010/04/13 08:30:34.299438, 5] lib/debug.c:405(debug_dump_status) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 [2010/04/13 08:30:34.299544, 2] param/loadparm.c:7858(do_section) Processing section "[backup]" [2010/04/13 08:30:34.299592, 8] param/loadparm.c:6162(add_a_service) add_a_service: Creating snum = 0 for backup [2010/04/13 08:30:34.299613, 10] param/loadparm.c:6200(hash_a_service) hash_a_service: creating servicehash [2010/04/13 08:30:34.299632, 10] param/loadparm.c:6209(hash_a_service) hash_a_service: hashing index 0 for service name backup doing parameter comment = backup doing parameter path = /data/backup doing parameter valid users = +baumann/Ba-IT, baumann-gmbh/gehr, gehr doing parameter write list = +baumann/Ba-IT, baumann-gmbh/gehr doing parameter browseable = No [2010/04/13 08:30:34.299732, 2] param/loadparm.c:7858(do_section) Processing section "[images]" [2010/04/13 08:30:34.299775, 8] param/loadparm.c:6162(add_a_service) add_a_service: Creating snum = 1 for images [2010/04/13 08:30:34.299795, 10] param/loadparm.c:6209(hash_a_service) hash_a_service: hashing index 1 for service name images doing parameter comment = Rechner Images doing parameter path = /data/images doing parameter browsable = no doing parameter valid users = baumann/backupexecuser, baumann-gmbh/barainst, baumann/barainst, Administrator, +baumann/Ba-It doing parameter force create mode = 775 doing parameter read only = no [2010/04/13 08:30:34.299908, 2] param/loadparm.c:7858(do_section) Processing section "[baex1]" [2010/04/13 08:30:34.299949, 8] param/loadparm.c:6162(add_a_service) add_a_service: Creating snum = 2 for baex1 [2010/04/13 08:30:34.299969, 10] param/loadparm.c:6209(hash_a_service) hash_a_service: hashing index 2 for service name baex1 doing parameter comment = Sicherung Exchange doing parameter path = /data/backup/baex1_data doing parameter browsable = yes doing parameter valid users = baumann/backupexecuser, Administrator, baumann/adadmin, +baumann/Ba-It, baumann-gmbh/gehr doing parameter force create mode = 775 doing parameter read only = no [2010/04/13 08:30:34.300094, 2] param/loadparm.c:7858(do_section) Processing section "[badb4_data]" [2010/04/13 08:30:34.300137, 8] param/loadparm.c:6162(add_a_service) add_a_service: Creating snum = 3 for badb4_data [2010/04/13 08:30:34.300157, 10] param/loadparm.c:6209(hash_a_service) hash_a_service: hashing index 3 for service name badb4_data doing parameter comment = Sicherung badb4 doing parameter path = /data/backup/badb4_data doing parameter browsable = no doing parameter valid users = baumann-gmbh/gehr, baumann/backupexecuser, baumann/apservice, Administrator, baumann/adadmin, +#ba-it doing parameter force create mode = 775 doing parameter read only = no [2010/04/13 08:30:34.300271, 2] param/loadparm.c:7858(do_section) Processing section "[data]" [2010/04/13 08:30:34.300312, 8] param/loadparm.c:6162(add_a_service) add_a_service: Creating snum = 4 for data [2010/04/13 08:30:34.300332, 10] param/loadparm.c:6209(hash_a_service) hash_a_service: hashing index 4 for service name data doing parameter comment = Zugriff fuer IT doing parameter path = /data doing parameter valid users = +baumann/Ba-IT, gehr doing parameter write list = +baumann/Ba-IT doing parameter create mask = 00 doing parameter force create mode = 0770 doing parameter directory mask = 00 doing parameter force directory mode = 0770 doing parameter browseable = No [2010/04/13 08:30:34.300479, 2] param/loadparm.c:7858(do_section) Processing section "[netlogon]" [2010/04/13 08:30:34.300520, 8] param/loadparm.c:6162(add_a_service) add_a_service: Creating snum = 5 for netlogon [2010/04/13 08:30:34.300540, 10] param/loadparm.c:6209(hash_a_service) hash_a_service: hashing index 5 for service name netlogon doing parameter comment = BDC Logonpfad doing parameter path = /home/samba/netlogon doing parameter write list = root, Administrator, @Ba-IT doing parameter guest ok = Yes doing parameter browseable = No [2010/04/13 08:30:34.300634, 4] param/loadparm.c:9192(lp_load_ex) pm_process() returned Yes [2010/04/13 08:30:34.300674, 7] param/loadparm.c:9398(lp_servicenumber) lp_servicenumber: couldn't find homes [2010/04/13 08:30:34.300716, 8] param/loadparm.c:6162(add_a_service) add_a_service: Creating snum = 6 for IPC$ [2010/04/13 08:30:34.300736, 10] param/loadparm.c:6209(hash_a_service) hash_a_service: hashing index 6 for service name IPC$ [2010/04/13 08:30:34.301718, 3] param/loadparm.c:6312(lp_add_ipc) adding IPC service [2010/04/13 08:30:34.301741, 10] param/loadparm.c:8402(set_server_role) set_server_role: role = ROLE_DOMAIN_MEMBER [2010/04/13 08:30:34.301815, 7] param/loadparm.c:9398(lp_servicenumber) lp_servicenumber: couldn't find printers [2010/04/13 08:30:34.301839, 3] printing/pcap.c:136(pcap_cache_reload) reloading printcap cache [2010/04/13 08:30:34.301863, 5] printing/print_cups.c:408(cups_pcap_load_async) cups_pcap_load_async: asynchronously loading cups printers [2010/04/13 08:30:34.302149, 10] printing/print_cups.c:425(cups_pcap_load_async) cups_pcap_load_async: child pid = 5559 [2010/04/13 08:30:34.302233, 10] printing/print_cups.c:576(cups_cache_reload) cups_cache_reload: sync read on fd 4 [2010/04/13 08:30:34.302261, 5] printing/print_cups.c:458(cups_async_callback) cups_async_callback: callback received for printer data. fd = 4 [2010/04/13 08:30:34.305418, 5] printing/print_cups.c:169(cups_cache_reload_async) reloading cups printcap cache [2010/04/13 08:30:34.306890, 10] printing/print_cups.c:87(cups_connect) connecting to cups server /var/run/cups/cups.sock:631 [2010/04/13 08:30:34.340000, 3] printing/pcap.c:243(pcap_cache_reload) reload status: ok [2010/04/13 08:30:34.340062, 7] param/loadparm.c:9398(lp_servicenumber) lp_servicenumber: couldn't find printers [2010/04/13 08:30:34.340101, 7] param/loadparm.c:9398(lp_servicenumber) lp_servicenumber: couldn't find printers [2010/04/13 08:30:34.340142, 6] param/loadparm.c:7132(lp_file_list_changed) lp_file_list_changed() file /usr/local/samba-3.5.2-run/lib/smb.conf -> /usr/local/samba-3.5.2-run/lib/smb.conf last mod_time: Tue Apr 13 08:29:19 2010 [2010/04/13 08:30:34.340361, 2] lib/interface.c:340(add_interface) added interface bond0 ip=10.230.1.2 bcast=10.230.255.255 netmask=255.255.0.0 [2010/04/13 08:30:34.341684, 5] lib/util.c:276(init_names) Netbios name list:- my_netbios_names[0]="BAFS2" [2010/04/13 08:30:34.356905, 3] smbd/server.c:1161(main) loaded services [2010/04/13 08:30:34.356943, 3] smbd/server.c:1176(main) Becoming a daemon. [2010/04/13 08:30:34.357705, 8] ../lib/util/util.c:217(fcntl_lock) fcntl_lock 9 6 0 1 1 [2010/04/13 08:30:34.357808, 8] ../lib/util/util.c:252(fcntl_lock) fcntl_lock: Lock call successful [2010/04/13 08:30:34.367061, 5] passdb/pdb_interface.c:63(smb_register_passdb) Attempting to register passdb backend ldapsam [2010/04/13 08:30:34.367107, 5] passdb/pdb_interface.c:76(smb_register_passdb) Successfully added passdb backend 'ldapsam' [2010/04/13 08:30:34.367127, 5] passdb/pdb_interface.c:63(smb_register_passdb) Attempting to register passdb backend ldapsam_compat [2010/04/13 08:30:34.367145, 5] passdb/pdb_interface.c:76(smb_register_passdb) Successfully added passdb backend 'ldapsam_compat' [2010/04/13 08:30:34.368526, 5] passdb/pdb_interface.c:63(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam [2010/04/13 08:30:34.368558, 5] passdb/pdb_interface.c:76(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam' [2010/04/13 08:30:34.368580, 5] passdb/pdb_interface.c:63(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam_compat [2010/04/13 08:30:34.368601, 5] passdb/pdb_interface.c:76(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam_compat' [2010/04/13 08:30:34.368628, 5] passdb/pdb_interface.c:63(smb_register_passdb) Attempting to register passdb backend smbpasswd [2010/04/13 08:30:34.368648, 5] passdb/pdb_interface.c:76(smb_register_passdb) Successfully added passdb backend 'smbpasswd' [2010/04/13 08:30:34.368669, 5] passdb/pdb_interface.c:63(smb_register_passdb) Attempting to register passdb backend tdbsam [2010/04/13 08:30:34.368691, 5] passdb/pdb_interface.c:76(smb_register_passdb) Successfully added passdb backend 'tdbsam' [2010/04/13 08:30:34.368712, 5] passdb/pdb_interface.c:63(smb_register_passdb) Attempting to register passdb backend wbc_sam [2010/04/13 08:30:34.368738, 5] passdb/pdb_interface.c:76(smb_register_passdb) Successfully added passdb backend 'wbc_sam' [2010/04/13 08:30:34.368758, 5] passdb/pdb_interface.c:133(make_pdb_method_name) Attempting to find a passdb backend to match tdbsam (tdbsam) [2010/04/13 08:30:34.368777, 5] passdb/pdb_interface.c:154(make_pdb_method_name) Found pdb backend tdbsam [2010/04/13 08:30:34.368807, 5] passdb/pdb_interface.c:165(make_pdb_method_name) pdb backend tdbsam has a valid init [2010/04/13 08:30:34.372537, 5] libsmb/namecache.c:51(namecache_enable) namecache_enable: enabling netbios namecache, timeout 660 seconds [2010/04/13 08:30:34.385437, 10] registry/reg_cachehook.c:73(reghook_cache_init) reghook_cache_init: new tree with default ops 0x7fb461fcdea0 for key [] [2010/04/13 08:30:34.385723, 10] registry/reg_backend_db.c:1620(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2010/04/13 08:30:34.385773, 8] registry/reg_backend_db.c:1567(regdb_unpack_values) specific: [Samba Printer Port], len: 2 [2010/04/13 08:30:34.385798, 10] registry/reg_backend_db.c:1620(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2010/04/13 08:30:34.385852, 8] registry/reg_backend_db.c:1567(regdb_unpack_values) specific: [DefaultSpoolDirectory], len: 70 [2010/04/13 08:30:34.385874, 10] registry/reg_backend_db.c:1620(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2010/04/13 08:30:34.385917, 8] registry/reg_backend_db.c:1567(regdb_unpack_values) specific: [DisplayName], len: 20 [2010/04/13 08:30:34.385938, 8] registry/reg_backend_db.c:1567(regdb_unpack_values) specific: [ErrorControl], len: 4 [2010/04/13 08:30:34.385963, 10] registry/reg_backend_db.c:1620(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2010/04/13 08:30:34.386002, 8] registry/reg_backend_db.c:1567(regdb_unpack_values) specific: [DisplayName], len: 20 [2010/04/13 08:30:34.386022, 8] registry/reg_backend_db.c:1567(regdb_unpack_values) specific: [ErrorControl], len: 4 [2010/04/13 08:30:34.387326, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x7fb461fce140 for key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] [2010/04/13 08:30:34.387358, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/13 08:30:34.387399, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree [2010/04/13 08:30:34.387418, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/13 08:30:34.387440, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x7fb461fce140 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] [2010/04/13 08:30:34.387462, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/13 08:30:34.387486, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] to tree [2010/04/13 08:30:34.387507, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/13 08:30:34.387528, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x7fb461fce140 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] [2010/04/13 08:30:34.387551, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/13 08:30:34.387572, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] to tree [2010/04/13 08:30:34.387593, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/13 08:30:34.387615, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x7fb461fce1a0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] [2010/04/13 08:30:34.387636, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/13 08:30:34.387658, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree [2010/04/13 08:30:34.387684, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/13 08:30:34.387706, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x7fb461fcdfa0 for key [/HKLM/SOFTWARE/Samba/smbconf] [2010/04/13 08:30:34.387725, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/13 08:30:34.387746, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SOFTWARE/Samba/smbconf] to tree [2010/04/13 08:30:34.387765, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/13 08:30:34.387792, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x7fb461fce200 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters] [2010/04/13 08:30:34.387813, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/13 08:30:34.387835, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters] to tree [2010/04/13 08:30:34.387866, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/13 08:30:34.387889, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x7fb461fce260 for key [/HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] [2010/04/13 08:30:34.387909, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/13 08:30:34.387930, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] to tree [2010/04/13 08:30:34.387954, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/13 08:30:34.387975, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x7fb461fce2c0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] [2010/04/13 08:30:34.387996, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/13 08:30:34.388018, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] to tree [2010/04/13 08:30:34.388038, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/13 08:30:34.388059, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x7fb461fce320 for key [/HKPT] [2010/04/13 08:30:34.388078, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/13 08:30:34.388097, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKPT] to tree [2010/04/13 08:30:34.388116, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/13 08:30:34.388140, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x7fb461fce380 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion] [2010/04/13 08:30:34.388163, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/13 08:30:34.388184, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion] to tree [2010/04/13 08:30:34.388203, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/13 08:30:34.388224, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x7fb461fce3e0 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib] [2010/04/13 08:30:34.388245, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/13 08:30:34.388266, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib] to tree [2010/04/13 08:30:34.388287, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/13 08:30:34.397438, 5] lib/gencache.c:65(gencache_init) Opening cache file at /usr/local/samba-3.5.2-run/var/locks/gencache.tdb [2010/04/13 08:30:34.426698, 5] lib/gencache.c:108(gencache_init) Opening cache file at /usr/local/samba-3.5.2-run/var/locks/gencache_notrans.tdb [2010/04/13 08:30:34.426850, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/UID2SID/0 couldn't be found [2010/04/13 08:30:34.427015, 5] passdb/lookup_sid.c:1334(uid_to_sid) uid_to_sid: winbind failed to find a sid for uid 0 [2010/04/13 08:30:34.427042, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.427067, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/13 08:30:34.427092, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.427114, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.427133, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.427234, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/13 08:30:34.427256, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/13 08:30:34.427277, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/13 08:30:34.427306, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.427324, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.432034, 4] passdb/pdb_tdb.c:518(tdbsam_open) tdbsam_open: successfully opened /usr/local/samba-3.5.2-run/private/passdb.tdb [2010/04/13 08:30:34.432070, 5] passdb/pdb_tdb.c:557(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_root [2010/04/13 08:30:34.432105, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.432126, 5] passdb/pdb_interface.c:1214(pdb_default_uid_to_sid) pdb_default_uid_to_sid: Did not find user root (0) [2010/04/13 08:30:34.432150, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:34.432171, 10] passdb/lookup_sid.c:1151(legacy_uid_to_sid) LEGACY: uid 0 -> sid S-1-22-1-0 [2010/04/13 08:30:34.432213, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/GID2SID/0 couldn't be found [2010/04/13 08:30:34.432248, 5] passdb/lookup_sid.c:1387(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 0 [2010/04/13 08:30:34.432268, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.432288, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/13 08:30:34.432308, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.432327, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.432346, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.448410, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:34.448437, 10] passdb/lookup_sid.c:1182(legacy_gid_to_sid) LEGACY: gid 0 -> sid S-1-22-2-0 [2010/04/13 08:30:34.448461, 10] auth/token_util.c:356(create_local_nt_token) Create local NT token for S-1-22-1-0 [2010/04/13 08:30:34.448501, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = IDMAP/SID2GID/S-1-5-32-544, value = 10339, timeout = Fri Apr 16 19:15:33 2010 [2010/04/13 08:30:34.448536, 10] passdb/lookup_sid.c:1518(sid_to_gid) sid S-1-5-32-544 -> gid 10339 [2010/04/13 08:30:34.448572, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = IDMAP/SID2GID/S-1-5-32-545, value = 10340, timeout = Fri Apr 16 19:15:33 2010 [2010/04/13 08:30:34.448600, 10] passdb/lookup_sid.c:1518(sid_to_gid) sid S-1-5-32-545 -> gid 10340 [2010/04/13 08:30:34.448624, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.448645, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/13 08:30:34.448665, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.448685, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.448703, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.448973, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:34.449697, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-1-0] [2010/04/13 08:30:34.449738, 5] lib/privileges.c:128(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-5-32-544 Privilege set: SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/13 08:30:34.449785, 5] lib/privileges.c:128(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/13 08:30:34.449824, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2010/04/13 08:30:34.449861, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2010/04/13 08:30:34.449894, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/13 08:30:34.449918, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (1) [2010/04/13 08:30:34.449944, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/13 08:30:34.449971, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/13 08:30:34.449992, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.450010, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM] [2010/04/13 08:30:34.450064, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/13 08:30:34.450115, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/13 08:30:34.450136, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/13 08:30:34.450164, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/13 08:30:34.450183, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/13 08:30:34.450202, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.450221, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM] [2010/04/13 08:30:34.450262, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/13 08:30:34.450301, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/13 08:30:34.450322, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/13 08:30:34.450346, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.450367, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.450388, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.450406, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.450450, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/13 08:30:34.450490, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/13 08:30:34.450512, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/13 08:30:34.450533, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/13 08:30:34.450558, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.450576, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.450597, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.450615, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.450676, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/13 08:30:34.450717, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/13 08:30:34.450738, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/13 08:30:34.450862, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/13 08:30:34.450883, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/13 08:30:34.450907, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/13 08:30:34.450926, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/13 08:30:34.450945, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.450964, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM] [2010/04/13 08:30:34.451007, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/13 08:30:34.451043, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/13 08:30:34.451065, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/13 08:30:34.451089, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/13 08:30:34.451107, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/13 08:30:34.451125, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.451144, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM] [2010/04/13 08:30:34.451183, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/13 08:30:34.451220, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/13 08:30:34.451244, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.451269, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.451287, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.451306, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.451324, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.451367, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/13 08:30:34.451406, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.451427, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/13 08:30:34.451447, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.451471, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.451490, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.451509, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.451528, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.451589, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/13 08:30:34.451630, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.451651, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2010/04/13 08:30:34.451671, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.451703, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2010/04/13 08:30:34.451722, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2010/04/13 08:30:34.451743, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.451762, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2010/04/13 08:30:34.451806, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2010/04/13 08:30:34.451846, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.451868, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/13 08:30:34.452068, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2010/04/13 08:30:34.452122, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/13 08:30:34.452150, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/13 08:30:34.452171, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/13 08:30:34.452194, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/13 08:30:34.452212, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/13 08:30:34.452231, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.452249, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM] [2010/04/13 08:30:34.452288, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/13 08:30:34.452323, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/13 08:30:34.452344, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/13 08:30:34.452369, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/13 08:30:34.452387, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/13 08:30:34.452407, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.452426, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM] [2010/04/13 08:30:34.452465, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/13 08:30:34.452502, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/13 08:30:34.452523, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.452548, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.452566, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.452585, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.452604, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.452649, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/13 08:30:34.452686, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.452707, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/13 08:30:34.452736, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.452761, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.452779, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.452798, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.452816, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.452874, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/13 08:30:34.452915, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.452937, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2010/04/13 08:30:34.452958, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.452983, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2010/04/13 08:30:34.453001, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2010/04/13 08:30:34.453022, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.453041, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2010/04/13 08:30:34.453084, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2010/04/13 08:30:34.453125, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.453146, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2010/04/13 08:30:34.453167, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.453193, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2010/04/13 08:30:34.453213, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2010/04/13 08:30:34.453232, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.453250, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2010/04/13 08:30:34.453295, 10] registry/reg_backend_db.c:1483(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2010/04/13 08:30:34.453317, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2010/04/13 08:30:34.453359, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.453380, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/13 08:30:34.453426, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2010/04/13 08:30:34.453470, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/13 08:30:34.453549, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/13 08:30:34.453570, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/13 08:30:34.453603, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/13 08:30:34.453622, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/13 08:30:34.453640, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.453659, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM] [2010/04/13 08:30:34.453696, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/13 08:30:34.453731, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/13 08:30:34.453752, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/13 08:30:34.453776, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/13 08:30:34.453794, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/13 08:30:34.453813, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.453832, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM] [2010/04/13 08:30:34.453870, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/13 08:30:34.453908, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/13 08:30:34.453928, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.453953, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.453972, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.453992, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.454010, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.454081, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/13 08:30:34.454121, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.454143, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/13 08:30:34.454164, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.454189, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.454207, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.454228, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.454246, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.454304, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/13 08:30:34.454345, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.454366, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2010/04/13 08:30:34.454387, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.454412, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2010/04/13 08:30:34.454439, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2010/04/13 08:30:34.454459, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.454478, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2010/04/13 08:30:34.454529, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2010/04/13 08:30:34.454570, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.454591, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/13 08:30:34.454701, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2010/04/13 08:30:34.454746, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/13 08:30:34.454772, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/13 08:30:34.454793, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/13 08:30:34.454817, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/13 08:30:34.454835, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/13 08:30:34.454855, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.454874, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM] [2010/04/13 08:30:34.454911, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/13 08:30:34.454946, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/13 08:30:34.454967, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/13 08:30:34.454992, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/13 08:30:34.455010, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/13 08:30:34.455029, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.455048, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM] [2010/04/13 08:30:34.455086, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/13 08:30:34.455124, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/13 08:30:34.455144, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.455170, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.455188, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.455207, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.455226, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.455268, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/13 08:30:34.455307, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.455329, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/13 08:30:34.455349, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.455382, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.455401, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.455420, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.455439, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.455502, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/13 08:30:34.455543, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.455565, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2010/04/13 08:30:34.455586, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.455611, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2010/04/13 08:30:34.455629, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2010/04/13 08:30:34.455649, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.455667, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2010/04/13 08:30:34.455713, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2010/04/13 08:30:34.455753, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.455774, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2010/04/13 08:30:34.455794, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.455820, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2010/04/13 08:30:34.455840, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2010/04/13 08:30:34.455860, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.455879, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2010/04/13 08:30:34.455919, 10] registry/reg_backend_db.c:1483(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2010/04/13 08:30:34.455941, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2010/04/13 08:30:34.455985, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.456006, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/13 08:30:34.456044, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2010/04/13 08:30:34.456087, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/13 08:30:34.456161, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/13 08:30:34.456181, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/13 08:30:34.456205, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/13 08:30:34.456233, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/13 08:30:34.456252, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.456271, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM] [2010/04/13 08:30:34.456308, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/13 08:30:34.456343, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/13 08:30:34.456365, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/13 08:30:34.456389, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/13 08:30:34.456407, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/13 08:30:34.456426, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.456445, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM] [2010/04/13 08:30:34.456484, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/13 08:30:34.456524, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/13 08:30:34.456545, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.456570, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.456588, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.456606, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.456625, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.456669, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/13 08:30:34.456707, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.456728, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/13 08:30:34.456748, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.456773, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.456791, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.456810, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.456833, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.456892, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/13 08:30:34.456932, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.456953, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2010/04/13 08:30:34.456975, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.457000, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2010/04/13 08:30:34.457020, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2010/04/13 08:30:34.457047, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.457066, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2010/04/13 08:30:34.457110, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2010/04/13 08:30:34.457150, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.457171, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/13 08:30:34.457273, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2010/04/13 08:30:34.457325, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/13 08:30:34.457352, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/13 08:30:34.457373, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/13 08:30:34.457397, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/13 08:30:34.457415, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/13 08:30:34.457433, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.457452, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM] [2010/04/13 08:30:34.457489, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/13 08:30:34.457524, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/13 08:30:34.457546, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/13 08:30:34.457569, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/13 08:30:34.457588, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/13 08:30:34.457608, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.457627, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM] [2010/04/13 08:30:34.457665, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/13 08:30:34.457703, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/13 08:30:34.457724, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.457748, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.457766, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.457788, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.457807, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.457850, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/13 08:30:34.457888, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.457910, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/13 08:30:34.457930, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.457955, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.457984, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.458003, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.458021, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.458079, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/13 08:30:34.458119, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.458141, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2010/04/13 08:30:34.458162, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.458187, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2010/04/13 08:30:34.458207, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2010/04/13 08:30:34.458228, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.458247, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2010/04/13 08:30:34.458291, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2010/04/13 08:30:34.458331, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.458352, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2010/04/13 08:30:34.458373, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.458399, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2010/04/13 08:30:34.458419, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2010/04/13 08:30:34.458439, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.458458, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2010/04/13 08:30:34.458501, 10] registry/reg_backend_db.c:1483(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2010/04/13 08:30:34.458524, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2010/04/13 08:30:34.458566, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.458587, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/13 08:30:34.458622, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2010/04/13 08:30:34.458665, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/13 08:30:34.458744, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/13 08:30:34.458764, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/13 08:30:34.458788, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/13 08:30:34.458815, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/13 08:30:34.458833, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.458852, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM] [2010/04/13 08:30:34.458890, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/13 08:30:34.458925, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/13 08:30:34.458946, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/13 08:30:34.458970, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/13 08:30:34.458989, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/13 08:30:34.459008, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.459027, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM] [2010/04/13 08:30:34.459066, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/13 08:30:34.459104, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/13 08:30:34.459125, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.459149, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.459167, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.459188, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.459207, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.459253, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/13 08:30:34.459292, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.459313, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/13 08:30:34.459333, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.459358, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.459376, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.459396, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.459415, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.459475, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/13 08:30:34.459516, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.459537, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2010/04/13 08:30:34.459557, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.459583, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2010/04/13 08:30:34.459601, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2010/04/13 08:30:34.459622, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.459648, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2010/04/13 08:30:34.459692, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2010/04/13 08:30:34.459733, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.459754, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/13 08:30:34.463969, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2010/04/13 08:30:34.464044, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/13 08:30:34.464072, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/13 08:30:34.464093, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/13 08:30:34.464118, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/13 08:30:34.464136, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/13 08:30:34.464155, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.464173, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM] [2010/04/13 08:30:34.464214, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/13 08:30:34.464250, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/13 08:30:34.464271, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/13 08:30:34.464295, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/13 08:30:34.464314, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/13 08:30:34.464333, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.464351, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM] [2010/04/13 08:30:34.464391, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/13 08:30:34.464429, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/13 08:30:34.464450, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.464475, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.464493, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.464513, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.464532, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/13 08:30:34.464576, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/13 08:30:34.464613, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.464635, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/13 08:30:34.464655, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.464679, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.464710, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.464730, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.464750, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/13 08:30:34.464811, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/13 08:30:34.464852, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.464873, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2010/04/13 08:30:34.464894, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.464919, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2010/04/13 08:30:34.464938, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2010/04/13 08:30:34.464958, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.464977, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2010/04/13 08:30:34.465020, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2010/04/13 08:30:34.465060, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.465081, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2010/04/13 08:30:34.465101, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/13 08:30:34.465127, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2010/04/13 08:30:34.465145, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2010/04/13 08:30:34.465166, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/13 08:30:34.465185, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x7fb461fcdea0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2010/04/13 08:30:34.465226, 10] registry/reg_backend_db.c:1483(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2010/04/13 08:30:34.465247, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2010/04/13 08:30:34.465288, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/13 08:30:34.465309, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/13 08:30:34.465341, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2010/04/13 08:30:34.465383, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/13 08:30:34.465404, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (1) [2010/04/13 08:30:34.472673, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (0) [2010/04/13 08:30:34.487455, 10] printing/nt_printing.c:705(update_c_setprinter) update_c_setprinter: c_setprinter = 0 [2010/04/13 08:30:34.497942, 6] libads/ldap.c:359(ads_find_dc) ads_find_dc: (ldap) looking for realm 'BAUMANN.LOCAL' [2010/04/13 08:30:34.497998, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.498045, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.498078, 4] libsmb/namequery_dc.c:73(ads_dc_name) ads_dc_name: domain=BAUMANN [2010/04/13 08:30:34.498110, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.498138, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.498157, 6] libads/ldap.c:379(ads_find_dc) ads_find_dc: (cldap) looking for realm 'BAUMANN.LOCAL' [2010/04/13 08:30:34.498179, 8] libsmb/namequery.c:2071(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name BAUMANN.LOCAL (sitename Default-First-Site-Name) using [ads] [2010/04/13 08:30:34.498226, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = SAFJOIN/DOMAIN/BAUMANN.LOCAL couldn't be found [2010/04/13 08:30:34.498254, 10] lib/gencache.c:345(gencache_get_data_blob) Returning expired cache entry: key = SAF/DOMAIN/BAUMANN.LOCAL, value = BAAD2.baumann.local, timeout = Mon Apr 12 14:55:15 2010 [2010/04/13 08:30:34.498286, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = SAF/DOMAIN/BAUMANN.LOCAL and timeout = Thu Jan 1 01:00:00 1970 (-1271140234 seconds in the past) [2010/04/13 08:30:34.500812, 5] libsmb/namequery.c:185(saf_fetch) saf_fetch: failed to find server for "BAUMANN.LOCAL" domain [2010/04/13 08:30:34.500849, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: ", baad2.baumann.local" [2010/04/13 08:30:34.500910, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.500939, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.500964, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up baad2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.500993, 10] lib/gencache.c:345(gencache_get_data_blob) Returning expired cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Mon Apr 12 14:46:01 2010 [2010/04/13 08:30:34.501022, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = NBT/BAAD2.BAUMANN.LOCAL#20 and timeout = Thu Jan 1 01:00:00 1970 (-1271140234 seconds in the past) [2010/04/13 08:30:34.501066, 5] libsmb/namecache.c:188(namecache_fetch) no entry for baad2.baumann.local#20 found. [2010/04/13 08:30:34.501088, 3] libsmb/namequery.c:1119(resolve_lmhosts) resolve_lmhosts: Attempting lmhosts lookup for name baad2.baumann.local<0x20> [2010/04/13 08:30:34.501115, 4] ../libcli/nbt/lmhosts.c:40(startlmhosts) startlmhosts: Can't open lmhosts file /usr/local/samba-3.5.2-run/lib/lmhosts. Error was No such file or directory [2010/04/13 08:30:34.501169, 3] libsmb/namequery.c:983(resolve_wins) resolve_wins: Attempting wins lookup for name baad2.baumann.local<0x20> [2010/04/13 08:30:34.501189, 3] libsmb/namequery.c:987(resolve_wins) resolve_wins: WINS server resolution selected and no WINS servers listed. [2010/04/13 08:30:34.501210, 3] libsmb/namequery.c:1201(resolve_hosts) resolve_hosts: Attempting host lookup for name baad2.baumann.local<0x20> [2010/04/13 08:30:34.502509, 10] libsmb/namequery.c:572(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2010/04/13 08:30:34.502537, 5] libsmb/namecache.c:106(namecache_store) namecache_store: storing 1 address for baad2.baumann.local#20: 10.230.1.253 [2010/04/13 08:30:34.502584, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = NBT/BAAD2.BAUMANN.LOCAL#20 and timeout = Tue Apr 13 08:41:34 2010 (660 seconds ahead) [2010/04/13 08:30:34.502655, 10] libsmb/namequery.c:1547(internal_resolve_name) internal_resolve_name: returning 1 addresses: 10.230.1.253:0 [2010/04/13 08:30:34.502695, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.502715, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.502735, 10] libsmb/namequery.c:572(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2010/04/13 08:30:34.502755, 4] libsmb/namequery.c:2020(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2010/04/13 08:30:34.502774, 4] libsmb/namequery.c:2021(get_dc_list) get_dc_list: 10.230.1.253:389 [2010/04/13 08:30:34.502809, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.502829, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.502849, 5] libads/ldap.c:226(ads_try_connect) ads_try_connect: sending CLDAP request to 10.230.1.253 (realm: BAUMANN.LOCAL) [2010/04/13 08:30:34.512153, 10] libads/dns.c:775(sitename_store) sitename_store: realm = [BAUMANN], sitename = [Default-First-Site-Name], expire = [2147483647] [2010/04/13 08:30:34.512186, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/BAUMANN and timeout = Tue Jan 19 04:14:07 2038 (876343413 seconds ahead) [2010/04/13 08:30:34.512239, 10] libads/dns.c:775(sitename_store) sitename_store: realm = [baumann.local], sitename = [Default-First-Site-Name], expire = [2147483647] [2010/04/13 08:30:34.512265, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL and timeout = Tue Jan 19 04:14:07 2038 (876343413 seconds ahead) [2010/04/13 08:30:34.512313, 3] libads/ldap.c:634(ads_connect) Successfully contacted LDAP server 10.230.1.253 [2010/04/13 08:30:34.512347, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.512375, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.512398, 10] libads/ldap.c:165(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2010/04/13 08:30:34.512473, 10] libads/kerberos.c:910(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: fname = /usr/local/samba-3.5.2-run/var/locks/smb_krb5/krb5.conf.BAUMANN, realm = BAUMANN.LOCAL, domain = BAUMANN [2010/04/13 08:30:34.512515, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = SAFJOIN/DOMAIN/BAUMANN.LOCAL couldn't be found [2010/04/13 08:30:34.512544, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = SAF/DOMAIN/BAUMANN.LOCAL couldn't be found [2010/04/13 08:30:34.512563, 5] libsmb/namequery.c:185(saf_fetch) saf_fetch: failed to find server for "BAUMANN.LOCAL" domain [2010/04/13 08:30:34.512586, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: ", baad2.baumann.local" [2010/04/13 08:30:34.512616, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.512643, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.512664, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up baad2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.512700, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.512727, 5] libsmb/namecache.c:192(namecache_fetch) name baad2.baumann.local#20 found. [2010/04/13 08:30:34.512785, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.512804, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.512823, 10] libsmb/namequery.c:572(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2010/04/13 08:30:34.512842, 4] libsmb/namequery.c:2020(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2010/04/13 08:30:34.512861, 4] libsmb/namequery.c:2021(get_dc_list) get_dc_list: 10.230.1.253:389 [2010/04/13 08:30:34.512896, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = SAFJOIN/DOMAIN/BAUMANN.LOCAL couldn't be found [2010/04/13 08:30:34.512924, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = SAF/DOMAIN/BAUMANN.LOCAL couldn't be found [2010/04/13 08:30:34.512942, 5] libsmb/namequery.c:185(saf_fetch) saf_fetch: failed to find server for "BAUMANN.LOCAL" domain [2010/04/13 08:30:34.512964, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: ", baad2.baumann.local" [2010/04/13 08:30:34.512993, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.513020, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.513041, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up baad2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.513066, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.513093, 5] libsmb/namecache.c:192(namecache_fetch) name baad2.baumann.local#20 found. [2010/04/13 08:30:34.513145, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.513164, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.513183, 10] libsmb/namequery.c:572(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2010/04/13 08:30:34.513206, 4] libsmb/namequery.c:2020(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2010/04/13 08:30:34.513224, 4] libsmb/namequery.c:2021(get_dc_list) get_dc_list: 10.230.1.253:389 [2010/04/13 08:30:34.513247, 10] libads/kerberos.c:856(get_kdc_ip_string) get_kdc_ip_string: Returning kdc = 10.230.1.253 [2010/04/13 08:30:34.516278, 5] libads/kerberos.c:978(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: wrote file /usr/local/samba-3.5.2-run/var/locks/smb_krb5/krb5.conf.BAUMANN with realm BAUMANN.LOCAL KDC list = kdc = 10.230.1.253 [2010/04/13 08:30:34.516327, 4] libsmb/namequery_dc.c:143(ads_dc_name) ads_dc_name: using server='BAAD2.BAUMANN.LOCAL' IP=10.230.1.253 [2010/04/13 08:30:34.516359, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.516387, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.516419, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up BAAD2.BAUMANN.LOCAL#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.516445, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.516472, 5] libsmb/namecache.c:192(namecache_fetch) name BAAD2.BAUMANN.LOCAL#20 found. [2010/04/13 08:30:34.516522, 5] libads/ldap.c:226(ads_try_connect) ads_try_connect: sending CLDAP request to 10.230.1.253 (realm: BAUMANN.LOCAL) [2010/04/13 08:30:34.517177, 10] libads/dns.c:775(sitename_store) sitename_store: realm = [BAUMANN], sitename = [Default-First-Site-Name], expire = [2147483647] [2010/04/13 08:30:34.517206, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/BAUMANN and timeout = Tue Jan 19 04:14:07 2038 (876343413 seconds ahead) [2010/04/13 08:30:34.517250, 10] libads/dns.c:775(sitename_store) sitename_store: realm = [baumann.local], sitename = [Default-First-Site-Name], expire = [2147483647] [2010/04/13 08:30:34.517274, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL and timeout = Tue Jan 19 04:14:07 2038 (876343413 seconds ahead) [2010/04/13 08:30:34.517319, 3] libads/ldap.c:634(ads_connect) Successfully contacted LDAP server 10.230.1.253 [2010/04/13 08:30:34.517344, 10] libads/ldap.c:62(ldap_open_with_timeout) Opening connection to LDAP server 'BAAD2.baumann.local:389', timeout 15 seconds [2010/04/13 08:30:34.519459, 10] libads/ldap.c:76(ldap_open_with_timeout) Connected to LDAP server 'BAAD2.baumann.local:389' [2010/04/13 08:30:34.519493, 3] libads/ldap.c:688(ads_connect) Connected to LDAP server BAAD2.baumann.local [2010/04/13 08:30:34.519520, 10] libads/ldap.c:165(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2010/04/13 08:30:34.519544, 10] libsmb/namequery.c:83(saf_store) saf_store: domain = [BAUMANN], server = [BAAD2.baumann.local], expire = [1271141134] [2010/04/13 08:30:34.519568, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = SAF/DOMAIN/BAUMANN and timeout = Tue Apr 13 08:45:34 2010 (900 seconds ahead) [2010/04/13 08:30:34.519618, 10] libsmb/namequery.c:83(saf_store) saf_store: domain = [BAUMANN.LOCAL], server = [BAAD2.baumann.local], expire = [1271141134] [2010/04/13 08:30:34.519641, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = SAF/DOMAIN/BAUMANN.LOCAL and timeout = Tue Apr 13 08:45:34 2010 (900 seconds ahead) [2010/04/13 08:30:34.520299, 4] libads/ldap.c:2850(ads_current_time) time offset is 0 seconds [2010/04/13 08:30:34.520758, 4] libads/sasl.c:1113(ads_sasl_bind) Found SASL mechanism GSS-SPNEGO [2010/04/13 08:30:34.521338, 3] libads/sasl.c:781(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2010/04/13 08:30:34.521370, 3] libads/sasl.c:781(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2010/04/13 08:30:34.521389, 3] libads/sasl.c:781(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 [2010/04/13 08:30:34.521407, 3] libads/sasl.c:781(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2010/04/13 08:30:34.521424, 3] libads/sasl.c:790(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore [2010/04/13 08:30:34.522125, 3] libsmb/clikrb5.c:698(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2010/04/13 08:30:34.522192, 10] libads/sasl.c:811(ads_sasl_spnego_bind) ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit [2010/04/13 08:30:34.522306, 10] libads/kerberos.c:188(kerberos_kinit_password_ext) kerberos_kinit_password: as BAFS2$@BAUMANN.LOCAL using [MEMORY:prtpub_cache] as ccache and config [/usr/local/samba-3.5.2-run/var/locks/smb_krb5/krb5.conf.BAUMANN] [2010/04/13 08:30:34.527406, 3] libsmb/clikrb5.c:620(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache] expiration Tue, 13 Apr 2010 18:30:34 CEST [2010/04/13 08:30:34.527455, 10] libsmb/clikrb5.c:732(ads_krb5_mk_req) ads_krb5_mk_req: Ticket (ldap/baad2.baumann.local@BAUMANN.LOCAL) in ccache (MEMORY:prtpub_cache) is valid until: (Tue, 13 Apr 2010 18:30:34 CEST - 1271176234) [2010/04/13 08:30:34.527484, 3] libsmb/clikrb5.c:743(ads_krb5_mk_req) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT [2010/04/13 08:30:34.528938, 10] libsmb/clikrb5.c:915(get_krb5_smb_session_key) Got KRB5 session key of length 16 [2010/04/13 08:30:34.530388, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.530419, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/13 08:30:34.530439, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.530459, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.530477, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.530513, 6] passdb/pdb_interface.c:285(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2010/04/13 08:30:34.530621, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username nobody, was [2010/04/13 08:30:34.530653, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name nobody, was [2010/04/13 08:30:34.530674, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain BAFS2, was [2010/04/13 08:30:34.530699, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-2611201042-2311796703-3303506133-501 [2010/04/13 08:30:34.530722, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2611201042-2311796703-3303506133-501 from rid 501 [2010/04/13 08:30:34.530756, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:34.530827, 10] lib/system_smbd.c:122(sys_getgrouplist) sys_getgrouplist: user [nobody] [2010/04/13 08:30:34.531193, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/GID2SID/65533 couldn't be found [2010/04/13 08:30:34.531230, 5] passdb/lookup_sid.c:1387(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 65533 [2010/04/13 08:30:34.531250, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.531270, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/13 08:30:34.531289, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.531307, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.531325, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.531395, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:34.531416, 10] passdb/lookup_sid.c:1182(legacy_gid_to_sid) LEGACY: gid 65533 -> sid S-1-22-2-65533 [2010/04/13 08:30:34.531452, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/GID2SID/65534 couldn't be found [2010/04/13 08:30:34.531481, 5] passdb/lookup_sid.c:1387(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 65534 [2010/04/13 08:30:34.531500, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.531520, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/13 08:30:34.531539, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.531557, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.531588, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.531641, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:34.531661, 10] passdb/lookup_sid.c:1182(legacy_gid_to_sid) LEGACY: gid 65534 -> sid S-1-22-2-65534 [2010/04/13 08:30:34.531686, 5] auth/auth_util.c:649(make_server_info_sam) make_server_info_sam: made server info for user nobody -> nobody [2010/04/13 08:30:34.531736, 10] passdb/lookup_sid.c:69(lookup_name) lookup_name: BAFS2\nobody => BAFS2 (domain), nobody (name) [2010/04/13 08:30:34.531755, 10] passdb/lookup_sid.c:70(lookup_name) lookup_name: flags = 0x073 [2010/04/13 08:30:34.531778, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.531798, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/13 08:30:34.531817, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.531836, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.531853, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.531887, 5] passdb/pdb_tdb.c:557(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_nobody [2010/04/13 08:30:34.531913, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:34.531934, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.531954, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/13 08:30:34.531973, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.531993, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.532010, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.532062, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:34.532087, 10] passdb/lookup_sid.c:69(lookup_name) lookup_name: Unix User\nobody => Unix User (domain), nobody (name) [2010/04/13 08:30:34.532106, 10] passdb/lookup_sid.c:70(lookup_name) lookup_name: flags = 0x073 [2010/04/13 08:30:34.532152, 10] passdb/lookup_sid.c:1427(sid_to_uid) sid S-1-22-1-65534 -> uid 65534 [2010/04/13 08:30:34.532231, 10] lib/system_smbd.c:122(sys_getgrouplist) sys_getgrouplist: user [nobody] [2010/04/13 08:30:34.532306, 10] auth/token_util.c:356(create_local_nt_token) Create local NT token for S-1-22-1-65534 [2010/04/13 08:30:34.532335, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.532355, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/13 08:30:34.532374, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.532394, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.532413, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.532720, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:34.532751, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-1-65534] [2010/04/13 08:30:34.532780, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-65533] [2010/04/13 08:30:34.532808, 5] lib/privileges.c:128(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/13 08:30:34.532858, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2010/04/13 08:30:34.532886, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2010/04/13 08:30:34.532913, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-65534] [2010/04/13 08:30:34.532950, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = IDMAP/SID2GID/S-1-1-0, value = 10002, timeout = Thu Apr 15 05:05:00 2010 [2010/04/13 08:30:34.532979, 10] passdb/lookup_sid.c:1518(sid_to_gid) sid S-1-1-0 -> gid 10002 [2010/04/13 08:30:34.533016, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = IDMAP/SID2GID/S-1-5-2, value = 10003, timeout = Thu Apr 15 05:05:00 2010 [2010/04/13 08:30:34.533044, 10] passdb/lookup_sid.c:1518(sid_to_gid) sid S-1-5-2 -> gid 10003 [2010/04/13 08:30:34.533081, 10] lib/gencache.c:345(gencache_get_data_blob) Returning expired cache entry: key = IDMAP/SID2GID/S-1-5-32-546, value = 10338, timeout = Mon Apr 12 19:06:03 2010 [2010/04/13 08:30:34.533110, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = IDMAP/SID2GID/S-1-5-32-546 and timeout = Thu Jan 1 01:00:00 1970 (-1271140234 seconds in the past) [2010/04/13 08:30:34.533206, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-546 [2010/04/13 08:30:34.533229, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.533249, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/13 08:30:34.533268, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.533287, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.533305, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.533404, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:34.533425, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-546 [2010/04/13 08:30:34.533447, 10] auth/auth_util.c:753(create_local_token) Could not convert SID S-1-5-32-546 to gid, ignoring it [2010/04/13 08:30:34.533472, 10] auth/token_util.c:531(debug_nt_user_token) NT user token of user S-1-22-1-65534 contains 8 SIDs SID[ 0]: S-1-22-1-65534 SID[ 1]: S-1-22-2-65533 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-2-65534 SID[ 6]: S-1-22-2-10002 SID[ 7]: S-1-22-2-10003 SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/13 08:30:34.533567, 10] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 65534 Primary group is 65533 and contains 4 supplementary groups Group[ 0]: 65533 Group[ 1]: 10002 Group[ 2]: 10003 Group[ 3]: 65534 [2010/04/13 08:30:34.534309, 3] printing/printing.c:1431(start_background_queue) start_background_queue: Starting background LPQ thread [2010/04/13 08:30:34.534708, 5] printing/printing.c:1453(start_background_queue) [2010/04/13 08:30:34.534848, 3] ../lib/util/util_net.c:68(interpret_string_addr_internal) start_background_queue: background LPQ thread started interpret_string_addr_internal: getaddrinfo failed for name :: [Address family for hostname not supported] [2010/04/13 08:30:34.535017, 3] ../lib/util/util_net.c:68(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name :: [Address family for hostname not supported] [2010/04/13 08:30:34.535136, 10] lib/util_sock.c:888(open_socket_in) bind succeeded on port 445 [2010/04/13 08:30:34.535177, 5] smbd/connection.c:142(claim_connection) [2010/04/13 08:30:34.535188, 5] lib/util_sock.c:304(print_socket_options) claiming [smbd lpq backend] Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 [2010/04/13 08:30:34.535368, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) TCP_QUICKACK = 1 Locking key BA150000FFFFFFFF736D [2010/04/13 08:30:34.535420, 5] lib/util_sock.c:304(print_socket_options) Socket options: [2010/04/13 08:30:34.535439, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) SO_KEEPALIVE = 1 SO_REUSEADDR = 1 Allocated locked data 0x0x7fb462078740 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 [2010/04/13 08:30:34.535532, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) SO_SNDBUF = 32768 SO_RCVBUF = 32768 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 Unlocking key BA150000FFFFFFFF736D [2010/04/13 08:30:34.535677, 10] lib/util_sock.c:888(open_socket_in) bind succeeded on port 139 [2010/04/13 08:30:34.535702, 5] printing/printing.c:1487(start_background_queue) start_background_queue: background LPQ thread waiting for messages [2010/04/13 08:30:34.535716, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2010/04/13 08:30:34.535867, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 32768 SO_RCVBUF = 32768 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2010/04/13 08:30:34.535998, 5] smbd/connection.c:142(claim_connection) claiming [] [2010/04/13 08:30:34.536085, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key B9150000FFFFFFFF0000 [2010/04/13 08:30:34.536119, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7fb462078850 [2010/04/13 08:30:34.536162, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key B9150000FFFFFFFF0000 [2010/04/13 08:30:34.536254, 5] lib/messages.c:297(messaging_register) Overriding messaging pointer for type 1 - private_data=(nil) [2010/04/13 08:30:34.536663, 2] smbd/server.c:721(smbd_parent_loop) waiting for connections [2010/04/13 08:30:34.772022, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 32768 SO_RCVBUF = 32768 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2010/04/13 08:30:34.772282, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 32768 SO_RCVBUF = 32768 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2010/04/13 08:30:34.772590, 6] param/loadparm.c:7132(lp_file_list_changed) lp_file_list_changed() file /usr/local/samba-3.5.2-run/lib/smb.conf -> /usr/local/samba-3.5.2-run/lib/smb.conf last mod_time: Tue Apr 13 08:29:19 2010 [2010/04/13 08:30:34.786767, 3] smbd/oplock.c:894(init_oplocks) init_oplocks: initializing messages. [2010/04/13 08:30:34.786883, 3] smbd/oplock_linux.c:224(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2010/04/13 08:30:34.786904, 5] lib/messages.c:329(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2010/04/13 08:30:34.786948, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(keepalive) 0x7fb461ff7290 [2010/04/13 08:30:34.786980, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(deadtime) 0x7fb461ff6ea0 [2010/04/13 08:30:34.787002, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(housekeeping) 0x7fb461fe6750 [2010/04/13 08:30:34.787067, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 68 [2010/04/13 08:30:34.787098, 6] smbd/process.c:1482(process_smb) got message type 0x81 of len 0x44 [2010/04/13 08:30:34.787119, 3] smbd/process.c:1485(process_smb) Transaction 0 of length 72 (0 toread) [2010/04/13 08:30:34.793429, 2] smbd/reply.c:536(reply_special) netbios connect: name1=BAFS2 0x20 name2=12-099 0x0 [2010/04/13 08:30:34.793505, 2] smbd/reply.c:547(reply_special) netbios connect: local=bafs2 remote=12-099, name type = 0 [2010/04/13 08:30:34.793570, 6] param/loadparm.c:7132(lp_file_list_changed) lp_file_list_changed() file /usr/local/samba-3.5.2-run/lib/smb.conf -> /usr/local/samba-3.5.2-run/lib/smb.conf last mod_time: Tue Apr 13 08:29:19 2010 [2010/04/13 08:30:34.793636, 5] smbd/reply.c:587(reply_special) init msg_type=0x81 msg_flags=0x0 [2010/04/13 08:30:34.794119, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 133 [2010/04/13 08:30:34.794146, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x85 [2010/04/13 08:30:34.794168, 3] smbd/process.c:1485(process_smb) Transaction 0 of length 137 (0 toread) [2010/04/13 08:30:34.794194, 5] lib/util.c:617(show_msg) [2010/04/13 08:30:34.794207, 5] lib/util.c:627(show_msg) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=98 [2010/04/13 08:30:34.794270, 10] ../lib/util/util.c:278(_dump_data) [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [0010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [0020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [0030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [0040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [0050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [0060] 32 00 2. [2010/04/13 08:30:34.794449, 3] smbd/process.c:1294(switch_message) switch message SMBnegprot (pid 5564) conn 0x0 [2010/04/13 08:30:34.794477, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:34.794503, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.794523, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.794567, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/13 08:30:34.797437, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2010/04/13 08:30:34.797471, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LANMAN1.0] [2010/04/13 08:30:34.797491, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2010/04/13 08:30:34.797511, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LM1.2X002] [2010/04/13 08:30:34.797531, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LANMAN2.1] [2010/04/13 08:30:34.797550, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [NT LM 0.12] [2010/04/13 08:30:34.797574, 10] lib/util.c:1969(set_remote_arch) set_remote_arch: Client arch is 'Win2K' [2010/04/13 08:30:34.797617, 6] param/loadparm.c:7132(lp_file_list_changed) lp_file_list_changed() file /usr/local/samba-3.5.2-run/lib/smb.conf -> /usr/local/samba-3.5.2-run/lib/smb.conf last mod_time: Tue Apr 13 08:29:19 2010 [2010/04/13 08:30:34.797677, 5] smbd/connection.c:142(claim_connection) claiming [] [2010/04/13 08:30:34.797766, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key BC150000FFFFFFFF0000 [2010/04/13 08:30:34.797801, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7fb46207c350 [2010/04/13 08:30:34.797855, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key BC150000FFFFFFFF0000 [2010/04/13 08:30:34.797968, 6] param/loadparm.c:7132(lp_file_list_changed) lp_file_list_changed() file /usr/local/samba-3.5.2-run/lib/smb.conf -> /usr/local/samba-3.5.2-run/lib/smb.conf last mod_time: Tue Apr 13 08:29:19 2010 [2010/04/13 08:30:34.798160, 10] lib/util.c:2598(name_to_fqdn) name_to_fqdn: lookup for BAFS2 -> bafs2.baumann-gmbh.de. [2010/04/13 08:30:34.798212, 3] smbd/negprot.c:404(reply_nt1) using SPNEGO [2010/04/13 08:30:34.798231, 3] smbd/negprot.c:691(reply_negprot) Selected protocol NT LM 0.12 [2010/04/13 08:30:34.798249, 5] smbd/negprot.c:698(reply_negprot) negprot index=5 [2010/04/13 08:30:34.798267, 5] lib/util.c:617(show_msg) [2010/04/13 08:30:34.798280, 5] lib/util.c:627(show_msg) size=185 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51283 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=48128 (0xBC00) smb_vwv[ 8]= 21 (0x15) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=20769 (0x5121) smb_vwv[13]=53970 (0xD2D2) smb_vwv[14]=51930 (0xCADA) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=116 [2010/04/13 08:30:34.798405, 10] ../lib/util/util.c:278(_dump_data) [0000] 62 61 66 73 32 00 00 00 00 00 00 00 00 00 00 00 bafs2... ........ [0010] 60 62 06 06 2B 06 01 05 05 02 A0 58 30 56 A0 24 `b..+... ...X0V.$ [0020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* [0030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... [0040] 37 02 02 0A A3 2E 30 2C A0 2A 1B 28 63 69 66 73 7.....0, .*.(cifs [0050] 2F 62 61 66 73 32 2E 62 61 75 6D 61 6E 6E 2D 67 /bafs2.b aumann-g [0060] 6D 62 68 2E 64 65 40 42 41 55 4D 41 4E 4E 2E 4C mbh.de@B AUMANN.L [0070] 4F 43 41 4C OCAL [2010/04/13 08:30:34.801598, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 236 [2010/04/13 08:30:34.801626, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0xec [2010/04/13 08:30:34.801648, 3] smbd/process.c:1485(process_smb) Transaction 1 of length 240 (0 toread) [2010/04/13 08:30:34.801670, 5] lib/util.c:617(show_msg) [2010/04/13 08:30:34.801687, 5] lib/util.c:627(show_msg) size=236 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 236 (0xEC) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=177 [2010/04/13 08:30:34.801792, 10] ../lib/util/util.c:278(_dump_data) [0000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... ...>0<.. [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7....* [0020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 07 82 .(NTLMSS P....... [0030] 08 A2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 05 01 28 0A 00 00 00 0F 00 57 00 69 00 6E ....(... ...W.i.n [0050] 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 00 30 .d.o.w.s . .2.0.0 [0060] 00 32 00 20 00 53 00 65 00 72 00 76 00 69 00 63 .2. .S.e .r.v.i.c [0070] 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 .e. .P.a .c.k. .3 [0080] 00 20 00 32 00 36 00 30 00 30 00 00 00 57 00 69 . .2.6.0 .0...W.i [0090] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 30 .n.d.o.w .s. .2.0 [00A0] 00 30 00 32 00 20 00 35 00 2E 00 31 00 00 00 00 .0.2. .5 ...1.... [00B0] 00 . [2010/04/13 08:30:34.802055, 3] smbd/process.c:1294(switch_message) switch message SMBsesssetupX (pid 5564) conn 0x0 [2010/04/13 08:30:34.802078, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:34.802097, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.802115, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.802143, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/13 08:30:34.802166, 3] smbd/sesssetup.c:1435(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2010/04/13 08:30:34.802188, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/04/13 08:30:34.802209, 3] smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego) Doing spnego session setup [2010/04/13 08:30:34.802232, 3] smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego) NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2010/04/13 08:30:34.802252, 10] lib/util.c:1969(set_remote_arch) set_remote_arch: Client arch is 'WinXP' [2010/04/13 08:30:34.802274, 10] smbd/password.c:184(register_initial_vuid) register_initial_vuid: allocated vuid = 100 [2010/04/13 08:30:34.802299, 10] smbd/sesssetup.c:1134(check_spnego_blob_complete) check_spnego_blob_complete: needed_len = 74, pblob->length = 74 [2010/04/13 08:30:34.802342, 5] smbd/sesssetup.c:753(parse_spnego_mechanisms) parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 [2010/04/13 08:30:34.802361, 3] smbd/sesssetup.c:805(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 40 [2010/04/13 08:30:34.802408, 5] auth/auth.c:510(make_auth_context_subsystem) Making default auth method list for security=ADS [2010/04/13 08:30:34.802437, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend sam [2010/04/13 08:30:34.802457, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'sam' [2010/04/13 08:30:34.802476, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend sam_ignoredomain [2010/04/13 08:30:34.802495, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'sam_ignoredomain' [2010/04/13 08:30:34.802514, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend unix [2010/04/13 08:30:34.802533, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'unix' [2010/04/13 08:30:34.802552, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend winbind [2010/04/13 08:30:34.802570, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'winbind' [2010/04/13 08:30:34.802592, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend wbc [2010/04/13 08:30:34.802611, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'wbc' [2010/04/13 08:30:34.802630, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend smbserver [2010/04/13 08:30:34.802649, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'smbserver' [2010/04/13 08:30:34.802669, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend trustdomain [2010/04/13 08:30:34.802689, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'trustdomain' [2010/04/13 08:30:34.802708, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend ntdomain [2010/04/13 08:30:34.802726, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'ntdomain' [2010/04/13 08:30:34.802755, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend guest [2010/04/13 08:30:34.802774, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'guest' [2010/04/13 08:30:34.802793, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend netlogond [2010/04/13 08:30:34.802816, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'netlogond' [2010/04/13 08:30:34.802835, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2010/04/13 08:30:34.802857, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method guest has a valid init [2010/04/13 08:30:34.802876, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2010/04/13 08:30:34.802898, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method sam has a valid init [2010/04/13 08:30:34.802917, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match winbind:ntdomain [2010/04/13 08:30:34.802937, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match ntdomain [2010/04/13 08:30:34.802956, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method ntdomain has a valid init [2010/04/13 08:30:34.802982, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method winbind has a valid init [2010/04/13 08:30:34.803030, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xa2088207 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_56 [2010/04/13 08:30:34.803113, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0xa2088207 (2718466567) 1: NTLMSSP_NEGOTIATE_UNICODE 1: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 0: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 0: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : NULL WorkstationLen : 0x0000 (0) WorkstationMaxLen : 0x0000 (0) Workstation : NULL Version: struct VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_5 (5) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x0a28 (2600) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) [2010/04/13 08:30:34.803547, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module guest did not want to specify a challenge [2010/04/13 08:30:34.803567, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module sam did not want to specify a challenge [2010/04/13 08:30:34.803585, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module winbind did not want to specify a challenge [2010/04/13 08:30:34.803616, 5] auth/auth.c:132(get_ntlm_challenge) auth_context challenge created by random [2010/04/13 08:30:34.803641, 5] auth/auth.c:133(get_ntlm_challenge) challenge is: [2010/04/13 08:30:34.803659, 5] ../lib/util/util.c:278(_dump_data) [0000] 54 43 F3 46 84 FE 9B A6 TC.F.... [2010/04/13 08:30:34.803912, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x000e (14) TargetNameMaxLen : 0x000e (14) TargetName : * TargetName : 'BAUMANN' NegotiateFlags : 0xa2898205 (2726920709) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 0: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 0: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 ServerChallenge : 5443f34684fe9ba6 Reserved : 0000000000000000 TargetInfoLen : 0x0074 (116) TargetNameInfoMaxLen : 0x0074 (116) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'BAUMANN' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x000a (10) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'BAFS2' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x001e (30) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'baumann-gmbh.de' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x002a (42) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'bafs2.baumann-gmbh.de' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Version: struct VERSION ProductMajorVersion : UNKNOWN_ENUM_VALUE (0x42) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_0 (0x0) ProductBuild : 0x0041 (65) Reserved : 55004d NTLMRevisionCurrent : UNKNOWN_ENUM_VALUE (0x0) [2010/04/13 08:30:34.804647, 5] lib/util.c:617(show_msg) [2010/04/13 08:30:34.804661, 5] lib/util.c:627(show_msg) size=302 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=64 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 209 (0xD1) smb_bcc=259 [2010/04/13 08:30:34.804745, 10] ../lib/util/util.c:278(_dump_data) [0000] A1 81 CE 30 81 CB A0 03 0A 01 01 A1 0C 06 0A 2B ...0.... .......+ [0010] 06 01 04 01 82 37 02 02 0A A2 81 B5 04 81 B2 4E .....7.. .......N [0020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 [0030] 00 00 00 05 82 89 A2 54 43 F3 46 84 FE 9B A6 00 .......T C.F..... [0040] 00 00 00 00 00 00 00 74 00 74 00 3E 00 00 00 42 .......t .t.>...B [0050] 00 41 00 55 00 4D 00 41 00 4E 00 4E 00 02 00 0E .A.U.M.A .N.N.... [0060] 00 42 00 41 00 55 00 4D 00 41 00 4E 00 4E 00 01 .B.A.U.M .A.N.N.. [0070] 00 0A 00 42 00 41 00 46 00 53 00 32 00 04 00 1E ...B.A.F .S.2.... [0080] 00 62 00 61 00 75 00 6D 00 61 00 6E 00 6E 00 2D .b.a.u.m .a.n.n.- [0090] 00 67 00 6D 00 62 00 68 00 2E 00 64 00 65 00 03 .g.m.b.h ...d.e.. [00A0] 00 2A 00 62 00 61 00 66 00 73 00 32 00 2E 00 62 .*.b.a.f .s.2...b [00B0] 00 61 00 75 00 6D 00 61 00 6E 00 6E 00 2D 00 67 .a.u.m.a .n.n.-.g [00C0] 00 6D 00 62 00 68 00 2E 00 64 00 65 00 00 00 00 .m.b.h.. .d.e.... [00D0] 00 55 00 6E 00 69 00 78 00 00 00 53 00 61 00 6D .U.n.i.x ...S.a.m [00E0] 00 62 00 61 00 20 00 33 00 2E 00 35 00 2E 00 32 .b.a. .3 ...5...2 [00F0] 00 00 00 42 00 41 00 55 00 4D 00 41 00 4E 00 4E ...B.A.U .M.A.N.N [0100] 00 00 00 ... [2010/04/13 08:30:34.805494, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 338 [2010/04/13 08:30:34.805520, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x152 [2010/04/13 08:30:34.805543, 3] smbd/process.c:1485(process_smb) Transaction 2 of length 342 (0 toread) [2010/04/13 08:30:34.805564, 5] lib/util.c:617(show_msg) [2010/04/13 08:30:34.805582, 5] lib/util.c:627(show_msg) size=338 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 338 (0x152) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 176 (0xB0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=279 [2010/04/13 08:30:34.805688, 10] ../lib/util/util.c:278(_dump_data) [0000] A1 81 AD 30 81 AA A2 81 A7 04 81 A4 4E 54 4C 4D ...0.... ....NTLM [0010] 53 53 50 00 03 00 00 00 18 00 18 00 74 00 00 00 SSP..... ....t... [0020] 18 00 18 00 8C 00 00 00 0E 00 0E 00 48 00 00 00 ........ ....H... [0030] 12 00 12 00 56 00 00 00 0C 00 0C 00 68 00 00 00 ....V... ....h... [0040] 00 00 00 00 A4 00 00 00 05 82 88 A2 05 01 28 0A ........ ......(. [0050] 00 00 00 0F 42 00 41 00 55 00 4D 00 41 00 4E 00 ....B.A. U.M.A.N. [0060] 4E 00 73 00 63 00 68 00 77 00 65 00 6E 00 6B 00 N.s.c.h. w.e.n.k. [0070] 61 00 6E 00 31 00 32 00 2D 00 30 00 39 00 39 00 a.n.1.2. -.0.9.9. [0080] AF 15 34 04 42 03 F5 C8 00 00 00 00 00 00 00 00 ..4.B... ........ [0090] 00 00 00 00 00 00 00 00 20 01 33 25 7C 49 62 6A ........ .3%|Ibj [00A0] 64 F2 24 85 C1 BC 47 B9 0E 33 47 43 79 F3 2C 93 d.$...G. .3GCy.,. [00B0] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. [00C0] 00 32 00 30 00 30 00 32 00 20 00 53 00 65 00 72 .2.0.0.2 . .S.e.r [00D0] 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 .v.i.c.e . .P.a.c [00E0] 00 6B 00 20 00 33 00 20 00 32 00 36 00 30 00 30 .k. .3. .2.6.0.0 [00F0] 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 ...W.i.n .d.o.w.s [0100] 00 20 00 32 00 30 00 30 00 32 00 20 00 35 00 2E . .2.0.0 .2. .5.. [0110] 00 31 00 00 00 00 00 .1..... [2010/04/13 08:30:34.806072, 3] smbd/process.c:1294(switch_message) switch message SMBsesssetupX (pid 5564) conn 0x0 [2010/04/13 08:30:34.806093, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:34.806113, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.806131, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.806160, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/13 08:30:34.806181, 3] smbd/sesssetup.c:1435(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2010/04/13 08:30:34.806199, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/04/13 08:30:34.806217, 3] smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego) Doing spnego session setup [2010/04/13 08:30:34.806239, 3] smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego) NativeOS=[Windows 2002 Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2010/04/13 08:30:34.806261, 10] smbd/sesssetup.c:1134(check_spnego_blob_complete) check_spnego_blob_complete: needed_len = 176, pblob->length = 176 [2010/04/13 08:30:34.806305, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : af1534044203f5c800000000000000000000000000000000 NtChallengeResponseLen : 0x0018 (24) NtChallengeResponseMaxLen: 0x0018 (24) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 24) v1: struct NTLM_RESPONSE Response : 200133257c49626a64f22485c1bc47b90e33474379f32c93 DomainNameLen : 0x000e (14) DomainNameMaxLen : 0x000e (14) DomainName : * DomainName : 'BAUMANN' UserNameLen : 0x0012 (18) UserNameMaxLen : 0x0012 (18) UserName : * UserName : 'schwenkan' WorkstationLen : 0x000c (12) WorkstationMaxLen : 0x000c (12) Workstation : * Workstation : '12-099' EncryptedRandomSessionKeyLen: 0x0000 (0) EncryptedRandomSessionKeyMaxLen: 0x0000 (0) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=0 NegotiateFlags : 0xa2888205 (2726855173) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 0: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 0: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 Version: struct VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_5 (5) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x0a28 (2600) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) [2010/04/13 08:30:34.806918, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth) Got user=[schwenkan] domain=[BAUMANN] workstation=[12-099] len1=24 len2=24 [2010/04/13 08:30:34.806941, 5] auth/auth_ntlmssp.c:70(auth_ntlmssp_set_challenge) auth_context challenge set by NTLMSSP callback (NTLM2) [2010/04/13 08:30:34.806963, 5] auth/auth_ntlmssp.c:71(auth_ntlmssp_set_challenge) challenge is: [2010/04/13 08:30:34.806980, 5] ../lib/util/util.c:278(_dump_data) [0000] 66 DF CC FF FA 32 6E CF f....2n. [2010/04/13 08:30:34.807038, 6] param/loadparm.c:7132(lp_file_list_changed) lp_file_list_changed() file /usr/local/samba-3.5.2-run/lib/smb.conf -> /usr/local/samba-3.5.2-run/lib/smb.conf last mod_time: Tue Apr 13 08:29:19 2010 [2010/04/13 08:30:34.807089, 5] auth/auth_util.c:211(make_user_info_map) Mapping user [BAUMANN]\[schwenkan] from workstation [12-099] [2010/04/13 08:30:34.807234, 10] lib/gencache.c:345(gencache_get_data_blob) Returning expired cache entry: key = TDOMCACHE/TIMESTAMP, value = 1271064302, timeout = Mon Apr 12 11:35:02 2010 [2010/04/13 08:30:34.807265, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = TDOMCACHE/TIMESTAMP and timeout = Thu Jan 1 01:00:00 1970 (-1271140234 seconds in the past) [2010/04/13 08:30:34.807320, 5] libsmb/trustdom_cache.c:190(trustdom_cache_fetch_timestamp) no timestamp for trusted domain cache located. [2010/04/13 08:30:34.807346, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = TDOMCACHE/TIMESTAMP and timeout = Tue Apr 13 08:40:34 2010 (600 seconds ahead) [2010/04/13 08:30:34.807392, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = TDOMCACHE/TIMESTAMP and timeout = Tue Apr 13 08:40:34 2010 (600 seconds ahead) [2010/04/13 08:30:34.807448, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.807479, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.807507, 4] libsmb/namequery_dc.c:73(ads_dc_name) ads_dc_name: domain=BAUMANN [2010/04/13 08:30:34.807538, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.807574, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.807593, 6] libads/ldap.c:379(ads_find_dc) ads_find_dc: (cldap) looking for realm 'BAUMANN.LOCAL' [2010/04/13 08:30:34.807618, 8] libsmb/namequery.c:2071(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name BAUMANN.LOCAL (sitename Default-First-Site-Name) using [ads] [2010/04/13 08:30:34.807669, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = SAFJOIN/DOMAIN/BAUMANN.LOCAL couldn't be found [2010/04/13 08:30:34.807695, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = SAF/DOMAIN/BAUMANN.LOCAL, value = BAAD2.baumann.local, timeout = Tue Apr 13 08:45:34 2010 [2010/04/13 08:30:34.807721, 5] libsmb/namequery.c:188(saf_fetch) saf_fetch: Returning "BAAD2.baumann.local" for "BAUMANN.LOCAL" domain [2010/04/13 08:30:34.807747, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: "BAAD2.baumann.local, baad2.baumann.local" [2010/04/13 08:30:34.807783, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.807810, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.807833, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up BAAD2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.807863, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.807889, 5] libsmb/namecache.c:192(namecache_fetch) name BAAD2.baumann.local#20 found. [2010/04/13 08:30:34.807967, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.807987, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.808018, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.808045, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.808066, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up baad2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.808092, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.808125, 5] libsmb/namecache.c:192(namecache_fetch) name baad2.baumann.local#20 found. [2010/04/13 08:30:34.808178, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.808198, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.808220, 10] libsmb/namequery.c:572(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2010/04/13 08:30:34.808241, 4] libsmb/namequery.c:2020(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2010/04/13 08:30:34.808261, 4] libsmb/namequery.c:2021(get_dc_list) get_dc_list: 10.230.1.253:389 [2010/04/13 08:30:34.808296, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.808323, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.808345, 5] libads/ldap.c:226(ads_try_connect) ads_try_connect: sending CLDAP request to 10.230.1.253 (realm: BAUMANN.LOCAL) [2010/04/13 08:30:34.809117, 10] libads/dns.c:775(sitename_store) sitename_store: realm = [BAUMANN], sitename = [Default-First-Site-Name], expire = [2147483647] [2010/04/13 08:30:34.809150, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/BAUMANN and timeout = Tue Jan 19 04:14:07 2038 (876343413 seconds ahead) [2010/04/13 08:30:34.809197, 10] libads/dns.c:775(sitename_store) sitename_store: realm = [baumann.local], sitename = [Default-First-Site-Name], expire = [2147483647] [2010/04/13 08:30:34.809223, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL and timeout = Tue Jan 19 04:14:07 2038 (876343413 seconds ahead) [2010/04/13 08:30:34.809268, 3] libads/ldap.c:634(ads_connect) Successfully contacted LDAP server 10.230.1.253 [2010/04/13 08:30:34.809303, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.809330, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.809353, 10] libads/ldap.c:165(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2010/04/13 08:30:34.809402, 10] libads/kerberos.c:910(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: fname = /usr/local/samba-3.5.2-run/var/locks/smb_krb5/krb5.conf.BAUMANN, realm = BAUMANN.LOCAL, domain = BAUMANN [2010/04/13 08:30:34.809445, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = SAFJOIN/DOMAIN/BAUMANN.LOCAL couldn't be found [2010/04/13 08:30:34.809471, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = SAF/DOMAIN/BAUMANN.LOCAL, value = BAAD2.baumann.local, timeout = Tue Apr 13 08:45:34 2010 [2010/04/13 08:30:34.809499, 5] libsmb/namequery.c:188(saf_fetch) saf_fetch: Returning "BAAD2.baumann.local" for "BAUMANN.LOCAL" domain [2010/04/13 08:30:34.809523, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: "BAAD2.baumann.local, baad2.baumann.local" [2010/04/13 08:30:34.809556, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.809583, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.809604, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up BAAD2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.809630, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.809657, 5] libsmb/namecache.c:192(namecache_fetch) name BAAD2.baumann.local#20 found. [2010/04/13 08:30:34.809711, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.809731, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.809761, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.809788, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.809820, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up baad2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.809847, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.809874, 5] libsmb/namecache.c:192(namecache_fetch) name baad2.baumann.local#20 found. [2010/04/13 08:30:34.809926, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.809946, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.809965, 10] libsmb/namequery.c:572(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2010/04/13 08:30:34.809986, 4] libsmb/namequery.c:2020(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2010/04/13 08:30:34.810006, 4] libsmb/namequery.c:2021(get_dc_list) get_dc_list: 10.230.1.253:389 [2010/04/13 08:30:34.810041, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = SAFJOIN/DOMAIN/BAUMANN.LOCAL couldn't be found [2010/04/13 08:30:34.810067, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = SAF/DOMAIN/BAUMANN.LOCAL, value = BAAD2.baumann.local, timeout = Tue Apr 13 08:45:34 2010 [2010/04/13 08:30:34.810094, 5] libsmb/namequery.c:188(saf_fetch) saf_fetch: Returning "BAAD2.baumann.local" for "BAUMANN.LOCAL" domain [2010/04/13 08:30:34.810119, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: "BAAD2.baumann.local, baad2.baumann.local" [2010/04/13 08:30:34.810150, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.810178, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.810198, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up BAAD2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.810224, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.810251, 5] libsmb/namecache.c:192(namecache_fetch) name BAAD2.baumann.local#20 found. [2010/04/13 08:30:34.810303, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.810324, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.810353, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.810380, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.810401, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up baad2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.810427, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.810453, 5] libsmb/namecache.c:192(namecache_fetch) name baad2.baumann.local#20 found. [2010/04/13 08:30:34.810505, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.810533, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.810554, 10] libsmb/namequery.c:572(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2010/04/13 08:30:34.810573, 4] libsmb/namequery.c:2020(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2010/04/13 08:30:34.810593, 4] libsmb/namequery.c:2021(get_dc_list) get_dc_list: 10.230.1.253:389 [2010/04/13 08:30:34.810615, 10] libads/kerberos.c:856(get_kdc_ip_string) get_kdc_ip_string: Returning kdc = 10.230.1.253 [2010/04/13 08:30:34.810812, 5] libads/kerberos.c:978(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: wrote file /usr/local/samba-3.5.2-run/var/locks/smb_krb5/krb5.conf.BAUMANN with realm BAUMANN.LOCAL KDC list = kdc = 10.230.1.253 [2010/04/13 08:30:34.810849, 4] libsmb/namequery_dc.c:143(ads_dc_name) ads_dc_name: using server='BAAD2.BAUMANN.LOCAL' IP=10.230.1.253 [2010/04/13 08:30:34.811051, 3] libsmb/cliconnect.c:2196(cli_start_connection) Connecting to host=BAAD2.BAUMANN.LOCAL [2010/04/13 08:30:34.811092, 10] lib/events.c:123(run_events) Running timed event "tevent_req_timedout" 0x7fb461fee7a0 [2010/04/13 08:30:34.811125, 3] lib/util_sock.c:974(open_socket_out_send) Connecting to 10.230.1.253 at port 445 [2010/04/13 08:30:34.811530, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 32768 SO_RCVBUF = 32768 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2010/04/13 08:30:34.814215, 10] libsmb/clientgen.c:553(cli_init_creds) cli_init_creds: user domain [2010/04/13 08:30:34.819643, 5] rpc_client/cli_pipe.c:2637(rpc_pipe_bind_send) Bind RPC Pipe: host BAAD2.BAUMANN.LOCAL auth_type 0, auth_level 1 [2010/04/13 08:30:34.819687, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000001 [2010/04/13 08:30:34.819797, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_rb [2010/04/13 08:30:34.819818, 6] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 [2010/04/13 08:30:34.819884, 6] rpc_parse/parse_prs.c:89(prs_debug) 00001f smb_io_rpc_iface [2010/04/13 08:30:34.819907, 7] rpc_parse/parse_prs.c:89(prs_debug) 000020 smb_io_uuid uuid 0020 data : 12345778 0024 data : 1234 0026 data : abcd 0028 data : ef 00 002a data : 01 23 45 67 89 ab 0030 version: 00000000 [2010/04/13 08:30:34.819980, 6] rpc_parse/parse_prs.c:89(prs_debug) 000034 smb_io_rpc_iface [2010/04/13 08:30:34.820001, 7] rpc_parse/parse_prs.c:89(prs_debug) 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 [2010/04/13 08:30:34.820072, 5] rpc_client/cli_pipe.c:1372(rpc_api_pipe_send) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL [2010/04/13 08:30:34.820103, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2010/04/13 08:30:34.820568, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 [2010/04/13 08:30:34.820690, 10] rpc_client/cli_pipe.c:1471(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK [2010/04/13 08:30:34.820716, 10] rpc_client/cli_pipe.c:1522(rpc_api_pipe_got_pdu) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL returned 68 bytes. [2010/04/13 08:30:34.820739, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000001 [2010/04/13 08:30:34.820838, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_ba [2010/04/13 08:30:34.820858, 6] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00274417 [2010/04/13 08:30:34.820902, 6] rpc_parse/parse_prs.c:89(prs_debug) 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \pipe\lsass. [2010/04/13 08:30:34.820945, 6] rpc_parse/parse_prs.c:89(prs_debug) 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 [2010/04/13 08:30:34.820988, 6] rpc_parse/parse_prs.c:89(prs_debug) 000030 smb_io_rpc_iface [2010/04/13 08:30:34.821008, 7] rpc_parse/parse_prs.c:89(prs_debug) 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 [2010/04/13 08:30:34.821076, 5] rpc_client/cli_pipe.c:2484(check_bind_response) check_bind_response: accepted! [2010/04/13 08:30:34.821102, 10] rpc_client/cli_pipe.c:3801(cli_rpc_pipe_open_noauth_transport) cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine BAAD2.BAUMANN.LOCAL and bound anonymously. [2010/04/13 08:30:34.821138, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x00000001 (1) 1: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2010/04/13 08:30:34.830263, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000002 [2010/04/13 08:30:34.830377, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000002c 0014 context_id: 0000 0016 opnum : 0006 [2010/04/13 08:30:34.830421, 5] rpc_client/cli_pipe.c:1372(rpc_api_pipe_send) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL [2010/04/13 08:30:34.830446, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=68, this_data=68, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2010/04/13 08:30:34.830986, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000002 [2010/04/13 08:30:34.831103, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/13 08:30:34.831154, 10] rpc_client/cli_pipe.c:1002(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 48, data_len 24, ss_len 0 [2010/04/13 08:30:34.831175, 10] rpc_client/cli_pipe.c:1471(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK [2010/04/13 08:30:34.831196, 10] rpc_client/cli_pipe.c:1522(rpc_api_pipe_got_pdu) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL returned 48 bytes. [2010/04/13 08:30:34.831233, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 3b54acae-a6ac-44cc-9daf-7fcba2e51996 result : NT_STATUS_OK [2010/04/13 08:30:34.831321, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_EnumTrustDom: struct lsa_EnumTrustDom in: struct lsa_EnumTrustDom handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 3b54acae-a6ac-44cc-9daf-7fcba2e51996 resume_handle : * resume_handle : 0x00000000 (0) max_size : 0xffffffff (4294967295) [2010/04/13 08:30:34.831430, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0034 000a auth_len : 0000 000c call_id : 00000003 [2010/04/13 08:30:34.831527, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000001c 0014 context_id: 0000 0016 opnum : 000d [2010/04/13 08:30:34.831572, 5] rpc_client/cli_pipe.c:1372(rpc_api_pipe_send) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL [2010/04/13 08:30:34.831596, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=52, this_data=52, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2010/04/13 08:30:34.840097, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0078 000a auth_len : 0000 000c call_id : 00000003 [2010/04/13 08:30:34.840215, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000060 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/13 08:30:34.840264, 10] rpc_client/cli_pipe.c:1002(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 120, data_len 96, ss_len 0 [2010/04/13 08:30:34.840284, 10] rpc_client/cli_pipe.c:1471(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 120 at offset 0: NT_STATUS_OK [2010/04/13 08:30:34.840306, 10] rpc_client/cli_pipe.c:1522(rpc_api_pipe_got_pdu) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL returned 192 bytes. [2010/04/13 08:30:34.840347, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_EnumTrustDom: struct lsa_EnumTrustDom out: struct lsa_EnumTrustDom resume_handle : * resume_handle : 0x80000001 (2147483649) domains : * domains: struct lsa_DomainList count : 0x00000001 (1) domains : * domains: ARRAY(1) domains: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0018 (24) size : 0x001a (26) string : * string : 'BAUMANN-GMBH' sid : * sid : S-1-5-21-1133090748-3639176701-2116357234 result : NT_STATUS_OK [2010/04/13 08:30:34.840557, 10] libsmb/trusts_util.c:217(enumerate_domain_trusts) enumerate_domain_trusts: shutting down connection... [2010/04/13 08:30:34.840965, 10] rpc_client/rpc_transport_np.c:81(rpc_transport_np_state_destructor) rpc_pipe_destructor: closed \lsarpc [2010/04/13 08:30:34.840993, 6] libsmb/clientgen.c:323(write_socket) write_socket(26,39) [2010/04/13 08:30:34.841022, 6] libsmb/clientgen.c:326(write_socket) write_socket(26,39) wrote 39 [2010/04/13 08:30:34.841350, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 35 [2010/04/13 08:30:34.841380, 5] lib/util.c:617(show_msg) [2010/04/13 08:30:34.841395, 5] lib/util.c:627(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=8198 smb_pid=5564 smb_uid=16386 smb_mid=9 smt_wct=0 smb_bcc=0 [2010/04/13 08:30:34.841489, 5] libsmb/trustdom_cache.c:106(trustdom_cache_store) trustdom_store: storing SID S-1-5-21-1133090748-3639176701-2116357234 of domain BAUMANN-GMBH [2010/04/13 08:30:34.841523, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = TDOM/BAUMANN-GMBH and timeout = Tue Apr 13 08:40:34 2010 (600 seconds ahead) [2010/04/13 08:30:34.841609, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = TDOM/BAUMANN couldn't be found [2010/04/13 08:30:34.841629, 5] libsmb/trustdom_cache.c:159(trustdom_cache_fetch) no entry for trusted domain BAUMANN found. [2010/04/13 08:30:34.841650, 5] auth/auth_util.c:122(make_user_info) attempting to make a user_info for schwenkan (schwenkan) [2010/04/13 08:30:34.841670, 5] auth/auth_util.c:132(make_user_info) making strings for schwenkan's user_info struct [2010/04/13 08:30:34.841689, 5] auth/auth_util.c:164(make_user_info) making blobs for schwenkan's user_info struct [2010/04/13 08:30:34.841717, 10] auth/auth_util.c:182(make_user_info) made an encrypted user_info for schwenkan (schwenkan) [2010/04/13 08:30:34.841737, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [BAUMANN]\[schwenkan]@[12-099] with the new password interface [2010/04/13 08:30:34.841759, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [BAUMANN]\[schwenkan]@[12-099] [2010/04/13 08:30:34.841777, 10] auth/auth.c:228(check_ntlm_password) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2010/04/13 08:30:34.841814, 10] auth/auth.c:230(check_ntlm_password) challenge is: [2010/04/13 08:30:34.841832, 5] ../lib/util/util.c:278(_dump_data) [0000] 66 DF CC FF FA 32 6E CF f....2n. [2010/04/13 08:30:34.841873, 10] auth/auth.c:256(check_ntlm_password) check_ntlm_password: guest had nothing to say [2010/04/13 08:30:34.841897, 8] lib/util.c:1869(is_myname) is_myname("BAUMANN") returns 0 [2010/04/13 08:30:34.841916, 6] auth/auth_sam.c:553(check_samstrict_security) check_samstrict_security: BAUMANN is not one of my local names (ROLE_DOMAIN_MEMBER) [2010/04/13 08:30:34.841937, 10] auth/auth.c:256(check_ntlm_password) check_ntlm_password: sam had nothing to say [2010/04/13 08:30:34.841960, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.841983, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/13 08:30:34.842004, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/13 08:30:34.842024, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:34.842043, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:34.842130, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:34.842150, 10] auth/auth_winbind.c:85(check_winbind_security) check_winbind_security: wbcAuthenticateUserEx failed: WBC_ERR_WINBIND_NOT_AVAILABLE [2010/04/13 08:30:34.842204, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.842232, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.842255, 4] libsmb/namequery_dc.c:73(ads_dc_name) ads_dc_name: domain=BAUMANN [2010/04/13 08:30:34.842281, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.842308, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.842327, 6] libads/ldap.c:379(ads_find_dc) ads_find_dc: (cldap) looking for realm 'BAUMANN.LOCAL' [2010/04/13 08:30:34.842346, 8] libsmb/namequery.c:2071(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name BAUMANN.LOCAL (sitename Default-First-Site-Name) using [ads] [2010/04/13 08:30:34.842380, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = SAFJOIN/DOMAIN/BAUMANN.LOCAL couldn't be found [2010/04/13 08:30:34.842404, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = SAF/DOMAIN/BAUMANN.LOCAL, value = BAAD2.baumann.local, timeout = Tue Apr 13 08:45:34 2010 [2010/04/13 08:30:34.842431, 5] libsmb/namequery.c:188(saf_fetch) saf_fetch: Returning "BAAD2.baumann.local" for "BAUMANN.LOCAL" domain [2010/04/13 08:30:34.842456, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: "BAAD2.baumann.local, baad2.baumann.local" [2010/04/13 08:30:34.842489, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.842525, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.842547, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up BAAD2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.842573, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.842600, 5] libsmb/namecache.c:192(namecache_fetch) name BAAD2.baumann.local#20 found. [2010/04/13 08:30:34.842669, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.842690, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.842722, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.842750, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.842771, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up baad2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.842797, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.842824, 5] libsmb/namecache.c:192(namecache_fetch) name baad2.baumann.local#20 found. [2010/04/13 08:30:34.842877, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.842897, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.842916, 10] libsmb/namequery.c:572(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2010/04/13 08:30:34.842938, 4] libsmb/namequery.c:2020(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2010/04/13 08:30:34.842957, 4] libsmb/namequery.c:2021(get_dc_list) get_dc_list: 10.230.1.253:389 [2010/04/13 08:30:34.842991, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.843011, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.843032, 5] libads/ldap.c:226(ads_try_connect) ads_try_connect: sending CLDAP request to 10.230.1.253 (realm: BAUMANN.LOCAL) [2010/04/13 08:30:34.843719, 10] libads/dns.c:775(sitename_store) sitename_store: realm = [BAUMANN], sitename = [Default-First-Site-Name], expire = [2147483647] [2010/04/13 08:30:34.843751, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/BAUMANN and timeout = Tue Jan 19 04:14:07 2038 (876343413 seconds ahead) [2010/04/13 08:30:34.843797, 10] libads/dns.c:775(sitename_store) sitename_store: realm = [baumann.local], sitename = [Default-First-Site-Name], expire = [2147483647] [2010/04/13 08:30:34.843823, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL and timeout = Tue Jan 19 04:14:07 2038 (876343413 seconds ahead) [2010/04/13 08:30:34.843868, 3] libads/ldap.c:634(ads_connect) Successfully contacted LDAP server 10.230.1.253 [2010/04/13 08:30:34.843898, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.843937, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.843957, 10] libads/ldap.c:165(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2010/04/13 08:30:34.844009, 10] libads/kerberos.c:910(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: fname = /usr/local/samba-3.5.2-run/var/locks/smb_krb5/krb5.conf.BAUMANN, realm = BAUMANN.LOCAL, domain = BAUMANN [2010/04/13 08:30:34.844051, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = SAFJOIN/DOMAIN/BAUMANN.LOCAL couldn't be found [2010/04/13 08:30:34.844077, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = SAF/DOMAIN/BAUMANN.LOCAL, value = BAAD2.baumann.local, timeout = Tue Apr 13 08:45:34 2010 [2010/04/13 08:30:34.844106, 5] libsmb/namequery.c:188(saf_fetch) saf_fetch: Returning "BAAD2.baumann.local" for "BAUMANN.LOCAL" domain [2010/04/13 08:30:34.844130, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: "BAAD2.baumann.local, baad2.baumann.local" [2010/04/13 08:30:34.844162, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.844189, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.844210, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up BAAD2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.844236, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.844263, 5] libsmb/namecache.c:192(namecache_fetch) name BAAD2.baumann.local#20 found. [2010/04/13 08:30:34.844318, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.844338, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.844368, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.844395, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.844415, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up baad2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.844441, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.844506, 5] libsmb/namecache.c:192(namecache_fetch) name baad2.baumann.local#20 found. [2010/04/13 08:30:34.844561, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.844584, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.844603, 10] libsmb/namequery.c:572(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2010/04/13 08:30:34.844624, 4] libsmb/namequery.c:2020(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2010/04/13 08:30:34.844643, 4] libsmb/namequery.c:2021(get_dc_list) get_dc_list: 10.230.1.253:389 [2010/04/13 08:30:34.844680, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = SAFJOIN/DOMAIN/BAUMANN.LOCAL couldn't be found [2010/04/13 08:30:34.844715, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = SAF/DOMAIN/BAUMANN.LOCAL, value = BAAD2.baumann.local, timeout = Tue Apr 13 08:45:34 2010 [2010/04/13 08:30:34.844742, 5] libsmb/namequery.c:188(saf_fetch) saf_fetch: Returning "BAAD2.baumann.local" for "BAUMANN.LOCAL" domain [2010/04/13 08:30:34.844767, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: "BAAD2.baumann.local, baad2.baumann.local" [2010/04/13 08:30:34.844799, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.844826, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.844848, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up BAAD2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.844874, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.844901, 5] libsmb/namecache.c:192(namecache_fetch) name BAAD2.baumann.local#20 found. [2010/04/13 08:30:34.844953, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.844973, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.845002, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = AD_SITENAME/DOMAIN/BAUMANN.LOCAL, value = Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2010/04/13 08:30:34.845029, 5] libads/dns.c:810(sitename_fetch) sitename_fetch: Returning sitename for BAUMANN.LOCAL: "Default-First-Site-Name" [2010/04/13 08:30:34.845050, 10] libsmb/namequery.c:1400(internal_resolve_name) internal_resolve_name: looking up baad2.baumann.local#20 (sitename Default-First-Site-Name) [2010/04/13 08:30:34.845076, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = NBT/BAAD2.BAUMANN.LOCAL#20, value = 10.230.1.253:0, timeout = Tue Apr 13 08:41:34 2010 [2010/04/13 08:30:34.845102, 5] libsmb/namecache.c:192(namecache_fetch) name baad2.baumann.local#20 found. [2010/04/13 08:30:34.845154, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = NEG_CONN_CACHE/BAUMANN.LOCAL,10.230.1.253 couldn't be found [2010/04/13 08:30:34.845173, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain BAUMANN.LOCAL server 10.230.1.253 [2010/04/13 08:30:34.845192, 10] libsmb/namequery.c:572(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2010/04/13 08:30:34.845213, 4] libsmb/namequery.c:2020(get_dc_list) get_dc_list: returning 1 ip addresses in an ordered list [2010/04/13 08:30:34.845233, 4] libsmb/namequery.c:2021(get_dc_list) get_dc_list: 10.230.1.253:389 [2010/04/13 08:30:34.845255, 10] libads/kerberos.c:856(get_kdc_ip_string) get_kdc_ip_string: Returning kdc = 10.230.1.253 [2010/04/13 08:30:34.845437, 5] libads/kerberos.c:978(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: wrote file /usr/local/samba-3.5.2-run/var/locks/smb_krb5/krb5.conf.BAUMANN with realm BAUMANN.LOCAL KDC list = kdc = 10.230.1.253 [2010/04/13 08:30:34.845472, 4] libsmb/namequery_dc.c:143(ads_dc_name) ads_dc_name: using server='BAAD2.BAUMANN.LOCAL' IP=10.230.1.253 [2010/04/13 08:30:34.848920, 3] libsmb/cliconnect.c:2196(cli_start_connection) Connecting to host=BAAD2.BAUMANN.LOCAL [2010/04/13 08:30:34.848956, 10] lib/events.c:123(run_events) Running timed event "tevent_req_timedout" 0x7fb461fee7a0 [2010/04/13 08:30:34.848999, 3] lib/util_sock.c:974(open_socket_out_send) Connecting to 10.230.1.253 at port 445 [2010/04/13 08:30:34.849392, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 32768 SO_RCVBUF = 32768 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2010/04/13 08:30:34.850840, 10] libsmb/clientgen.c:553(cli_init_creds) cli_init_creds: user domain [2010/04/13 08:30:34.851298, 5] rpc_client/cli_pipe.c:2637(rpc_pipe_bind_send) Bind RPC Pipe: host BAAD2.BAUMANN.LOCAL auth_type 0, auth_level 1 [2010/04/13 08:30:34.851326, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000004 [2010/04/13 08:30:34.851435, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_rb [2010/04/13 08:30:34.851455, 6] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 [2010/04/13 08:30:34.851520, 6] rpc_parse/parse_prs.c:89(prs_debug) 00001f smb_io_rpc_iface [2010/04/13 08:30:34.851540, 7] rpc_parse/parse_prs.c:89(prs_debug) 000020 smb_io_uuid uuid 0020 data : 12345678 0024 data : 1234 0026 data : abcd 0028 data : ef 00 002a data : 01 23 45 67 cf fb 0030 version: 00000001 [2010/04/13 08:30:34.851613, 6] rpc_parse/parse_prs.c:89(prs_debug) 000034 smb_io_rpc_iface [2010/04/13 08:30:34.851634, 7] rpc_parse/parse_prs.c:89(prs_debug) 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 [2010/04/13 08:30:34.851705, 5] rpc_client/cli_pipe.c:1372(rpc_api_pipe_send) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL [2010/04/13 08:30:34.851730, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2010/04/13 08:30:34.852159, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000004 [2010/04/13 08:30:34.852279, 10] rpc_client/cli_pipe.c:1471(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK [2010/04/13 08:30:34.852301, 10] rpc_client/cli_pipe.c:1522(rpc_api_pipe_got_pdu) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL returned 68 bytes. [2010/04/13 08:30:34.852325, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000004 [2010/04/13 08:30:34.852420, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_ba [2010/04/13 08:30:34.852441, 6] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00274418 [2010/04/13 08:30:34.852495, 6] rpc_parse/parse_prs.c:89(prs_debug) 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \pipe\lsass. [2010/04/13 08:30:34.852536, 6] rpc_parse/parse_prs.c:89(prs_debug) 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 [2010/04/13 08:30:34.852579, 6] rpc_parse/parse_prs.c:89(prs_debug) 000030 smb_io_rpc_iface [2010/04/13 08:30:34.852599, 7] rpc_parse/parse_prs.c:89(prs_debug) 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 [2010/04/13 08:30:34.852669, 5] rpc_client/cli_pipe.c:2484(check_bind_response) check_bind_response: accepted! [2010/04/13 08:30:34.852692, 10] rpc_client/cli_pipe.c:3801(cli_rpc_pipe_open_noauth_transport) cli_rpc_pipe_open_noauth: opened pipe \netlogon to machine BAAD2.BAUMANN.LOCAL and bound anonymously. [2010/04/13 08:30:34.858460, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\BAAD2.BAUMANN.LOCAL' computer_name : * computer_name : 'BAFS2' credentials : * credentials: struct netr_Credential data : 948f3ddbff59f618 [2010/04/13 08:30:34.872087, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0074 000a auth_len : 0000 000c call_id : 00000005 [2010/04/13 08:30:34.872202, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000005c 0014 context_id: 0000 0016 opnum : 0004 [2010/04/13 08:30:34.872248, 5] rpc_client/cli_pipe.c:1372(rpc_api_pipe_send) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL [2010/04/13 08:30:34.872273, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=116, this_data=116, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2010/04/13 08:30:34.872711, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0024 000a auth_len : 0000 000c call_id : 00000005 [2010/04/13 08:30:34.872829, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 0000000c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/13 08:30:34.872880, 10] rpc_client/cli_pipe.c:1002(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 36, data_len 12, ss_len 0 [2010/04/13 08:30:34.872901, 10] rpc_client/cli_pipe.c:1471(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 36 at offset 0: NT_STATUS_OK [2010/04/13 08:30:34.872922, 10] rpc_client/cli_pipe.c:1522(rpc_api_pipe_got_pdu) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL returned 24 bytes. [2010/04/13 08:30:34.872954, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : c118e7e64b30161d result : NT_STATUS_OK [2010/04/13 08:30:34.873161, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 in: struct netr_ServerAuthenticate2 server_name : * server_name : '\\BAAD2.BAUMANN.LOCAL' account_name : * account_name : 'BAFS2$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'BAFS2' credentials : * credentials: struct netr_Credential data : 3c057c8f39b0cb42 negotiate_flags : * negotiate_flags : 0x600fffff (1611661311) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 0: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2010/04/13 08:30:34.874526, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0094 000a auth_len : 0000 000c call_id : 00000006 [2010/04/13 08:30:34.874658, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000007c 0014 context_id: 0000 0016 opnum : 000f [2010/04/13 08:30:34.874704, 5] rpc_client/cli_pipe.c:1372(rpc_api_pipe_send) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL [2010/04/13 08:30:34.874730, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=148, this_data=148, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2010/04/13 08:30:34.875506, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0028 000a auth_len : 0000 000c call_id : 00000006 [2010/04/13 08:30:34.875623, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 00000010 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/13 08:30:34.875673, 10] rpc_client/cli_pipe.c:1002(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 40, data_len 16, ss_len 0 [2010/04/13 08:30:34.875704, 10] rpc_client/cli_pipe.c:1471(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 40 at offset 0: NT_STATUS_OK [2010/04/13 08:30:34.875725, 10] rpc_client/cli_pipe.c:1522(rpc_api_pipe_got_pdu) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL returned 32 bytes. [2010/04/13 08:30:34.875756, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 out: struct netr_ServerAuthenticate2 return_credentials : * return_credentials: struct netr_Credential data : 5e0ab11e37c405b8 negotiate_flags : * negotiate_flags : 0x600fffff (1611661311) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 0: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC result : NT_STATUS_OK [2010/04/13 08:30:34.876079, 5] rpc_client/cli_netlogon.c:134(rpccli_netlogon_setup_creds) rpccli_netlogon_setup_creds: server BAAD2.BAUMANN.LOCAL credential chain established. [2010/04/13 08:30:34.876563, 5] rpc_client/cli_pipe.c:2637(rpc_pipe_bind_send) Bind RPC Pipe: host BAAD2.BAUMANN.LOCAL auth_type 2, auth_level 6 [2010/04/13 08:30:34.876612, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &r: struct NL_AUTH_MESSAGE MessageType : NL_NEGOTIATE_REQUEST (0x0) Flags : 0x00000003 (3) 1: NL_FLAG_OEM_NETBIOS_DOMAIN_NAME 1: NL_FLAG_OEM_NETBIOS_COMPUTER_NAME 0: NL_FLAG_UTF8_DNS_DOMAIN_NAME 0: NL_FLAG_UTF8_DNS_HOST_NAME 0: NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME oem_netbios_domain : 'BAUMANN' oem_netbios_computer : 'BAFS2' [2010/04/13 08:30:34.876724, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0066 000a auth_len : 0016 000c call_id : 00000007 [2010/04/13 08:30:34.876823, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_rb [2010/04/13 08:30:34.876843, 6] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00000000 0018 num_contexts: 01 001c context_id : 0000 001e num_transfer_syntaxes: 01 [2010/04/13 08:30:34.876914, 6] rpc_parse/parse_prs.c:89(prs_debug) 00001f smb_io_rpc_iface [2010/04/13 08:30:34.876937, 7] rpc_parse/parse_prs.c:89(prs_debug) 000020 smb_io_uuid uuid 0020 data : 12345678 0024 data : 1234 0026 data : abcd 0028 data : ef 00 002a data : 01 23 45 67 cf fb 0030 version: 00000001 [2010/04/13 08:30:34.877006, 6] rpc_parse/parse_prs.c:89(prs_debug) 000034 smb_io_rpc_iface [2010/04/13 08:30:34.877026, 7] rpc_parse/parse_prs.c:89(prs_debug) 000034 smb_io_uuid uuid 0034 data : 8a885d04 0038 data : 1ceb 003a data : 11c9 003c data : 9f e8 003e data : 08 00 2b 10 48 60 0044 version: 00000002 [2010/04/13 08:30:34.877095, 5] rpc_parse/parse_prs.c:89(prs_debug) 000048 smb_io_rpc_hdr_auth hdr_auth 0048 auth_type : 44 0049 auth_level : 06 004a auth_pad_len : 00 004b auth_reserved: 00 004c auth_context_id: 00000001 [2010/04/13 08:30:34.877154, 5] rpc_client/cli_pipe.c:1372(rpc_api_pipe_send) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL [2010/04/13 08:30:34.877178, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=102, this_data=102, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2010/04/13 08:30:34.877651, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0058 000a auth_len : 000c 000c call_id : 00000007 [2010/04/13 08:30:34.877773, 10] rpc_client/cli_pipe.c:1471(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 88 at offset 0: NT_STATUS_OK [2010/04/13 08:30:34.877795, 10] rpc_client/cli_pipe.c:1522(rpc_api_pipe_got_pdu) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL returned 88 bytes. [2010/04/13 08:30:34.877819, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0058 000a auth_len : 000c 000c call_id : 00000007 [2010/04/13 08:30:34.877914, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_ba [2010/04/13 08:30:34.877935, 6] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_bba 0010 max_tsize: 10b8 0012 max_rsize: 10b8 0014 assoc_gid: 00274419 [2010/04/13 08:30:34.877978, 6] rpc_parse/parse_prs.c:89(prs_debug) 000018 smb_io_rpc_addr_str 0018 len: 000c 001a str: \pipe\lsass. [2010/04/13 08:30:34.878018, 6] rpc_parse/parse_prs.c:89(prs_debug) 000026 smb_io_rpc_results 0028 num_results: 01 002c result : 0000 002e reason : 0000 [2010/04/13 08:30:34.878060, 6] rpc_parse/parse_prs.c:89(prs_debug) 000030 smb_io_rpc_iface [2010/04/13 08:30:34.878081, 7] rpc_parse/parse_prs.c:89(prs_debug) 000030 smb_io_uuid uuid 0030 data : 8a885d04 0034 data : 1ceb 0036 data : 11c9 0038 data : 9f e8 003a data : 08 00 2b 10 48 60 0040 version: 00000002 [2010/04/13 08:30:34.878150, 5] rpc_client/cli_pipe.c:2484(check_bind_response) check_bind_response: accepted! [2010/04/13 08:30:34.878173, 10] rpc_client/cli_pipe.c:4054(cli_rpc_pipe_open_schannel_with_key) cli_rpc_pipe_open_schannel_with_key: opened pipe \netlogon to machine BAAD2.BAUMANN.LOCAL for domain BAUMANN and bound using schannel. [2010/04/13 08:30:34.878566, 10] rpc_client/rpc_transport_np.c:81(rpc_transport_np_state_destructor) rpc_pipe_destructor: closed \netlogon [2010/04/13 08:30:34.878609, 10] libsmb/namequery.c:83(saf_store) saf_store: domain = [BAUMANN], server = [BAAD2.BAUMANN.LOCAL], expire = [1271141134] [2010/04/13 08:30:34.878642, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = SAF/DOMAIN/BAUMANN and timeout = Tue Apr 13 08:45:34 2010 (900 seconds ahead) [2010/04/13 08:30:34.878691, 5] ../libcli/auth/credentials.c:107(netlogon_creds_step) seed 8f7c053c:42cbb039 [2010/04/13 08:30:34.878710, 5] ../libcli/auth/credentials.c:112(netlogon_creds_step) seed+time db4014c8:42cbb039 [2010/04/13 08:30:34.878787, 5] ../libcli/auth/credentials.c:117(netlogon_creds_step) CLIENT 4d92eff7:d6957d93 [2010/04/13 08:30:34.878806, 5] ../libcli/auth/credentials.c:123(netlogon_creds_step) seed+time+1 db4014c9:42cbb039 [2010/04/13 08:30:34.878879, 5] ../libcli/auth/credentials.c:128(netlogon_creds_step) SERVER 161d617f:b0bcc64f [2010/04/13 08:30:34.878904, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_LogonSamLogon: struct netr_LogonSamLogon in: struct netr_LogonSamLogon server_name : * server_name : '\\BAAD2.BAUMANN.LOCAL' computer_name : * computer_name : 'BAFS2' credential : * credential: struct netr_Authenticator cred: struct netr_Credential data : f7ef924d937d95d6 timestamp : Tue Apr 13 08:30:36 2010 CEST return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 0000000000000000 timestamp : (time_t)0 logon_level : NetlogonNetworkInformation (2) logon : * logon : union netr_LogonLevel(case 2) network : * network: struct netr_NetworkInfo identity_info: struct netr_IdentityInfo domain_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : 'BAUMANN' parameter_control : 0x00000820 (2080) 0: MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0: MSV1_0_UPDATE_LOGON_STATISTICS 0: MSV1_0_RETURN_USER_PARAMETERS 0: MSV1_0_DONT_TRY_GUEST_ACCOUNT 1: MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0: MSV1_0_RETURN_PASSWORD_EXPIRY 0: MSV1_0_USE_CLIENT_CHALLENGE 0: MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0: MSV1_0_RETURN_PROFILE_PATH 0: MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 1: MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0: MSV1_0_DISABLE_PERSONAL_FALLBACK 0: MSV1_0_ALLOW_FORCE_GUEST 0: MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0: MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0: MSV1_0_ALLOW_MSVCHAPV2 0: MSV1_0_S4U2SELF 0: MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0: MSV1_0_SUBAUTHENTICATION_DLL_EX logon_id_low : 0x0000dead (57005) logon_id_high : 0x0000beef (48879) account_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : 'schwenkan' workstation: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '\\12-099' challenge : 66dfccfffa326ecf nt: struct netr_ChallengeResponse length : 0x0018 (24) size : 0x0000 (0) data : * data : 200133257c49626a64f22485c1bc47b90e33474379f32c93 lm: struct netr_ChallengeResponse length : 0x0000 (0) size : 0x0000 (0) data : NULL validation_level : 0x0003 (3) [2010/04/13 08:30:34.879679, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0180 000a auth_len : 0020 000c call_id : 00000008 [2010/04/13 08:30:34.879777, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_req hdr_req 0010 alloc_hint: 0000013a 0014 context_id: 0000 0016 opnum : 0002 [2010/04/13 08:30:34.879821, 5] rpc_parse/parse_prs.c:89(prs_debug) 000158 smb_io_rpc_hdr_auth hdr_auth 0158 auth_type : 44 0159 auth_level : 06 015a auth_pad_len : 06 015b auth_reserved: 00 015c auth_context_id: 00000001 [2010/04/13 08:30:34.879879, 10] rpc_client/cli_pipe.c:2030(add_schannel_auth_footer) add_schannel_auth_footer: SCHANNEL seq_num=0 [2010/04/13 08:30:34.879945, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &r: struct NL_AUTH_SIGNATURE SignatureAlgorithm : NL_SIGN_HMAC_MD5 (0x77) SealAlgorithm : NL_SEAL_RC4 (0x7A) Pad : 0xffff (65535) Flags : 0x0000 (0) SequenceNumber : a6f99aa09c236a9a Checksum : 2d23ae4b91f45cc3 Confounder : 19db9a9e21c5b10c [2010/04/13 08:30:34.880035, 5] rpc_client/cli_pipe.c:1372(rpc_api_pipe_send) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL [2010/04/13 08:30:34.880060, 10] libsmb/clitrans.c:925(cli_trans_format) num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=384, this_data=384, max_data=4280, param_offset=82, param_disp=0, data_disp=0 [2010/04/13 08:30:34.881217, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0200 000a auth_len : 0020 000c call_id : 00000008 [2010/04/13 08:30:34.881335, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 000001b8 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/13 08:30:34.881386, 5] rpc_parse/parse_prs.c:89(prs_debug) 0001d8 smb_io_rpc_hdr_auth hdr_auth 01d8 auth_type : 44 01d9 auth_level : 06 01da auth_pad_len : 08 01db auth_reserved: 00 01dc auth_context_id: 00000001 [2010/04/13 08:30:34.881453, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &r: struct NL_AUTH_SIGNATURE SignatureAlgorithm : NL_SIGN_HMAC_MD5 (0x77) SealAlgorithm : NL_SEAL_RC4 (0x7A) Pad : 0xffff (65535) Flags : 0x0000 (0) SequenceNumber : 0f63d77b5616b619 Checksum : af6266225cb2083a Confounder : c74a159be4e869ba [2010/04/13 08:30:34.881577, 10] rpc_client/cli_pipe.c:1002(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: got pdu len 512, data_len 440, ss_len 8 [2010/04/13 08:30:34.881598, 10] rpc_client/cli_pipe.c:1471(rpc_api_pipe_got_pdu) rpc_api_pipe: got frag len of 512 at offset 0: NT_STATUS_OK [2010/04/13 08:30:34.881621, 10] rpc_client/cli_pipe.c:1522(rpc_api_pipe_got_pdu) rpc_api_pipe: host BAAD2.BAUMANN.LOCAL returned 880 bytes. [2010/04/13 08:30:34.889000, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_LogonSamLogon: struct netr_LogonSamLogon out: struct netr_LogonSamLogon return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 7f611d164fc6bcb0 timestamp : (time_t)0 validation : * validation : union netr_Validation(case 3) sam3 : * sam3: struct netr_SamInfo3 base: struct netr_SamBaseInfo last_logon : Tue Apr 13 08:29:56 2010 CEST last_logoff : Tue Jan 19 04:14:07 2038 CET acct_expiry : Tue Jan 19 04:14:07 2038 CET last_password_change : Wed Jul 1 11:42:04 2009 CEST allow_password_change : Thu Jul 2 11:42:04 2009 CEST force_password_change : Tue Jan 19 04:14:07 2038 CET account_name: struct lsa_String length : 0x0012 (18) size : 0x0014 (20) string : * string : 'schwenkan' full_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_drive: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL logon_count : 0x0064 (100) bad_password_count : 0x0000 (0) rid : 0x00000594 (1428) primary_gid : 0x00000201 (513) groups: struct samr_RidWithAttributeArray count : 0x0000000b (11) rids : * rids: ARRAY(11) rids: struct samr_RidWithAttribute rid : 0x00000925 (2341) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000201 (513) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x0000045b (1115) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000927 (2343) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000604 (1540) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000496 (1174) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000491 (1169) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000981 (2433) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x0000047f (1151) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x0000069e (1694) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x000006b2 (1714) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000120 (288) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 1: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : f9cabbb79f440d1ef23c8e1ff30333a3 logon_server: struct lsa_StringLarge length : 0x000a (10) size : 0x000c (12) string : * string : 'BAAD2' domain: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'BAUMANN' domain_sid : * domain_sid : S-1-5-21-1250105338-2099742778-590554802 LMSessKey: struct netr_LMSessionKey key : bda4a03606f20cf1 acct_flags : 0x00000210 (528) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 1: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_NO_AUTH_DATA_REQD unknown: ARRAY(7) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) sidcount : 0x00000000 (0) sids : NULL authoritative : * authoritative : 0x01 (1) result : NT_STATUS_OK [2010/04/13 08:30:34.891560, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user BAUMANN/schwenkan [2010/04/13 08:30:34.891581, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is baumann/schwenkan [2010/04/13 08:30:34.900580, 5] lib/username.c:85(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is BAUMANN/schwenkan [2010/04/13 08:30:34.901008, 5] lib/username.c:95(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is BAUMANN/SCHWENKAN [2010/04/13 08:30:34.901373, 5] lib/username.c:104(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in baumann/schwenkan [2010/04/13 08:30:34.901398, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [BAUMANN/schwenkan]! [2010/04/13 08:30:34.901419, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user schwenkan [2010/04/13 08:30:34.901438, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is schwenkan [2010/04/13 08:30:34.901805, 5] lib/username.c:95(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is SCHWENKAN [2010/04/13 08:30:34.902162, 5] lib/username.c:104(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in schwenkan [2010/04/13 08:30:34.902186, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [schwenkan]! [2010/04/13 08:30:34.902221, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user schwenkan [2010/04/13 08:30:34.902240, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is schwenkan [2010/04/13 08:30:34.902592, 5] lib/username.c:95(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is SCHWENKAN [2010/04/13 08:30:34.902948, 5] lib/username.c:104(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in schwenkan [2010/04/13 08:30:34.902972, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [schwenkan]! [2010/04/13 08:30:34.913382, 10] libsmb/samlogon_cache.c:160(netsamlogon_cache_store) netsamlogon_cache_store: SID [S-1-5-21-1250105338-2099742778-590554802-1428] [2010/04/13 08:30:34.913411, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &r: struct netsamlogoncache_entry timestamp : Tue Apr 13 08:30:34 2010 CEST info3: struct netr_SamInfo3 base: struct netr_SamBaseInfo last_logon : Tue Apr 13 08:29:56 2010 CEST last_logoff : Tue Jan 19 04:14:07 2038 CET acct_expiry : Tue Jan 19 04:14:07 2038 CET last_password_change : Wed Jul 1 11:42:04 2009 CEST allow_password_change : Thu Jul 2 11:42:04 2009 CEST force_password_change : Tue Jan 19 04:14:07 2038 CET account_name: struct lsa_String length : 0x0012 (18) size : 0x0014 (20) string : * string : 'schwenkan' full_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL home_drive: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : NULL logon_count : 0x0064 (100) bad_password_count : 0x0000 (0) rid : 0x00000594 (1428) primary_gid : 0x00000201 (513) groups: struct samr_RidWithAttributeArray count : 0x0000000b (11) rids : * rids: ARRAY(11) rids: struct samr_RidWithAttribute rid : 0x00000925 (2341) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000201 (513) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x0000045b (1115) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000927 (2343) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000604 (1540) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000496 (1174) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000491 (1169) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000981 (2433) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x0000047f (1151) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x0000069e (1694) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x000006b2 (1714) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000120 (288) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 1: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : 446e1b8199b601ef43ab345582eb6dc7 logon_server: struct lsa_StringLarge length : 0x000a (10) size : 0x000c (12) string : * string : 'BAAD2' domain: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'BAUMANN' domain_sid : * domain_sid : S-1-5-21-1250105338-2099742778-590554802 LMSessKey: struct netr_LMSessionKey key : 0000000000000000 acct_flags : 0x00000210 (528) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 1: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_NO_AUTH_DATA_REQD unknown: ARRAY(7) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) sidcount : 0x00000000 (0) sids : NULL [2010/04/13 08:30:34.916160, 10] rpc_client/rpc_transport_np.c:81(rpc_transport_np_state_destructor) rpc_pipe_destructor: closed \netlogon [2010/04/13 08:30:34.916197, 6] libsmb/clientgen.c:323(write_socket) write_socket(30,39) [2010/04/13 08:30:34.916232, 6] libsmb/clientgen.c:326(write_socket) write_socket(30,39) wrote 39 [2010/04/13 08:30:34.916564, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 35 [2010/04/13 08:30:34.916599, 5] lib/util.c:617(show_msg) [2010/04/13 08:30:34.916615, 5] lib/util.c:627(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=12288 smb_pid=5564 smb_uid=12289 smb_mid=13 smt_wct=0 smb_bcc=0 [2010/04/13 08:30:34.916704, 5] auth/auth.c:268(check_ntlm_password) check_ntlm_password: winbind authentication for user [schwenkan] FAILED with error NT_STATUS_NO_SUCH_USER [2010/04/13 08:30:34.916735, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [schwenkan] -> [schwenkan] FAILED with error NT_STATUS_NO_SUCH_USER [2010/04/13 08:30:34.916758, 5] auth/auth_util.c:2119(free_user_info) attempting to free (and zero) a user_info structure [2010/04/13 08:30:34.916777, 10] auth/auth_util.c:2123(free_user_info) structure was created for schwenkan [2010/04/13 08:30:34.916813, 3] smbd/error.c:80(error_packet_set) error packet at smbd/sesssetup.c(111) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2010/04/13 08:30:34.916852, 5] lib/util.c:617(show_msg) [2010/04/13 08:30:34.916866, 5] lib/util.c:627(show_msg) size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=0 smb_bcc=0 [2010/04/13 08:30:42.614628, 5] lib/util_sock.c:462(read_fd_with_timeout) read_fd_with_timeout: blocking read. EOF from client. [2010/04/13 08:30:42.614682, 10] smbd/process.c:286(receive_smb_raw_talloc) receive_smb_raw: NT_STATUS_END_OF_FILE [2010/04/13 08:30:42.614711, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:30:42.614732, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:30:42.614751, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:30:42.614783, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/13 08:30:42.614811, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/04/13 08:30:42.614900, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key BC150000FFFFFFFF0000 [2010/04/13 08:30:42.614935, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7fb4620684c0 [2010/04/13 08:30:42.614966, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key BC150000FFFFFFFF0000 [2010/04/13 08:30:42.615151, 3] smbd/server.c:902(exit_server_common) Server exit (failed to receive smb request) [2010/04/13 08:31:40.111710, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:31:40.111773, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:31:40.111797, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:31:40.111846, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/13 08:31:40.111881, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/04/13 08:31:40.111970, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key BA150000FFFFFFFF0000 [2010/04/13 08:31:40.112009, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7fb462078d30 [2010/04/13 08:31:40.112050, 3] smbd/connection.c:42(yield_connection) deleting connection record returned NT_STATUS_NOT_FOUND [2010/04/13 08:31:40.112080, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key BA150000FFFFFFFF0000 [2010/04/13 08:31:40.112227, 3] smbd/server.c:902(exit_server_common) Server exit (termination signal) [2010/04/13 08:31:40.114364, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/13 08:31:40.114417, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/13 08:31:40.114438, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/13 08:31:40.114478, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/13 08:31:40.114514, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/04/13 08:31:40.114626, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key B9150000FFFFFFFF0000 [2010/04/13 08:31:40.114672, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7fb461ffba70 [2010/04/13 08:31:40.114719, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key B9150000FFFFFFFF0000 [2010/04/13 08:31:40.115036, 3] smbd/server.c:902(exit_server_common) Server exit (termination signal)