[2010/04/24 14:55:58, 0] smbd/server.c:1119(main) smbd version 3.5.2 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [2010/04/24 14:55:58.372213, 5] lib/debug.c:405(debug_dump_status) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 doing parameter name resolve order = wins host lmhosts bcast doing parameter time server = Yes doing parameter client signing = No doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY doing parameter load printers = No doing parameter mangle prefix = 5 doing parameter logon script = skripts\%U.bat doing parameter logon path = \\%N\%U\NTProfile doing parameter logon drive = U: doing parameter msdfs root = No doing parameter store dos attributes = Yes doing parameter domain logons = Yes doing parameter os level = 250 doing parameter domain master = Yes doing parameter preferred master = Yes doing parameter wins proxy = Yes doing parameter wins support = yes doing parameter enable privileges = yes doing parameter printing = bsd doing parameter admin users = @"GYM-OHA\Domain Admins" doing parameter print command = /etc/samba/auditdru.pl "%p" "%U" "%m" %c "%J" %s doing parameter mysqlsessionlogging = Yes doing parameter mysqlsessionloggingserver = 192.168.0.1 doing parameter mysqlsessionloggingusername = samba doing parameter mysqlsessionloggingpassword = XXX doing parameter mysqlsessionloggingport = 3306 doing parameter mysqlsessionloggingdb = administrativa doing parameter mysqlsessionloggingtable = loginout doing parameter add machine script = /etc/samba/addmachine.pl '%u' doing parameter lanman auth = Yes doing parameter client lanman auth = Yes doing parameter ldap admin dn = "cn=Manager,dc=gym-oha,dc=de" doing parameter ldap ssl = off doing parameter passdb backend = ldapsam:ldaps://gym-oha.dyndns.org doing parameter ldap delete dn = no doing parameter ldap user suffix = ou=People doing parameter ldap group suffix = ou=Group doing parameter ldap machine suffix = ou=Hosts doing parameter ldap suffix = dc=gym-oha,dc=de doing parameter ldap idmap suffix = ou=Idmap doing parameter ldap passwd sync = only [2010/04/24 14:55:58.373300, 4] param/loadparm.c:9275(lp_load_ex) pm_process() returned Yes [2010/04/24 14:55:58.373320, 7] param/loadparm.c:9481(lp_servicenumber) lp_servicenumber: couldn't find homes [2010/04/24 14:55:58.373339, 10] param/loadparm.c:8485(set_server_role) set_server_role: role = ROLE_DOMAIN_PDC [2010/04/24 14:55:58.373372, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.373406, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.373438, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.373468, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.373497, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.373526, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.373556, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.373585, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.373615, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.373644, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.373675, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.373721, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.373753, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.373784, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.373924, 2] lib/tallocmsg.c:106(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2010/04/24 14:55:58.373945, 2] lib/dmallocmsg.c:77(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2010/04/24 14:55:58.373969, 3] param/loadparm.c:9240(lp_load_ex) lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) [2010/04/24 14:55:58.374035, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2010/04/24 14:55:58.374053, 3] param/loadparm.c:7924(do_section) Processing section "[global]" doing parameter dos charset = 850 [2010/04/24 14:55:58.374092, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374127, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374173, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374203, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374235, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374266, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374295, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374325, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374354, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374384, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374422, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374457, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374491, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374527, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE doing parameter unix charset = ISO8859-1 [2010/04/24 14:55:58.374568, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374607, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374657, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374687, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374721, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374751, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374781, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374811, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374840, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374870, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374908, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374948, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.374983, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.375031, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE doing parameter workgroup = GYM-OHA doing parameter server string = %h doing parameter check password script = /etc/samba/crackcheck.pl %m doing parameter username map = /etc/samba/smbusers doing parameter password level = 8 doing parameter log level = 1 [2010/04/24 14:55:58.375106, 5] lib/debug.c:405(debug_dump_status) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 doing parameter name resolve order = wins host lmhosts bcast doing parameter time server = Yes doing parameter client signing = No doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY doing parameter load printers = No doing parameter mangle prefix = 5 doing parameter logon script = skripts\%U.bat doing parameter logon path = \\%N\%U\NTProfile doing parameter logon drive = U: doing parameter msdfs root = No doing parameter store dos attributes = Yes doing parameter domain logons = Yes doing parameter os level = 250 doing parameter domain master = Yes doing parameter preferred master = Yes doing parameter wins proxy = Yes doing parameter wins support = yes doing parameter enable privileges = yes doing parameter printing = bsd doing parameter admin users = @"GYM-OHA\Domain Admins" doing parameter print command = /etc/samba/auditdru.pl "%p" "%U" "%m" %c "%J" %s doing parameter mysqlsessionlogging = Yes doing parameter mysqlsessionloggingserver = 192.168.0.1 doing parameter mysqlsessionloggingusername = samba doing parameter mysqlsessionloggingpassword = XXX doing parameter mysqlsessionloggingport = 3306 doing parameter mysqlsessionloggingdb = administrativa doing parameter mysqlsessionloggingtable = loginout doing parameter add machine script = /etc/samba/addmachine.pl '%u' doing parameter lanman auth = Yes doing parameter client lanman auth = Yes doing parameter ldap admin dn = "cn=Manager,dc=gym-oha,dc=de" doing parameter ldap ssl = off doing parameter passdb backend = ldapsam:ldaps://gym-oha.dyndns.org doing parameter ldap delete dn = no doing parameter ldap user suffix = ou=People doing parameter ldap group suffix = ou=Group doing parameter ldap machine suffix = ou=Hosts doing parameter ldap suffix = dc=gym-oha,dc=de doing parameter ldap idmap suffix = ou=Idmap doing parameter ldap passwd sync = only [2010/04/24 14:55:58.376076, 2] param/loadparm.c:7941(do_section) Processing section "[homes]" [2010/04/24 14:55:58.376113, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 0 for homes [2010/04/24 14:55:58.376127, 10] param/loadparm.c:6283(hash_a_service) hash_a_service: creating servicehash [2010/04/24 14:55:58.376157, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 0 for service name homes doing parameter comment = Home Directory doing parameter read only = No doing parameter valid users = %S doing parameter hide files = /NTProfile/NTProfile.V2/PUTTY.RND/ doing parameter browseable = No doing parameter veto oplock files = /NTUSER.DAT/index.dat/ doing parameter create mask = 0644 doing parameter directory mask = 0755 [2010/04/24 14:55:58.376307, 2] param/loadparm.c:7941(do_section) Processing section "[netlogon]" [2010/04/24 14:55:58.376339, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 1 for netlogon [2010/04/24 14:55:58.376353, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 1 for service name netlogon doing parameter comment = Network Logon Service doing parameter path = /home/netlogon doing parameter admin users = @"GYM-OHA\Domain Admins" doing parameter read only = No doing parameter guest ok = Yes doing parameter root preexec = /etc/samba/genlogon.pl %U %L %a doing parameter browseable = Yes doing parameter create mask = 0644 doing parameter directory mask = 0755 [2010/04/24 14:55:58.376501, 2] param/loadparm.c:7941(do_section) Processing section "[tafel]" [2010/04/24 14:55:58.376536, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 2 for tafel [2010/04/24 14:55:58.376550, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 2 for service name tafel doing parameter comment = Daten- und OnlineTafel doing parameter path = /home/daten/tafel doing parameter read only = No doing parameter hide unreadable = yes doing parameter create mask = 0644 doing parameter directory mask = 0755 [2010/04/24 14:55:58.376632, 2] param/loadparm.c:7941(do_section) Processing section "[onlinetafel]" [2010/04/24 14:55:58.376664, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 3 for onlinetafel [2010/04/24 14:55:58.376678, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 3 for service name onlinetafel doing parameter path = /home/daten/tafel/onlinetafel doing parameter read only = Yes doing parameter valid users = linux doing parameter browseable = No [2010/04/24 14:55:58.376744, 2] param/loadparm.c:7941(do_section) Processing section "[faecherablage]" [2010/04/24 14:55:58.376775, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 4 for faecherablage [2010/04/24 14:55:58.376789, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 4 for service name faecherablage doing parameter path = /home/lsoftware/faecherablage doing parameter read only = Yes doing parameter valid users = linux doing parameter browseable = No [2010/04/24 14:55:58.376857, 2] param/loadparm.c:7941(do_section) Processing section "[newsanzeiger]" [2010/04/24 14:55:58.376888, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 5 for newsanzeiger [2010/04/24 14:55:58.376903, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 5 for service name newsanzeiger doing parameter path = /home/lsoftware/Newsanzeiger doing parameter read only = Yes doing parameter valid users = linux doing parameter browseable = No [2010/04/24 14:55:58.376968, 2] param/loadparm.c:7941(do_section) Processing section "[software]" [2010/04/24 14:55:58.376999, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 6 for software [2010/04/24 14:55:58.377013, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 6 for service name software doing parameter path = /home/software doing parameter admin users = @"GYM-OHA\Domain Admins" doing parameter force group = "Domain Users" doing parameter read only = No doing parameter create mask = 0644 doing parameter force create mode = 0644 doing parameter directory mask = 0755 doing parameter force directory mode = 0755 doing parameter veto oplock files = /*.lnk/*.pif/ [2010/04/24 14:55:58.377133, 2] param/loadparm.c:7941(do_section) Processing section "[startmenue]" [2010/04/24 14:55:58.377167, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 7 for startmenue [2010/04/24 14:55:58.377182, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 7 for service name startmenue doing parameter path = /home/software/Startmenü doing parameter admin users = @"GYM-OHA\Domain Admins" doing parameter force group = "Domain Users" doing parameter read only = No doing parameter create mask = 0644 doing parameter directory mask = 0755 doing parameter hide unreadable = yes doing parameter veto oplock files = /*.lnk/*.pif/ [2010/04/24 14:55:58.377298, 2] param/loadparm.c:7941(do_section) Processing section "[lsoft]" [2010/04/24 14:55:58.377329, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 8 for lsoft [2010/04/24 14:55:58.377353, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 8 for service name lsoft doing parameter path = /home/lsoftware doing parameter valid users = @"GYM-OHA\Domain Admins",@"GYM-OHA\lehrer" doing parameter admin users = @"GYM-OHA\Domain Admins" doing parameter force group = "Domain Users" doing parameter read only = No doing parameter directory mask = 0700 doing parameter force directory mode = 0700 doing parameter hide unreadable = yes [2010/04/24 14:55:58.377463, 2] param/loadparm.c:7941(do_section) Processing section "[daten]" [2010/04/24 14:55:58.377494, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 9 for daten [2010/04/24 14:55:58.377511, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 9 for service name daten doing parameter path = /home/daten doing parameter valid users = @"GYM-OHA\Domain Admins" doing parameter admin users = @"GYM-OHA\Domain Admins" doing parameter force group = "Domain Users" doing parameter read only = No doing parameter create mask = 0664 doing parameter directory mask = 0775 [2010/04/24 14:55:58.377596, 2] param/loadparm.c:7941(do_section) Processing section "[administ]" [2010/04/24 14:55:58.377628, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 10 for administ [2010/04/24 14:55:58.377641, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 10 for service name administ doing parameter path = /home/administ doing parameter valid users = @"GYM-OHA\Domain Admins" doing parameter admin users = @"GYM-OHA\Domain Admins" doing parameter force group = "Domain Admins" doing parameter read only = No doing parameter create mask = 0660 doing parameter directory mask = 0770 [2010/04/24 14:55:58.377728, 2] param/loadparm.c:7941(do_section) Processing section "[acltest]" [2010/04/24 14:55:58.377759, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 11 for acltest [2010/04/24 14:55:58.377773, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 11 for service name acltest doing parameter path = /home/acltest doing parameter admin users = doing parameter inherit acls = no doing parameter read only = No doing parameter browseable = No [2010/04/24 14:55:58.377848, 2] param/loadparm.c:7941(do_section) Processing section "[images]" [2010/04/24 14:55:58.377879, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 12 for images [2010/04/24 14:55:58.377893, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 12 for service name images doing parameter path = /home/images/ doing parameter browseable = No doing parameter valid users = @"GYM-OHA\Domain Admins",@"GYM-OHA\imager" doing parameter write list = @"GYM-OHA\Domain Admins" doing parameter admin users = @"GYM-OHA\Domain Admins" doing parameter read only = No doing parameter create mask = 0660 doing parameter force create mode = 0660 doing parameter directory mask = 0770 doing parameter force directory mode = 0770 [2010/04/24 14:55:58.378028, 2] param/loadparm.c:7941(do_section) Processing section "[biblio]" [2010/04/24 14:55:58.378060, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 13 for biblio [2010/04/24 14:55:58.378074, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 13 for service name biblio doing parameter comment = Bibliothek doing parameter path = /home/daten/biblio doing parameter valid users = @"GYM-OHA\Bibliothek", @"GYM-OHA\Domain Admins" doing parameter admin users = @"GYM-OHA\Domain Admins" doing parameter read only = Yes doing parameter browseable = No [2010/04/24 14:55:58.378156, 2] param/loadparm.c:7941(do_section) Processing section "[sv]" [2010/04/24 14:55:58.378187, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 14 for sv [2010/04/24 14:55:58.378200, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 14 for service name sv doing parameter comment = Schülervertretung doing parameter path = /home/daten/sv doing parameter valid users = @"GYM-OHA\sv", @"GYM-OHA\Domain Admins" doing parameter admin users = @"GYM-OHA\Domain Admins" doing parameter write list = @"GYM-OHA\sv" doing parameter create mask = 0660 doing parameter force create mode = 0660 doing parameter directory mask = 0770 doing parameter force directory mode = 0770 doing parameter browseable = No [2010/04/24 14:55:58.378339, 2] param/loadparm.c:7941(do_section) Processing section "[ueb]" [2010/04/24 14:55:58.378373, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 15 for ueb [2010/04/24 14:55:58.378387, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 15 for service name ueb doing parameter path = /home/ueb/ doing parameter browseable = No doing parameter valid users = @"GYM-OHA\Domain Admins", moennich doing parameter read only = No [2010/04/24 14:55:58.378453, 2] param/loadparm.c:7941(do_section) Processing section "[uebeingang]" [2010/04/24 14:55:58.378484, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 16 for uebeingang [2010/04/24 14:55:58.378498, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 16 for service name uebeingang doing parameter path = /home/ueb/Eingang doing parameter browseable = No doing parameter valid users = cam doing parameter read only = No [2010/04/24 14:55:58.378562, 2] param/loadparm.c:7941(do_section) Processing section "[uebhof]" [2010/04/24 14:55:58.378593, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 17 for uebhof [2010/04/24 14:55:58.378607, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 17 for service name uebhof doing parameter path = /home/ueb/Hof doing parameter browseable = No doing parameter valid users = cam doing parameter read only = No [2010/04/24 14:55:58.378674, 2] param/loadparm.c:7941(do_section) Processing section "[uebsportplatz]" [2010/04/24 14:55:58.378706, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 18 for uebsportplatz [2010/04/24 14:55:58.378719, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 18 for service name uebsportplatz doing parameter path = /home/ueb/Sportplatz doing parameter browseable = No doing parameter valid users = cam doing parameter read only = No [2010/04/24 14:55:58.378785, 2] param/loadparm.c:7941(do_section) Processing section "[ueblerninsel]" [2010/04/24 14:55:58.378816, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 19 for ueblerninsel [2010/04/24 14:55:58.378830, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 19 for service name ueblerninsel doing parameter path = /home/ueb/Lerninsel doing parameter browseable = No doing parameter valid users = cam doing parameter read only = No [2010/04/24 14:55:58.378894, 2] param/loadparm.c:7941(do_section) Processing section "[softpake]" [2010/04/24 14:55:58.378925, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 20 for softpake [2010/04/24 14:55:58.378943, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 20 for service name softpake doing parameter path = /home/administ/softpake doing parameter valid users = @"GYM-OHA\Domain Admins" doing parameter admin users = @"GYM-OHA\Domain Admins" doing parameter force group = "Domain Admins" doing parameter write list = @"GYM-OHA\Domain Admins" doing parameter create mask = 0660 doing parameter force create mode = 0660 doing parameter directory mask = 0770 doing parameter force directory mode = 0770 [2010/04/24 14:55:58.379053, 2] param/loadparm.c:7941(do_section) Processing section "[testuser]" [2010/04/24 14:55:58.379084, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 21 for testuser [2010/04/24 14:55:58.379099, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 21 for service name testuser doing parameter comment = Testuser Service doing parameter path = /home/testuser doing parameter writable = yes doing parameter browseable = no doing parameter force group = users doing parameter create mask = 0664 doing parameter force create mode = 0664 doing parameter force directory mode = 0775 doing parameter directory mask = 0775 [2010/04/24 14:55:58.379221, 2] param/loadparm.c:7941(do_section) Processing section "[verwalt]" [2010/04/24 14:55:58.379253, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 22 for verwalt [2010/04/24 14:55:58.379269, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 22 for service name verwalt doing parameter path = /home/verwalt/verwalt doing parameter valid users = @"GYM-OHA\Domain Admins",@"GYM-OHA\schulleitung" doing parameter admin users = @"GYM-OHA\Domain Admins" doing parameter write list = @"GYM-OHA\Domain Admins",@"GYM-OHA\schulleitung" doing parameter create mask = 0600 doing parameter force create mode = 0600 doing parameter directory mask = 0700 doing parameter force directory mode = 0700 doing parameter browseable = No doing parameter hide unreadable = yes [2010/04/24 14:55:58.379413, 2] param/loadparm.c:7941(do_section) Processing section "[verwaltf]" [2010/04/24 14:55:58.379444, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 23 for verwaltf [2010/04/24 14:55:58.379458, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 23 for service name verwaltf doing parameter copy = verwalt [2010/04/24 14:55:58.379510, 3] param/loadparm.c:7399(handle_copy) Copying service from service verwalt doing parameter path = /home/verwalt [2010/04/24 14:55:58.379556, 2] param/loadparm.c:7941(do_section) Processing section "[hp4plus-r018]" [2010/04/24 14:55:58.379587, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 24 for hp4plus-r018 [2010/04/24 14:55:58.379601, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 24 for service name hp4plus-r018 doing parameter printer name = hp4plus-r018 doing parameter path = /var/spool/samba doing parameter printable = yes doing parameter hosts allow = 192.168.18.0/255.255.255.0,192.168.250.0/255.255.255.0,192.168.209.0/255.255.255.0 [2010/04/24 14:55:58.379683, 2] param/loadparm.c:7941(do_section) Processing section "[hp4plus-r127]" [2010/04/24 14:55:58.379715, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 25 for hp4plus-r127 [2010/04/24 14:55:58.379729, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 25 for service name hp4plus-r127 doing parameter printer name = hp4plus-r127 doing parameter path = /var/spool/samba doing parameter printable = yes doing parameter hosts allow = 192.168.127.0/255.255.255.0,192.168.250.0/255.255.255.0,192.168.209.0/255.255.255.0 [2010/04/24 14:55:58.379808, 2] param/loadparm.c:7941(do_section) Processing section "[print$]" [2010/04/24 14:55:58.379839, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 26 for print$ [2010/04/24 14:55:58.379853, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 26 for service name print$ doing parameter comment = Printer Driver Download Area doing parameter path = /var/lib/samba/printers doing parameter read only = yes doing parameter write list = @"GYM-OHA\Domain Admins" doing parameter available = yes [2010/04/24 14:55:58.379939, 4] param/loadparm.c:9275(lp_load_ex) pm_process() returned Yes [2010/04/24 14:55:58.379995, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 27 for IPC$ [2010/04/24 14:55:58.380009, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 27 for service name IPC$ [2010/04/24 14:55:58.380027, 3] param/loadparm.c:6395(lp_add_ipc) adding IPC service [2010/04/24 14:55:58.380041, 10] param/loadparm.c:8485(set_server_role) set_server_role: role = ROLE_DOMAIN_PDC [2010/04/24 14:55:58.380083, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.380117, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.380162, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.380193, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.380223, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.380253, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.380282, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.380312, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.380342, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.380372, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.380404, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.380437, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.380469, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.380500, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.380532, 7] param/loadparm.c:9481(lp_servicenumber) lp_servicenumber: couldn't find printers [2010/04/24 14:55:58.380548, 3] printing/pcap.c:136(pcap_cache_reload) reloading printcap cache [2010/04/24 14:55:58.380581, 3] printing/pcap.c:243(pcap_cache_reload) reload status: ok [2010/04/24 14:55:58.380615, 7] param/loadparm.c:9481(lp_servicenumber) lp_servicenumber: couldn't find printers [2010/04/24 14:55:58.380636, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 14:55:58.380789, 2] lib/interface.c:340(add_interface) added interface eth0.3 ip=172.16.0.2 bcast=172.16.0.255 netmask=255.255.255.0 [2010/04/24 14:55:58.380815, 2] lib/interface.c:340(add_interface) added interface eth0.1 ip=192.168.0.2 bcast=192.168.255.255 netmask=255.255.0.0 [2010/04/24 14:55:58.380833, 2] lib/interface.c:340(add_interface) added interface eth0.1:0 ip=192.168.208.2 bcast=192.168.208.255 netmask=255.255.255.0 [2010/04/24 14:55:58.380876, 5] lib/util.c:276(init_names) Netbios name list:- my_netbios_names[0]="FILESERVER" [2010/04/24 14:55:58.380931, 3] smbd/server.c:1161(main) loaded services [2010/04/24 14:55:58.380945, 3] smbd/server.c:1176(main) Becoming a daemon. [2010/04/24 14:55:58.381366, 8] ../lib/util/util.c:217(fcntl_lock) fcntl_lock 9 13 0 1 1 [2010/04/24 14:55:58.381453, 8] ../lib/util/util.c:252(fcntl_lock) fcntl_lock: Lock call successful [2010/04/24 14:55:58.381689, 5] passdb/pdb_interface.c:63(smb_register_passdb) Attempting to register passdb backend ldapsam [2010/04/24 14:55:58.381713, 5] passdb/pdb_interface.c:76(smb_register_passdb) Successfully added passdb backend 'ldapsam' [2010/04/24 14:55:58.381728, 5] passdb/pdb_interface.c:63(smb_register_passdb) Attempting to register passdb backend ldapsam_compat [2010/04/24 14:55:58.381745, 5] passdb/pdb_interface.c:76(smb_register_passdb) Successfully added passdb backend 'ldapsam_compat' [2010/04/24 14:55:58.381761, 5] passdb/pdb_interface.c:63(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam [2010/04/24 14:55:58.381775, 5] passdb/pdb_interface.c:76(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam' [2010/04/24 14:55:58.381788, 5] passdb/pdb_interface.c:63(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam_compat [2010/04/24 14:55:58.381804, 5] passdb/pdb_interface.c:76(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam_compat' [2010/04/24 14:55:58.381832, 5] passdb/pdb_interface.c:63(smb_register_passdb) Attempting to register passdb backend smbpasswd [2010/04/24 14:55:58.381846, 5] passdb/pdb_interface.c:76(smb_register_passdb) Successfully added passdb backend 'smbpasswd' [2010/04/24 14:55:58.381862, 5] passdb/pdb_interface.c:63(smb_register_passdb) Attempting to register passdb backend tdbsam [2010/04/24 14:55:58.381877, 5] passdb/pdb_interface.c:76(smb_register_passdb) Successfully added passdb backend 'tdbsam' [2010/04/24 14:55:58.381893, 5] passdb/pdb_interface.c:63(smb_register_passdb) Attempting to register passdb backend wbc_sam [2010/04/24 14:55:58.381910, 5] passdb/pdb_interface.c:76(smb_register_passdb) Successfully added passdb backend 'wbc_sam' [2010/04/24 14:55:58.381924, 5] passdb/pdb_interface.c:133(make_pdb_method_name) Attempting to find a passdb backend to match ldapsam:ldaps://gym-oha.dyndns.org (ldapsam) [2010/04/24 14:55:58.381939, 5] passdb/pdb_interface.c:154(make_pdb_method_name) Found pdb backend ldapsam [2010/04/24 14:55:58.381977, 2] lib/smbldap_util.c:277(smbldap_search_domain_info) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=GYM-OHA))] [2010/04/24 14:55:58.382007, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaDomain)(sambaDomainName=GYM-OHA))], scope => [2] [2010/04/24 14:55:58.382080, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.382118, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.382152, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.382181, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.382214, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.382243, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.382274, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.382312, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.382347, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.382378, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.382412, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.382450, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.382482, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.382514, 5] lib/charcnv.c:98(charset_name) Substituting charset 'ISO-8859-1' for LOCALE [2010/04/24 14:55:58.382579, 5] lib/smbldap.c:1262(smbldap_close) The connection to the LDAP server was closed [2010/04/24 14:55:58.382594, 10] lib/smbldap.c:751(smb_ldap_setup_conn) smb_ldap_setup_connection: ldaps://gym-oha.dyndns.org [2010/04/24 14:55:58.383262, 2] lib/smbldap.c:950(smbldap_open_connection) smbldap_open_connection: connection opened [2010/04/24 14:55:58.383308, 10] lib/smbldap.c:1120(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldaps://gym-oha.dyndns.org as "cn=Manager,dc=gym-oha,dc=de" [2010/04/24 14:55:58.425130, 3] lib/smbldap.c:1166(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2010/04/24 14:55:58.425174, 4] lib/smbldap.c:1242(smbldap_open) The LDAP server is successfully connected [2010/04/24 14:55:58.425989, 5] passdb/pdb_interface.c:165(make_pdb_method_name) pdb backend ldapsam:ldaps://gym-oha.dyndns.org has a valid init [2010/04/24 14:55:58.426590, 5] libsmb/namecache.c:51(namecache_enable) namecache_enable: enabling netbios namecache, timeout 660 seconds [2010/04/24 14:55:58.426652, 10] registry/reg_cachehook.c:73(reghook_cache_init) reghook_cache_init: new tree with default ops 0x705e920 for key [] [2010/04/24 14:55:58.426820, 10] registry/reg_backend_db.c:1620(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2010/04/24 14:55:58.426861, 8] registry/reg_backend_db.c:1567(regdb_unpack_values) specific: [Samba Printer Port], len: 2 [2010/04/24 14:55:58.426881, 10] registry/reg_backend_db.c:1620(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2010/04/24 14:55:58.426912, 8] registry/reg_backend_db.c:1567(regdb_unpack_values) specific: [DefaultSpoolDirectory], len: 70 [2010/04/24 14:55:58.426929, 10] registry/reg_backend_db.c:1620(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2010/04/24 14:55:58.426957, 8] registry/reg_backend_db.c:1567(regdb_unpack_values) specific: [DisplayName], len: 20 [2010/04/24 14:55:58.426974, 8] registry/reg_backend_db.c:1567(regdb_unpack_values) specific: [ErrorControl], len: 4 [2010/04/24 14:55:58.426993, 10] registry/reg_backend_db.c:1620(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2010/04/24 14:55:58.427021, 8] registry/reg_backend_db.c:1567(regdb_unpack_values) specific: [DisplayName], len: 20 [2010/04/24 14:55:58.427037, 8] registry/reg_backend_db.c:1567(regdb_unpack_values) specific: [ErrorControl], len: 4 [2010/04/24 14:55:58.427061, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x705eaa0 for key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] [2010/04/24 14:55:58.427077, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/24 14:55:58.427095, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree [2010/04/24 14:55:58.427110, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/24 14:55:58.427127, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x705eaa0 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] [2010/04/24 14:55:58.427183, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/24 14:55:58.427203, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] to tree [2010/04/24 14:55:58.427219, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/24 14:55:58.427236, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x705eaa0 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] [2010/04/24 14:55:58.427253, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/24 14:55:58.427269, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] to tree [2010/04/24 14:55:58.427286, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/24 14:55:58.427302, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x705eae0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] [2010/04/24 14:55:58.427319, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/24 14:55:58.427335, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree [2010/04/24 14:55:58.427351, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/24 14:55:58.427369, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x705e9c0 for key [/HKLM/SOFTWARE/Samba/smbconf] [2010/04/24 14:55:58.427395, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/24 14:55:58.427412, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SOFTWARE/Samba/smbconf] to tree [2010/04/24 14:55:58.427427, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/24 14:55:58.427443, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x705eb20 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters] [2010/04/24 14:55:58.427460, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/24 14:55:58.427477, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/Netlogon/Parameters] to tree [2010/04/24 14:55:58.427492, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/24 14:55:58.427510, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x705eb60 for key [/HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] [2010/04/24 14:55:58.427526, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/24 14:55:58.427543, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions] to tree [2010/04/24 14:55:58.427560, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/24 14:55:58.427576, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x705eba0 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] [2010/04/24 14:55:58.427592, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/24 14:55:58.427608, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters] to tree [2010/04/24 14:55:58.427625, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/24 14:55:58.427640, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x705ebe0 for key [/HKPT] [2010/04/24 14:55:58.427654, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/24 14:55:58.427669, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKPT] to tree [2010/04/24 14:55:58.427683, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/24 14:55:58.427701, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x705ec20 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion] [2010/04/24 14:55:58.427717, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/24 14:55:58.427732, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion] to tree [2010/04/24 14:55:58.427747, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/24 14:55:58.427765, 10] registry/reg_cachehook.c:97(reghook_cache_add) reghook_cache_add: Adding ops 0x705ec60 for key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib] [2010/04/24 14:55:58.427783, 8] lib/adt_tree.c:200(pathtree_add) pathtree_add: Enter [2010/04/24 14:55:58.427798, 10] lib/adt_tree.c:267(pathtree_add) pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Perflib] to tree [2010/04/24 14:55:58.427813, 8] lib/adt_tree.c:269(pathtree_add) pathtree_add: Exit [2010/04/24 14:55:58.427957, 5] lib/gencache.c:65(gencache_init) Opening cache file at /var/cache/samba/gencache.tdb [2010/04/24 14:55:58.428020, 5] lib/gencache.c:108(gencache_init) Opening cache file at /var/cache/samba/gencache_notrans.tdb [2010/04/24 14:55:58.428100, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/UID2SID/0 couldn't be found [2010/04/24 14:55:58.428155, 5] passdb/lookup_sid.c:1334(uid_to_sid) uid_to_sid: winbind failed to find a sid for uid 0 [2010/04/24 14:55:58.428176, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.428195, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.428223, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.428240, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.428254, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.428293, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 14:55:58.428309, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/24 14:55:58.428324, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 14:55:58.428339, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.428353, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.428402, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2010/04/24 14:55:58.429292, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: root [2010/04/24 14:55:58.429314, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username root, was [2010/04/24 14:55:58.429337, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 14:55:58.429352, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username root, was [2010/04/24 14:55:58.429377, 10] passdb/pdb_get_set.c:550(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-4031555581-2449722753-3032957831-500 [2010/04/24 14:55:58.429394, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-500 [2010/04/24 14:55:58.429452, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute displayName does not exist [2010/04/24 14:55:58.429471, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name root, was [2010/04/24 14:55:58.429496, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2010/04/24 14:55:58.429511, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 14:55:58.429536, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2010/04/24 14:55:58.429553, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 14:55:58.429579, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\root, was [2010/04/24 14:55:58.429604, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2010/04/24 14:55:58.429621, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\root.bat, was [2010/04/24 14:55:58.429645, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2010/04/24 14:55:58.429660, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 14:55:58.429678, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\root\NTProfile, was [2010/04/24 14:55:58.429701, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute description does not exist [2010/04/24 14:55:58.429724, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2010/04/24 14:55:58.429747, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2010/04/24 14:55:58.429787, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2010/04/24 14:55:58.429803, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2010/04/24 14:55:58.429834, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/24 14:55:58.429848, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.429862, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.472612, 10] lib/gencache.c:345(gencache_get_data_blob) Returning expired cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 14:51:20 2010 [2010/04/24 14:55:58.472676, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/password history and timeout = Thu Jan 1 01:00:00 1970 (-1272113758 seconds in the past) [2010/04/24 14:55:58.488506, 10] passdb/pdb_ldap.c:3983(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2010/04/24 14:55:58.488538, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=GYM-OHA,dc=gym-oha,dc=de], filter => [(objectClass=sambaDomain)], scope => [0] [2010/04/24 14:55:58.489103, 10] lib/account_pol.c:396(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2010/04/24 14:55:58.489124, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/password history and timeout = Sat Apr 24 14:56:58 2010 (60 seconds ahead) [2010/04/24 14:55:58.489182, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 14:55:58.489243, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2010/04/24 14:55:58.489309, 5] passdb/login_cache.c:44(login_cache_init) Opening cache file at /var/cache/samba/login_cache.tdb [2010/04/24 14:55:58.489347, 7] passdb/login_cache.c:87(login_cache_read) Looking up login cache for user root [2010/04/24 14:55:58.489366, 5] passdb/login_cache.c:117(login_cache_read) Found login cache entry: timestamp 1271932880, flags 0x210, count 2, time 1271932880 [2010/04/24 14:55:58.489381, 7] passdb/pdb_ldap.c:1134(init_sam_from_ldap) ldap time is 1271677825, cache time is 1271932880, bad time = 1271932880 [2010/04/24 14:55:58.489405, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.489429, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.489446, 10] passdb/lookup_sid.c:1151(legacy_uid_to_sid) LEGACY: uid 0 -> sid S-1-5-21-4031555581-2449722753-3032957831-500 [2010/04/24 14:55:58.489480, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/GID2SID/0 couldn't be found [2010/04/24 14:55:58.489508, 5] passdb/lookup_sid.c:1387(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 0 [2010/04/24 14:55:58.489524, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.489540, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.489555, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.489570, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.489587, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.489621, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2] [2010/04/24 14:55:58.490179, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=0)) [2010/04/24 14:55:58.490201, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.490217, 10] passdb/lookup_sid.c:1182(legacy_gid_to_sid) LEGACY: gid 0 -> sid S-1-22-2-0 [2010/04/24 14:55:58.490255, 10] auth/token_util.c:356(create_local_nt_token) Create local NT token for S-1-5-21-4031555581-2449722753-3032957831-500 [2010/04/24 14:55:58.490286, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found [2010/04/24 14:55:58.490333, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2010/04/24 14:55:58.490351, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.490366, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.490381, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.490395, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.490410, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.490441, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2010/04/24 14:55:58.491078, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 544 [2010/04/24 14:55:58.491120, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.491138, 10] passdb/lookup_sid.c:1288(legacy_sid_to_gid) LEGACY: sid S-1-5-32-544 -> gid 544 [2010/04/24 14:55:58.491162, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found [2010/04/24 14:55:58.491184, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2010/04/24 14:55:58.491200, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.491216, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.491231, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.491245, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.491259, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.491286, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2010/04/24 14:55:58.491776, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2010/04/24 14:55:58.491797, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.491812, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2010/04/24 14:55:58.491828, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.491843, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.491860, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.491874, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.491888, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.491928, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found [2010/04/24 14:55:58.491951, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2010/04/24 14:55:58.491968, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 14:55:58.491984, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/24 14:55:58.492011, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 14:55:58.492025, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.492040, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.492068, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2010/04/24 14:55:58.492524, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2010/04/24 14:55:58.492548, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.492564, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2010/04/24 14:55:58.492585, 5] auth/token_util.c:277(create_builtin_users) create_builtin_users: Failed to create Users [2010/04/24 14:55:58.492602, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.492618, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.492633, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.492648, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.492662, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.492676, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.492728, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-4031555581-2449722753-3032957831-500)(sambaSIDList=S-1-5-32-544)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)))], scope => [2] [2010/04/24 14:55:58.493558, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.493613, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-4031555581-2449722753-3032957831-500] [2010/04/24 14:55:58.493637, 5] lib/privileges.c:128(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-5-32-544 Privilege set: SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/24 14:55:58.493670, 5] lib/privileges.c:128(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/24 14:55:58.493700, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2010/04/24 14:55:58.493720, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2010/04/24 14:55:58.493745, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/24 14:55:58.493762, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (1) [2010/04/24 14:55:58.493784, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/24 14:55:58.493799, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/24 14:55:58.493815, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.493829, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM] [2010/04/24 14:55:58.493869, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/24 14:55:58.493905, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/24 14:55:58.493921, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/24 14:55:58.493951, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/24 14:55:58.493965, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/24 14:55:58.493981, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.493995, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM] [2010/04/24 14:55:58.494024, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/24 14:55:58.494051, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/24 14:55:58.494067, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/24 14:55:58.494085, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.494099, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.494115, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.494130, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.494160, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/24 14:55:58.494189, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/24 14:55:58.494207, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/24 14:55:58.494223, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/24 14:55:58.494241, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.494256, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.494272, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.494286, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.494326, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/24 14:55:58.494356, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/24 14:55:58.494373, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/24 14:55:58.494448, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/24 14:55:58.494464, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/24 14:55:58.494481, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/24 14:55:58.494494, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/24 14:55:58.494509, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.494522, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM] [2010/04/24 14:55:58.494548, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/24 14:55:58.494573, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/24 14:55:58.494588, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/24 14:55:58.494604, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/24 14:55:58.494628, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/24 14:55:58.494643, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.494655, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM] [2010/04/24 14:55:58.494681, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/24 14:55:58.494707, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/24 14:55:58.494722, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.494739, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.494752, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.494766, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.494780, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.494809, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/24 14:55:58.494835, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.494851, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/24 14:55:58.494865, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.494881, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.494894, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.494908, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.494922, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.494959, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/24 14:55:58.494988, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.495003, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2010/04/24 14:55:58.495017, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.495034, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2010/04/24 14:55:58.495047, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2010/04/24 14:55:58.495062, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.495075, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2010/04/24 14:55:58.495104, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2010/04/24 14:55:58.495132, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.495148, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/24 14:55:58.495231, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2010/04/24 14:55:58.495274, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/24 14:55:58.495294, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/24 14:55:58.495308, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/24 14:55:58.495324, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/24 14:55:58.495336, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/24 14:55:58.495350, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.495362, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM] [2010/04/24 14:55:58.495388, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/24 14:55:58.495413, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/24 14:55:58.495428, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/24 14:55:58.495444, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/24 14:55:58.495457, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/24 14:55:58.495471, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.495484, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM] [2010/04/24 14:55:58.495510, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/24 14:55:58.495536, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/24 14:55:58.495551, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.495568, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.495581, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.495595, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.495609, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.495638, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/24 14:55:58.495664, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.495679, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/24 14:55:58.495693, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.495710, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.495723, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.495737, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.495750, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.495787, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/24 14:55:58.495815, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.495831, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2010/04/24 14:55:58.495844, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.495873, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2010/04/24 14:55:58.495886, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2010/04/24 14:55:58.495901, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.495914, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] [2010/04/24 14:55:58.495943, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2010/04/24 14:55:58.495971, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.495987, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2010/04/24 14:55:58.496001, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.496018, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2010/04/24 14:55:58.496034, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2010/04/24 14:55:58.496048, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.496062, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] [2010/04/24 14:55:58.496090, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2010/04/24 14:55:58.496119, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.496134, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/24 14:55:58.496182, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2010/04/24 14:55:58.496212, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/24 14:55:58.496260, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/24 14:55:58.496275, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/24 14:55:58.496290, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/24 14:55:58.496304, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/24 14:55:58.496317, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.496330, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM] [2010/04/24 14:55:58.496354, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/24 14:55:58.496378, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/24 14:55:58.496393, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/24 14:55:58.496408, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/24 14:55:58.496422, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/24 14:55:58.496436, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.496449, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM] [2010/04/24 14:55:58.496486, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/24 14:55:58.496512, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/24 14:55:58.496527, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.496544, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.496557, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.496571, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.496585, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.496612, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/24 14:55:58.496638, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.496653, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/24 14:55:58.496667, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.496684, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.496698, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.496712, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.496725, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.496761, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/24 14:55:58.496789, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.496804, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2010/04/24 14:55:58.496818, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.496835, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2010/04/24 14:55:58.496849, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2010/04/24 14:55:58.496863, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.496877, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2010/04/24 14:55:58.496906, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2010/04/24 14:55:58.496934, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.496949, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/24 14:55:58.497015, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2010/04/24 14:55:58.497045, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/24 14:55:58.497064, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/24 14:55:58.497078, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/24 14:55:58.497093, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/24 14:55:58.497118, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/24 14:55:58.497132, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.497145, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM] [2010/04/24 14:55:58.497170, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/24 14:55:58.497194, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/24 14:55:58.497209, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/24 14:55:58.497225, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/24 14:55:58.497239, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/24 14:55:58.497252, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.497265, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM] [2010/04/24 14:55:58.497290, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/24 14:55:58.497315, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/24 14:55:58.497330, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.497347, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.497361, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.497376, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.497389, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.497416, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/24 14:55:58.497442, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.497458, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/24 14:55:58.497472, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.497488, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.497502, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.497516, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.497528, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.497564, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/24 14:55:58.497591, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.497606, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2010/04/24 14:55:58.497620, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.497637, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2010/04/24 14:55:58.497651, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2010/04/24 14:55:58.497675, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.497689, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] [2010/04/24 14:55:58.497718, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2010/04/24 14:55:58.497745, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.497760, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2010/04/24 14:55:58.497774, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.497791, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2010/04/24 14:55:58.497806, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2010/04/24 14:55:58.497820, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.497833, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] [2010/04/24 14:55:58.497860, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2010/04/24 14:55:58.497889, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.497904, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/24 14:55:58.497932, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2010/04/24 14:55:58.497961, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/24 14:55:58.498007, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/24 14:55:58.498022, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/24 14:55:58.498037, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/24 14:55:58.498051, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/24 14:55:58.498064, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.498077, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM] [2010/04/24 14:55:58.498101, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/24 14:55:58.498125, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/24 14:55:58.498141, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/24 14:55:58.498157, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/24 14:55:58.498170, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/24 14:55:58.498184, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.498197, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM] [2010/04/24 14:55:58.498221, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/24 14:55:58.498246, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/24 14:55:58.498261, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.498278, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.498303, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.498318, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.498331, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.498358, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/24 14:55:58.498384, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.498399, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/24 14:55:58.498414, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.498430, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.498444, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.498457, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.498470, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.498505, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/24 14:55:58.498532, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.498547, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2010/04/24 14:55:58.498562, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.498579, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2010/04/24 14:55:58.498596, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2010/04/24 14:55:58.498611, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.498624, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2010/04/24 14:55:58.498653, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2010/04/24 14:55:58.498680, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.498695, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/24 14:55:58.498762, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2010/04/24 14:55:58.498793, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/24 14:55:58.498810, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/24 14:55:58.498824, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/24 14:55:58.498839, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/24 14:55:58.498852, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/24 14:55:58.498866, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.498879, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM] [2010/04/24 14:55:58.498915, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/24 14:55:58.498939, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/24 14:55:58.498955, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/24 14:55:58.498971, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/24 14:55:58.498984, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/24 14:55:58.498998, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.499011, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM] [2010/04/24 14:55:58.499036, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/24 14:55:58.499061, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/24 14:55:58.499076, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.499092, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.499106, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.499120, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.499133, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.499160, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/24 14:55:58.499186, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.499201, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/24 14:55:58.499215, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.499232, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.499245, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.499259, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.499272, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.499308, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/24 14:55:58.499335, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.499350, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2010/04/24 14:55:58.499364, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.499381, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2010/04/24 14:55:58.499395, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2010/04/24 14:55:58.499409, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.499422, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] [2010/04/24 14:55:58.499450, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2010/04/24 14:55:58.499492, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.499507, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2010/04/24 14:55:58.499521, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.499538, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2010/04/24 14:55:58.499552, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2010/04/24 14:55:58.499567, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.499579, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] [2010/04/24 14:55:58.499607, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2010/04/24 14:55:58.499636, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.499651, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/24 14:55:58.499675, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2010/04/24 14:55:58.499704, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/24 14:55:58.499753, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/24 14:55:58.499768, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/24 14:55:58.499783, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/24 14:55:58.499796, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/24 14:55:58.499809, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.499822, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM] [2010/04/24 14:55:58.499846, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/24 14:55:58.499870, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/24 14:55:58.499885, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/24 14:55:58.499900, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/24 14:55:58.499914, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/24 14:55:58.499927, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.499940, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM] [2010/04/24 14:55:58.499964, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/24 14:55:58.499990, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/24 14:55:58.500005, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.500021, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.500034, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.500048, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.500073, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.500101, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/24 14:55:58.500130, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.500154, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/24 14:55:58.500169, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.500185, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.500199, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.500213, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.500226, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.500261, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/24 14:55:58.500289, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.500304, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2010/04/24 14:55:58.500318, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.500335, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2010/04/24 14:55:58.500348, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2010/04/24 14:55:58.500362, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.500376, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2010/04/24 14:55:58.500402, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2010/04/24 14:55:58.500430, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.500445, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/24 14:55:58.500516, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2010/04/24 14:55:58.500546, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/24 14:55:58.500564, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2010/04/24 14:55:58.500578, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (2) [2010/04/24 14:55:58.500594, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM] [2010/04/24 14:55:58.500607, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM] [2010/04/24 14:55:58.500623, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.500635, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM] [2010/04/24 14:55:58.500660, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2010/04/24 14:55:58.500684, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2010/04/24 14:55:58.500699, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (3) [2010/04/24 14:55:58.500729, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM] [2010/04/24 14:55:58.500743, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM] [2010/04/24 14:55:58.500757, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.500769, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM] [2010/04/24 14:55:58.500795, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] [2010/04/24 14:55:58.500819, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2010/04/24 14:55:58.500834, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.500851, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.500864, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.500878, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.500891, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet] [2010/04/24 14:55:58.500918, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] [2010/04/24 14:55:58.500944, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.500960, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2010/04/24 14:55:58.500973, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.500990, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.501003, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.501017, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.501030, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services] [2010/04/24 14:55:58.501066, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2010/04/24 14:55:58.501093, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.501108, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2010/04/24 14:55:58.501121, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.501138, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2010/04/24 14:55:58.501151, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2010/04/24 14:55:58.501165, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.501178, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] [2010/04/24 14:55:58.501205, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2010/04/24 14:55:58.501232, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.501247, 7] registry/reg_api.c:133(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2010/04/24 14:55:58.501261, 10] registry/reg_backend_db.c:451(regdb_open) regdb_open: incrementing refcount (4) [2010/04/24 14:55:58.501290, 10] registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2010/04/24 14:55:58.501304, 10] lib/adt_tree.c:352(pathtree_find) pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2010/04/24 14:55:58.501318, 10] lib/adt_tree.c:425(pathtree_find) pathtree_find: Exit [2010/04/24 14:55:58.501331, 10] registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0x705e920 for key [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] [2010/04/24 14:55:58.501358, 10] registry/reg_backend_db.c:1726(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2010/04/24 14:55:58.501389, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (4) [2010/04/24 14:55:58.501405, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (3) [2010/04/24 14:55:58.501429, 10] registry/reg_backend_db.c:1663(regdb_store_values_internal) regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2010/04/24 14:55:58.501458, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (2) [2010/04/24 14:55:58.501474, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (1) [2010/04/24 14:55:58.501502, 10] registry/reg_backend_db.c:485(regdb_close) regdb_close: decrementing refcount (0) [2010/04/24 14:55:58.501694, 10] printing/nt_printing.c:674(traverse_counting_printers) traverse_counting_printers: printer = [PRINTERS/hp4plus-r018] printer_count = 1 [2010/04/24 14:55:58.501720, 10] printing/nt_printing.c:674(traverse_counting_printers) traverse_counting_printers: printer = [PRINTERS/hp4plus-r127] printer_count = 2 [2010/04/24 14:55:58.501752, 10] printing/nt_printing.c:674(traverse_counting_printers) traverse_counting_printers: printer = [PRINTERS/hp-lj1022n-r018] printer_count = 3 [2010/04/24 14:55:58.501777, 10] printing/nt_printing.c:705(update_c_setprinter) update_c_setprinter: c_setprinter = 3 [2010/04/24 14:55:58.501804, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.501821, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.501835, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.501850, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.501863, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.501887, 6] passdb/pdb_interface.c:285(pdb_getsampwsid) pdb_getsampwsid: Building guest account [2010/04/24 14:55:58.501914, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username nobody, was [2010/04/24 14:55:58.501930, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Nobody, was [2010/04/24 14:55:58.501946, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 14:55:58.501961, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-501 [2010/04/24 14:55:58.501978, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-501 from rid 501 [2010/04/24 14:55:58.502002, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.502042, 10] lib/system_smbd.c:122(sys_getgrouplist) sys_getgrouplist: user [nobody] [2010/04/24 14:55:58.502166, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/GID2SID/99 couldn't be found [2010/04/24 14:55:58.502188, 5] passdb/lookup_sid.c:1387(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 99 [2010/04/24 14:55:58.502215, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.502229, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.502243, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.502256, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.502269, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.502298, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=99))], scope => [2] [2010/04/24 14:55:58.502822, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=99)) [2010/04/24 14:55:58.502843, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.502858, 10] passdb/lookup_sid.c:1182(legacy_gid_to_sid) LEGACY: gid 99 -> sid S-1-22-2-99 [2010/04/24 14:55:58.502881, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/GID2SID/105 couldn't be found [2010/04/24 14:55:58.502899, 5] passdb/lookup_sid.c:1387(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 105 [2010/04/24 14:55:58.502913, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.502927, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.502940, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.502953, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.502966, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.502991, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=105))], scope => [2] [2010/04/24 14:55:58.503457, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=105)) [2010/04/24 14:55:58.503478, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.503493, 10] passdb/lookup_sid.c:1182(legacy_gid_to_sid) LEGACY: gid 105 -> sid S-1-22-2-105 [2010/04/24 14:55:58.503515, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/GID2SID/514 couldn't be found [2010/04/24 14:55:58.503533, 5] passdb/lookup_sid.c:1387(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 514 [2010/04/24 14:55:58.503547, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.503561, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.503574, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.503588, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.503600, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.503625, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=514))], scope => [2] [2010/04/24 14:55:58.504234, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 514 [2010/04/24 14:55:58.504276, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.504291, 10] passdb/lookup_sid.c:1182(legacy_gid_to_sid) LEGACY: gid 514 -> sid S-1-5-21-4031555581-2449722753-3032957831-514 [2010/04/24 14:55:58.504319, 5] auth/auth_util.c:649(make_server_info_sam) make_server_info_sam: made server info for user nobody -> nobody [2010/04/24 14:55:58.504337, 10] auth/token_util.c:356(create_local_nt_token) Create local NT token for S-1-5-21-4031555581-2449722753-3032957831-501 [2010/04/24 14:55:58.504363, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found [2010/04/24 14:55:58.504387, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2010/04/24 14:55:58.504403, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.504417, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.504431, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.504444, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.504457, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.504484, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2010/04/24 14:55:58.504905, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2010/04/24 14:55:58.504926, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.504940, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2010/04/24 14:55:58.504956, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.504970, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.504983, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.504997, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.505010, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.505044, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found [2010/04/24 14:55:58.505066, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2010/04/24 14:55:58.505080, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 14:55:58.505094, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/24 14:55:58.505109, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 14:55:58.505122, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.505135, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.505161, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2010/04/24 14:55:58.505603, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2010/04/24 14:55:58.505624, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.505639, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2010/04/24 14:55:58.505658, 5] auth/token_util.c:277(create_builtin_users) create_builtin_users: Failed to create Users [2010/04/24 14:55:58.505674, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.505700, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.505715, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.505728, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.505742, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.505755, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.505814, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-4031555581-2449722753-3032957831-501)(sambaSIDList=S-1-22-2-99)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)(sambaSIDList=S-1-22-2-105)(sambaSIDList=S-1-5-21-4031555581-2449722753-3032957831-514)))], scope => [2] [2010/04/24 14:55:58.506647, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.506671, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-4031555581-2449722753-3032957831-501] [2010/04/24 14:55:58.506692, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-99] [2010/04/24 14:55:58.506712, 5] lib/privileges.c:128(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/24 14:55:58.506742, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2010/04/24 14:55:58.506761, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2010/04/24 14:55:58.506780, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-105] [2010/04/24 14:55:58.506801, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-4031555581-2449722753-3032957831-514] [2010/04/24 14:55:58.506825, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-1-0 couldn't be found [2010/04/24 14:55:58.506846, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-1-0 [2010/04/24 14:55:58.506861, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.506876, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.506889, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.506903, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.506916, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.506942, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2010/04/24 14:55:58.507450, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2010/04/24 14:55:58.507472, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.507487, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2010/04/24 14:55:58.507501, 10] auth/auth_util.c:753(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2010/04/24 14:55:58.507523, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-2 couldn't be found [2010/04/24 14:55:58.507544, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-2 [2010/04/24 14:55:58.507559, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.507586, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.507601, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.507616, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.507629, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.507656, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2010/04/24 14:55:58.508199, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2010/04/24 14:55:58.508221, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.508236, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2010/04/24 14:55:58.508250, 10] auth/auth_util.c:753(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2010/04/24 14:55:58.508274, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-32-546 couldn't be found [2010/04/24 14:55:58.508295, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-546 [2010/04/24 14:55:58.508310, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.508325, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 14:55:58.508339, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 14:55:58.508353, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:55:58.508367, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:55:58.508394, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2010/04/24 14:55:58.508897, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2010/04/24 14:55:58.508919, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:55:58.508934, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-546 [2010/04/24 14:55:58.508949, 10] auth/auth_util.c:753(create_local_token) Could not convert SID S-1-5-32-546 to gid, ignoring it [2010/04/24 14:55:58.508967, 10] auth/token_util.c:531(debug_nt_user_token) NT user token of user S-1-5-21-4031555581-2449722753-3032957831-501 contains 9 SIDs SID[ 0]: S-1-5-21-4031555581-2449722753-3032957831-501 SID[ 1]: S-1-22-2-99 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-2-105 SID[ 6]: S-1-5-21-4031555581-2449722753-3032957831-514 SID[ 7]: S-1-22-1-99 SID[ 8]: S-1-22-2-514 SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/24 14:55:58.509046, 10] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 99 Primary group is 99 and contains 3 supplementary groups Group[ 0]: 99 Group[ 1]: 105 Group[ 2]: 514 [2010/04/24 14:55:58.509118, 3] printing/printing.c:1431(start_background_queue) start_background_queue: Starting background LPQ thread [2010/04/24 14:55:58.509416, 5] printing/printing.c:1453(start_background_queue) start_background_queue: background LPQ thread started [2010/04/24 14:55:58.509520, 3] ../lib/util/util_net.c:68(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name :: [Die Adressfamilie für Hostnamen wird nicht unterstützt] [2010/04/24 14:55:58.509636, 3] ../lib/util/util_net.c:68(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name :: [Die Adressfamilie für Hostnamen wird nicht unterstützt] [2010/04/24 14:55:58.509700, 5] smbd/connection.c:142(claim_connection) [2010/04/24 14:55:58.509723, 10] lib/util_sock.c:888(open_socket_in) claiming [smbd lpq backend] bind succeeded on port 445 [2010/04/24 14:55:58.509759, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 [2010/04/24 14:55:58.509813, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) TCP_KEEPINTVL = 75 Locking key 4D130000FFFFFFFF736D IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 [2010/04/24 14:55:58.509856, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) SO_SNDLOWAT = 1 Allocated locked data 0x0x722d180 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 14:55:58.509896, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) [2010/04/24 14:55:58.509908, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 Unlocking key 4D130000FFFFFFFF736D SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 [2010/04/24 14:55:58.509983, 5] printing/printing.c:1487(start_background_queue) Could not test socket option SO_SNDTIMEO. start_background_queue: background LPQ thread waiting for messages Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 14:55:58.510054, 10] lib/util_sock.c:888(open_socket_in) bind succeeded on port 139 [2010/04/24 14:55:58.510074, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 14:55:58.510182, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 14:55:58.510279, 5] smbd/connection.c:142(claim_connection) claiming [] [2010/04/24 14:55:58.510359, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 3E130000FFFFFFFF0000 [2010/04/24 14:55:58.510384, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x722d240 [2010/04/24 14:55:58.510422, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 3E130000FFFFFFFF0000 [2010/04/24 14:55:58.510506, 5] lib/messages.c:297(messaging_register) Overriding messaging pointer for type 1 - private_data=(nil) [2010/04/24 14:55:58.510862, 2] smbd/server.c:721(smbd_parent_loop) waiting for connections [2010/04/24 14:55:59.251236, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 14:55:59.251390, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 14:55:59.251604, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 14:55:59.251704, 3] smbd/oplock.c:894(init_oplocks) init_oplocks: initializing messages. [2010/04/24 14:55:59.251852, 3] smbd/oplock_linux.c:224(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2010/04/24 14:55:59.251883, 5] lib/messages.c:329(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2010/04/24 14:55:59.251909, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(keepalive) 0x7095140 [2010/04/24 14:55:59.251929, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(deadtime) 0x70c5c38 [2010/04/24 14:55:59.251947, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(housekeeping) 0x70cf730 [2010/04/24 14:56:59.311169, 10] lib/events.c:123(run_events) Running timed event "smbd_idle_event_handler" 0x70c5c38 [2010/04/24 14:56:59.311219, 10] smbd/process.c:683(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) called [2010/04/24 14:56:59.311240, 2] smbd/process.c:2216(deadtime_fn) Closing idle connection [2010/04/24 14:56:59.311291, 10] lib/messages_local.c:234(messaging_tdb_store) messaging_tdb_store: [2010/04/24 14:56:59.311308, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_SHUTDOWN (13) dest: struct server_id id : 0x0000134e (4942) src: struct server_id id : 0x0000134e (4942) buf : DATA_BLOB length=0 [2010/04/24 14:56:59.311534, 10] smbd/process.c:687(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) stopped [2010/04/24 14:56:59.311560, 10] lib/messages_local.c:73(messaging_tdb_signal_handler) messaging_tdb_signal_handler: sig[10] count[1] msgs[1] [2010/04/24 14:56:59.311575, 10] lib/messages_local.c:444(message_dispatch) message_dispatch: received_messages = 1 [2010/04/24 14:56:59.311600, 10] lib/messages_local.c:193(messaging_tdb_fetch) messaging_tdb_fetch: [2010/04/24 14:56:59.311614, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) result: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_SHUTDOWN (13) dest: struct server_id id : 0x0000134e (4942) src: struct server_id id : 0x0000134e (4942) buf : DATA_BLOB length=0 [2010/04/24 14:56:59.311696, 3] smbd/server.c:146(msg_exit_server) got a SHUTDOWN message [2010/04/24 14:56:59.311714, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:56:59.311732, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:56:59.311747, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:56:59.311781, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 14:56:59.311803, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/04/24 14:56:59.311903, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 4E130000FFFFFFFF0000 [2010/04/24 14:56:59.311925, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x70cf120 [2010/04/24 14:56:59.311941, 3] smbd/connection.c:42(yield_connection) deleting connection record returned NT_STATUS_NOT_FOUND [2010/04/24 14:56:59.311961, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 4E130000FFFFFFFF0000 [2010/04/24 14:56:59.312080, 3] smbd/server.c:902(exit_server_common) Server exit (normal exit) [2010/04/24 14:56:59.350178, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 14:56:59.350357, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 14:56:59.350560, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 14:56:59.350661, 3] smbd/oplock.c:894(init_oplocks) init_oplocks: initializing messages. [2010/04/24 14:56:59.350807, 3] smbd/oplock_linux.c:224(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2010/04/24 14:56:59.350840, 5] lib/messages.c:329(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2010/04/24 14:56:59.350867, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(keepalive) 0x7095140 [2010/04/24 14:56:59.350887, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(deadtime) 0x70c5c38 [2010/04/24 14:56:59.350905, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(housekeeping) 0x70cf730 [2010/04/24 14:57:59.407170, 10] lib/events.c:123(run_events) Running timed event "smbd_idle_event_handler" 0x70c5c38 [2010/04/24 14:57:59.407234, 10] smbd/process.c:683(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) called [2010/04/24 14:57:59.407255, 2] smbd/process.c:2216(deadtime_fn) Closing idle connection [2010/04/24 14:57:59.407307, 10] lib/messages_local.c:234(messaging_tdb_store) messaging_tdb_store: [2010/04/24 14:57:59.407325, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_SHUTDOWN (13) dest: struct server_id id : 0x0000134f (4943) src: struct server_id id : 0x0000134f (4943) buf : DATA_BLOB length=0 [2010/04/24 14:57:59.407475, 10] smbd/process.c:687(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) stopped [2010/04/24 14:57:59.407500, 10] lib/messages_local.c:73(messaging_tdb_signal_handler) messaging_tdb_signal_handler: sig[10] count[1] msgs[1] [2010/04/24 14:57:59.407516, 10] lib/messages_local.c:444(message_dispatch) message_dispatch: received_messages = 1 [2010/04/24 14:57:59.407541, 10] lib/messages_local.c:193(messaging_tdb_fetch) messaging_tdb_fetch: [2010/04/24 14:57:59.407556, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) result: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_SHUTDOWN (13) dest: struct server_id id : 0x0000134f (4943) src: struct server_id id : 0x0000134f (4943) buf : DATA_BLOB length=0 [2010/04/24 14:57:59.407665, 3] smbd/server.c:146(msg_exit_server) got a SHUTDOWN message [2010/04/24 14:57:59.407684, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:57:59.407702, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:57:59.407718, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:57:59.407754, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 14:57:59.407776, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/04/24 14:57:59.407859, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 4F130000FFFFFFFF0000 [2010/04/24 14:57:59.407881, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x70cf120 [2010/04/24 14:57:59.407897, 3] smbd/connection.c:42(yield_connection) deleting connection record returned NT_STATUS_NOT_FOUND [2010/04/24 14:57:59.407917, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 4F130000FFFFFFFF0000 [2010/04/24 14:57:59.408040, 3] smbd/server.c:902(exit_server_common) Server exit (normal exit) [2010/04/24 14:57:59.458192, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 14:57:59.458360, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 14:57:59.458559, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 14:57:59.458658, 3] smbd/oplock.c:894(init_oplocks) init_oplocks: initializing messages. [2010/04/24 14:57:59.458804, 3] smbd/oplock_linux.c:224(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2010/04/24 14:57:59.458836, 5] lib/messages.c:329(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2010/04/24 14:57:59.458862, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(keepalive) 0x7095140 [2010/04/24 14:57:59.458882, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(deadtime) 0x70c5c38 [2010/04/24 14:57:59.458900, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(housekeeping) 0x70cf730 [2010/04/24 14:58:28.452170, 10] lib/events.c:123(run_events) Running timed event "smbldap_idle_fn" 0x7214360 [2010/04/24 14:58:28.452306, 7] lib/smbldap.c:1755(smbldap_idle_fn) ldap connection idle...closing connection [2010/04/24 14:58:28.453287, 5] lib/smbldap.c:1262(smbldap_close) The connection to the LDAP server was closed [2010/04/24 14:58:59.515169, 10] lib/events.c:123(run_events) Running timed event "smbd_idle_event_handler" 0x70c5c38 [2010/04/24 14:58:59.515246, 10] smbd/process.c:683(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) called [2010/04/24 14:58:59.515266, 2] smbd/process.c:2216(deadtime_fn) Closing idle connection [2010/04/24 14:58:59.515316, 10] lib/messages_local.c:234(messaging_tdb_store) messaging_tdb_store: [2010/04/24 14:58:59.515332, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_SHUTDOWN (13) dest: struct server_id id : 0x00001352 (4946) src: struct server_id id : 0x00001352 (4946) buf : DATA_BLOB length=0 [2010/04/24 14:58:59.515481, 10] smbd/process.c:687(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) stopped [2010/04/24 14:58:59.515505, 10] lib/messages_local.c:73(messaging_tdb_signal_handler) messaging_tdb_signal_handler: sig[10] count[1] msgs[1] [2010/04/24 14:58:59.515520, 10] lib/messages_local.c:444(message_dispatch) message_dispatch: received_messages = 1 [2010/04/24 14:58:59.515545, 10] lib/messages_local.c:193(messaging_tdb_fetch) messaging_tdb_fetch: [2010/04/24 14:58:59.515559, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) result: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_SHUTDOWN (13) dest: struct server_id id : 0x00001352 (4946) src: struct server_id id : 0x00001352 (4946) buf : DATA_BLOB length=0 [2010/04/24 14:58:59.515642, 3] smbd/server.c:146(msg_exit_server) got a SHUTDOWN message [2010/04/24 14:58:59.515661, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:58:59.515678, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:58:59.515694, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:58:59.515727, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 14:58:59.515749, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/04/24 14:58:59.515831, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 52130000FFFFFFFF0000 [2010/04/24 14:58:59.515853, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x70cf120 [2010/04/24 14:58:59.515869, 3] smbd/connection.c:42(yield_connection) deleting connection record returned NT_STATUS_NOT_FOUND [2010/04/24 14:58:59.515888, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 52130000FFFFFFFF0000 [2010/04/24 14:58:59.516012, 3] smbd/server.c:902(exit_server_common) Server exit (normal exit) [2010/04/24 14:58:59.517657, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 14:58:59.517825, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 14:58:59.518043, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 14:58:59.518160, 3] smbd/oplock.c:894(init_oplocks) init_oplocks: initializing messages. [2010/04/24 14:58:59.518861, 3] smbd/oplock_linux.c:224(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2010/04/24 14:58:59.518929, 5] lib/messages.c:329(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2010/04/24 14:58:59.518970, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(keepalive) 0x70d1648 [2010/04/24 14:58:59.519007, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(deadtime) 0x72043e0 [2010/04/24 14:58:59.519025, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(housekeeping) 0x70ee728 [2010/04/24 14:59:59.575175, 10] lib/events.c:123(run_events) Running timed event "smbd_idle_event_handler" 0x72043e0 [2010/04/24 14:59:59.575225, 10] smbd/process.c:683(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) called [2010/04/24 14:59:59.575243, 2] smbd/process.c:2216(deadtime_fn) Closing idle connection [2010/04/24 14:59:59.575294, 10] lib/messages_local.c:234(messaging_tdb_store) messaging_tdb_store: [2010/04/24 14:59:59.575311, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_SHUTDOWN (13) dest: struct server_id id : 0x00001359 (4953) src: struct server_id id : 0x00001359 (4953) buf : DATA_BLOB length=0 [2010/04/24 14:59:59.575465, 10] smbd/process.c:687(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) stopped [2010/04/24 14:59:59.575489, 10] lib/messages_local.c:73(messaging_tdb_signal_handler) messaging_tdb_signal_handler: sig[10] count[1] msgs[1] [2010/04/24 14:59:59.575505, 10] lib/messages_local.c:444(message_dispatch) message_dispatch: received_messages = 1 [2010/04/24 14:59:59.575535, 10] lib/messages_local.c:193(messaging_tdb_fetch) messaging_tdb_fetch: [2010/04/24 14:59:59.575549, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) result: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_SHUTDOWN (13) dest: struct server_id id : 0x00001359 (4953) src: struct server_id id : 0x00001359 (4953) buf : DATA_BLOB length=0 [2010/04/24 14:59:59.575634, 3] smbd/server.c:146(msg_exit_server) got a SHUTDOWN message [2010/04/24 14:59:59.575653, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 14:59:59.575671, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 14:59:59.575687, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 14:59:59.575721, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 14:59:59.575743, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/04/24 14:59:59.575845, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 59130000FFFFFFFF0000 [2010/04/24 14:59:59.575868, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x70cf120 [2010/04/24 14:59:59.575885, 3] smbd/connection.c:42(yield_connection) deleting connection record returned NT_STATUS_NOT_FOUND [2010/04/24 14:59:59.575906, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 59130000FFFFFFFF0000 [2010/04/24 14:59:59.576040, 3] smbd/server.c:902(exit_server_common) Server exit (normal exit) [2010/04/24 14:59:59.579559, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 14:59:59.579745, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 14:59:59.579949, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 14:59:59.580063, 3] smbd/oplock.c:894(init_oplocks) init_oplocks: initializing messages. [2010/04/24 14:59:59.580761, 3] smbd/oplock_linux.c:224(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2010/04/24 14:59:59.580826, 5] lib/messages.c:329(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2010/04/24 14:59:59.580868, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(keepalive) 0x70d1648 [2010/04/24 14:59:59.580904, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(deadtime) 0x72043e0 [2010/04/24 14:59:59.580922, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(housekeeping) 0x70ee728 [2010/04/24 15:00:02.836144, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 15:00:02.836334, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 15:00:02.836535, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 15:00:02.836647, 3] smbd/oplock.c:894(init_oplocks) init_oplocks: initializing messages. [2010/04/24 15:00:02.837333, 3] smbd/oplock_linux.c:224(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2010/04/24 15:00:02.837399, 5] lib/messages.c:329(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2010/04/24 15:00:02.837438, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(keepalive) 0x70d1648 [2010/04/24 15:00:02.837473, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(deadtime) 0x72043e0 [2010/04/24 15:00:02.837518, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(housekeeping) 0x70ee728 [2010/04/24 15:00:02.837607, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 155 [2010/04/24 15:00:02.837631, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x9b [2010/04/24 15:00:02.837647, 3] smbd/process.c:1485(process_smb) Transaction 0 of length 159 (0 toread) [2010/04/24 15:00:02.837661, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.837671, 5] lib/util.c:627(show_msg) size=155 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 smb_bcc=120 [2010/04/24 15:00:02.837736, 10] ../lib/util/util.c:278(_dump_data) [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [0010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 [0020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for [0030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. [0040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM [0050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 [0060] 32 00 02 53 4D 42 20 32 2E 30 30 32 00 02 53 4D 2..SMB 2 .002..SM [0070] 42 20 32 2E 3F 3F 3F 00 B 2.???. [2010/04/24 15:00:02.837897, 3] smbd/process.c:1294(switch_message) switch message SMBnegprot (pid 4988) conn 0x0 [2010/04/24 15:00:02.837916, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.837934, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.837949, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.837983, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:02.838045, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2010/04/24 15:00:02.838068, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LANMAN1.0] [2010/04/24 15:00:02.838083, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2010/04/24 15:00:02.838099, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LM1.2X002] [2010/04/24 15:00:02.838114, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [LANMAN2.1] [2010/04/24 15:00:02.838128, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [NT LM 0.12] [2010/04/24 15:00:02.838143, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [SMB 2.002] [2010/04/24 15:00:02.838158, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [SMB 2.???] [2010/04/24 15:00:02.838178, 10] lib/util.c:1969(set_remote_arch) set_remote_arch: Client arch is 'Win2K' [2010/04/24 15:00:02.838207, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 15:00:02.838242, 5] smbd/connection.c:142(claim_connection) claiming [] [2010/04/24 15:00:02.838329, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 7C130000FFFFFFFF0000 [2010/04/24 15:00:02.838359, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x71441a8 [2010/04/24 15:00:02.838409, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 7C130000FFFFFFFF0000 [2010/04/24 15:00:02.838499, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 15:00:02.838564, 3] smbd/negprot.c:404(reply_nt1) using SPNEGO [2010/04/24 15:00:02.838579, 3] smbd/negprot.c:691(reply_negprot) Selected protocol NT LM 0.12 [2010/04/24 15:00:02.838593, 5] smbd/negprot.c:698(reply_negprot) negprot index=5 [2010/04/24 15:00:02.838607, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.838625, 5] lib/util.c:627(show_msg) size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51283 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 smb_vwv[ 0]= 5 (0x5) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=31744 (0x7C00) smb_vwv[ 8]= 19 (0x13) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]= 128 (0x80) smb_vwv[12]=17973 (0x4635) smb_vwv[13]=44557 (0xAE0D) smb_vwv[14]=51939 (0xCAE3) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 255 (0xFF) smb_bcc=58 [2010/04/24 15:00:02.838758, 10] ../lib/util/util.c:278(_dump_data) [0000] 66 69 6C 65 73 65 72 76 65 72 00 00 00 00 00 00 fileserv er...... [0010] 60 28 06 06 2B 06 01 05 05 02 A0 1E 30 1C A0 0E `(..+... .. .0. . [0020] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A3 0A 0...+... ..7...£. [0030] 30 08 A0 06 1B 04 4E 4F 4E 45 0. ...NO NE [2010/04/24 15:00:02.839522, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 138 [2010/04/24 15:00:02.839541, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x8a [2010/04/24 15:00:02.839556, 3] smbd/process.c:1485(process_smb) Transaction 1 of length 142 (0 toread) [2010/04/24 15:00:02.839570, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.839579, 5] lib/util.c:627(show_msg) size=138 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=79 [2010/04/24 15:00:02.839690, 10] ../lib/util/util.c:278(_dump_data) [0000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... .. >0< . [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7...¢* [0020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... [0030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .â...... ........ [0040] 00 00 06 01 B0 1D 00 00 00 0F 00 00 00 00 00 ....°... ....... [2010/04/24 15:00:02.839787, 3] smbd/process.c:1294(switch_message) switch message SMBsesssetupX (pid 4988) conn 0x0 [2010/04/24 15:00:02.839801, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.839815, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.839828, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.839850, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:02.839867, 3] smbd/sesssetup.c:1435(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2010/04/24 15:00:02.839886, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/04/24 15:00:02.839901, 3] smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego) Doing spnego session setup [2010/04/24 15:00:02.839918, 3] smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2010/04/24 15:00:02.839934, 10] lib/util.c:1969(set_remote_arch) set_remote_arch: Client arch is 'Vista' [2010/04/24 15:00:02.839951, 10] smbd/password.c:184(register_initial_vuid) register_initial_vuid: allocated vuid = 100 [2010/04/24 15:00:02.839970, 10] smbd/sesssetup.c:1134(check_spnego_blob_complete) check_spnego_blob_complete: needed_len = 74, pblob->length = 74 [2010/04/24 15:00:02.840001, 5] smbd/sesssetup.c:753(parse_spnego_mechanisms) parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 [2010/04/24 15:00:02.840027, 3] smbd/sesssetup.c:805(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 40 [2010/04/24 15:00:02.840053, 5] auth/auth.c:481(make_auth_context_subsystem) Making default auth method list for DC, security=user, encrypt passwords = yes [2010/04/24 15:00:02.840075, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend sam [2010/04/24 15:00:02.840091, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'sam' [2010/04/24 15:00:02.840105, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend sam_ignoredomain [2010/04/24 15:00:02.840118, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'sam_ignoredomain' [2010/04/24 15:00:02.840133, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend unix [2010/04/24 15:00:02.840148, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'unix' [2010/04/24 15:00:02.840163, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend winbind [2010/04/24 15:00:02.840177, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'winbind' [2010/04/24 15:00:02.840191, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend wbc [2010/04/24 15:00:02.840205, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'wbc' [2010/04/24 15:00:02.840219, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend smbserver [2010/04/24 15:00:02.840232, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'smbserver' [2010/04/24 15:00:02.840247, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend trustdomain [2010/04/24 15:00:02.840261, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'trustdomain' [2010/04/24 15:00:02.840275, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend ntdomain [2010/04/24 15:00:02.840288, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'ntdomain' [2010/04/24 15:00:02.840303, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend guest [2010/04/24 15:00:02.840318, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'guest' [2010/04/24 15:00:02.840331, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend netlogond [2010/04/24 15:00:02.840347, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'netlogond' [2010/04/24 15:00:02.840362, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2010/04/24 15:00:02.840379, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method guest has a valid init [2010/04/24 15:00:02.840393, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2010/04/24 15:00:02.840408, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method sam has a valid init [2010/04/24 15:00:02.840428, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2010/04/24 15:00:02.840443, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match trustdomain [2010/04/24 15:00:02.840458, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method trustdomain has a valid init [2010/04/24 15:00:02.840472, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method winbind has a valid init [2010/04/24 15:00:02.840506, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2010/04/24 15:00:02.840605, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0xe2088297 (3792208535) 1: NTLMSSP_NEGOTIATE_UNICODE 1: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 1: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : NULL WorkstationLen : 0x0000 (0) WorkstationMaxLen : 0x0000 (0) Workstation : NULL Version: struct VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x1db0 (7600) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) [2010/04/24 15:00:02.841164, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module guest did not want to specify a challenge [2010/04/24 15:00:02.841179, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module sam did not want to specify a challenge [2010/04/24 15:00:02.841193, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module winbind did not want to specify a challenge [2010/04/24 15:00:02.841215, 5] auth/auth.c:132(get_ntlm_challenge) auth_context challenge created by random [2010/04/24 15:00:02.841229, 5] auth/auth.c:133(get_ntlm_challenge) challenge is: [2010/04/24 15:00:02.841243, 5] ../lib/util/util.c:278(_dump_data) [0000] 4F 97 DE C9 9B 3C 3E 99 O.ÞÉ.<>. [2010/04/24 15:00:02.841458, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x000e (14) TargetNameMaxLen : 0x000e (14) TargetName : * TargetName : 'GYM-OHA' NegotiateFlags : 0xe2898295 (3800662677) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 1: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 ServerChallenge : 4f97dec99b3c3e99 Reserved : 0000000000000000 TargetInfoLen : 0x0068 (104) TargetNameInfoMaxLen : 0x0068 (104) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'GYM-OHA' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0014 (20) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'FILESERVER' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'gym-oha' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0024 (36) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'fileserver.gym-oha' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Version: struct VERSION ProductMajorVersion : UNKNOWN_ENUM_VALUE (0x47) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_0 (0x0) ProductBuild : 0x0059 (89) Reserved : 4d002d NTLMRevisionCurrent : UNKNOWN_ENUM_VALUE (0x0) [2010/04/24 15:00:02.842013, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.842024, 5] lib/util.c:627(show_msg) size=290 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=64 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 197 (0xC5) smb_bcc=247 [2010/04/24 15:00:02.842101, 10] ../lib/util/util.c:278(_dump_data) [0000] A1 81 C2 30 81 BF A0 03 0A 01 01 A1 0C 06 0A 2B ¡.Â0.¿ . ...¡...+ [0010] 06 01 04 01 82 37 02 02 0A A2 81 A9 04 81 A6 4E .....7.. .¢.©..¦N [0020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 [0030] 00 00 00 95 82 89 E2 4F 97 DE C9 9B 3C 3E 99 00 ......âO .ÞÉ.<>.. [0040] 00 00 00 00 00 00 00 68 00 68 00 3E 00 00 00 47 .......h .h.>...G [0050] 00 59 00 4D 00 2D 00 4F 00 48 00 41 00 02 00 0E .Y.M.-.O .H.A.... [0060] 00 47 00 59 00 4D 00 2D 00 4F 00 48 00 41 00 01 .G.Y.M.- .O.H.A.. [0070] 00 14 00 46 00 49 00 4C 00 45 00 53 00 45 00 52 ...F.I.L .E.S.E.R [0080] 00 56 00 45 00 52 00 04 00 0E 00 67 00 79 00 6D .V.E.R.. ...g.y.m [0090] 00 2D 00 6F 00 68 00 61 00 03 00 24 00 66 00 69 .-.o.h.a ...$.f.i [00A0] 00 6C 00 65 00 73 00 65 00 72 00 76 00 65 00 72 .l.e.s.e .r.v.e.r [00B0] 00 2E 00 67 00 79 00 6D 00 2D 00 6F 00 68 00 61 ...g.y.m .-.o.h.a [00C0] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S [00D0] 00 61 00 6D 00 62 00 61 00 20 00 33 00 2E 00 35 .a.m.b.a . .3...5 [00E0] 00 2E 00 32 00 00 00 47 00 59 00 4D 00 2D 00 4F ...2...G .Y.M.-.O [00F0] 00 48 00 41 00 00 00 .H.A... [2010/04/24 15:00:02.842764, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 186 [2010/04/24 15:00:02.842783, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0xba [2010/04/24 15:00:02.842797, 3] smbd/process.c:1485(process_smb) Transaction 2 of length 190 (0 toread) [2010/04/24 15:00:02.842812, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.842821, 5] lib/util.c:627(show_msg) size=186 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 123 (0x7B) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=127 [2010/04/24 15:00:02.842932, 10] ../lib/util/util.c:278(_dump_data) [0000] A1 79 30 77 A2 75 04 73 4E 54 4C 4D 53 53 50 00 ¡y0w¢u.s NTLMSSP. [0010] 03 00 00 00 01 00 01 00 62 00 00 00 00 00 00 00 ........ b....... [0020] 63 00 00 00 00 00 00 00 58 00 00 00 00 00 00 00 c....... X....... [0030] 58 00 00 00 0A 00 0A 00 58 00 00 00 10 00 10 00 X....... X....... [0040] 63 00 00 00 15 8A 88 E2 06 01 B0 1D 00 00 00 0F c......â ..°..... [0050] 68 88 A8 93 A7 4F 3D 20 24 68 C7 42 90 8F B2 95 h.¨.§O= $hÇB..². [0060] 50 00 43 00 32 00 37 00 34 00 00 72 81 E7 08 16 P.C.2.7. 4..r.ç.. [0070] E1 EC F1 C7 89 A4 60 B5 89 EC AD 00 00 00 00 áìñÇ.¤`µ .ì­.... [2010/04/24 15:00:02.843081, 3] smbd/process.c:1294(switch_message) switch message SMBsesssetupX (pid 4988) conn 0x0 [2010/04/24 15:00:02.843096, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.843110, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.843124, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.843160, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:02.843176, 3] smbd/sesssetup.c:1435(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2010/04/24 15:00:02.843190, 2] smbd/sesssetup.c:1390(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2010/04/24 15:00:02.843204, 3] smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego) Doing spnego session setup [2010/04/24 15:00:02.843220, 3] smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2010/04/24 15:00:02.843236, 10] smbd/sesssetup.c:1134(check_spnego_blob_complete) check_spnego_blob_complete: needed_len = 123, pblob->length = 123 [2010/04/24 15:00:02.843273, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0001 (1) LmChallengeResponseMaxLen: 0x0001 (1) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 1) NtChallengeResponseLen : 0x0000 (0) NtChallengeResponseMaxLen: 0x0000 (0) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 0) DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : * DomainName : '' UserNameLen : 0x0000 (0) UserNameMaxLen : 0x0000 (0) UserName : * UserName : '' WorkstationLen : 0x000a (10) WorkstationMaxLen : 0x000a (10) Workstation : * Workstation : 'PC274' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [2010/04/24 15:00:02.843454, 10] ../lib/util/util.c:278(_dump_data) [0000] 72 81 E7 08 16 E1 EC F1 C7 89 A4 60 B5 89 EC AD r.ç..áìñ Ç.¤`µ.ì­ NegotiateFlags : 0xe2888a15 (3800599061) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 1: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 Version: struct VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x1db0 (7600) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) [2010/04/24 15:00:02.843697, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth) Got user=[] domain=[] workstation=[PC274] len1=1 len2=0 [2010/04/24 15:00:02.843725, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 15:00:02.843761, 5] auth/auth_util.c:211(make_user_info_map) Mapping user []\[] from workstation [PC274] [2010/04/24 15:00:02.843780, 5] auth/auth_util.c:232(make_user_info_map) Mapped domain from [] to [GYM-OHA] for user [] from workstation [PC274] [2010/04/24 15:00:02.843796, 5] auth/auth_util.c:122(make_user_info) attempting to make a user_info for () [2010/04/24 15:00:02.843811, 5] auth/auth_util.c:132(make_user_info) making strings for 's user_info struct [2010/04/24 15:00:02.843825, 5] auth/auth_util.c:164(make_user_info) making blobs for 's user_info struct [2010/04/24 15:00:02.843840, 10] auth/auth_util.c:182(make_user_info) made an encrypted user_info for () [2010/04/24 15:00:02.843855, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []\[]@[PC274] with the new password interface [2010/04/24 15:00:02.843880, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [GYM-OHA]\[]@[PC274] [2010/04/24 15:00:02.843896, 10] auth/auth.c:228(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2010/04/24 15:00:02.843910, 10] auth/auth.c:230(check_ntlm_password) challenge is: [2010/04/24 15:00:02.843923, 5] ../lib/util/util.c:278(_dump_data) [0000] 4F 97 DE C9 9B 3C 3E 99 O.ÞÉ.<>. [2010/04/24 15:00:02.843998, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=99))], scope => [2] [2010/04/24 15:00:02.844034, 5] lib/smbldap.c:1262(smbldap_close) The connection to the LDAP server was closed [2010/04/24 15:00:02.844049, 10] lib/smbldap.c:751(smb_ldap_setup_conn) smb_ldap_setup_connection: ldaps://gym-oha.dyndns.org [2010/04/24 15:00:02.844144, 2] lib/smbldap.c:950(smbldap_open_connection) smbldap_open_connection: connection opened [2010/04/24 15:00:02.844160, 10] lib/smbldap.c:1120(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldaps://gym-oha.dyndns.org as "cn=Manager,dc=gym-oha,dc=de" [2010/04/24 15:00:02.861816, 3] lib/smbldap.c:1166(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2010/04/24 15:00:02.861861, 4] lib/smbldap.c:1242(smbldap_open) The LDAP server is successfully connected [2010/04/24 15:00:02.862504, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=99)) [2010/04/24 15:00:02.862532, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.862548, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.862563, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.862577, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.862592, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.862650, 10] lib/gencache.c:345(gencache_get_data_blob) Returning expired cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 14:58:33 2010 [2010/04/24 15:00:02.862682, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/password history and timeout = Thu Jan 1 01:00:00 1970 (-1272114002 seconds in the past) [2010/04/24 15:00:02.862735, 10] passdb/pdb_ldap.c:3983(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2010/04/24 15:00:02.862753, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=GYM-OHA,dc=gym-oha,dc=de], filter => [(objectClass=sambaDomain)], scope => [0] [2010/04/24 15:00:02.863310, 10] lib/account_pol.c:396(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2010/04/24 15:00:02.863330, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/password history and timeout = Sat Apr 24 15:01:02 2010 (60 seconds ahead) [2010/04/24 15:00:02.863372, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.863403, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username nobody, was [2010/04/24 15:00:02.863420, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:02.863434, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username , was [2010/04/24 15:00:02.863449, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Nobody, was [2010/04/24 15:00:02.863467, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.863508, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\nobody, was [2010/04/24 15:00:02.863524, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:02.863542, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\nobody.bat, was [2010/04/24 15:00:02.863558, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.863576, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\nobody\NTProfile, was [2010/04/24 15:00:02.863592, 10] passdb/pdb_get_set.c:813(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/24 15:00:02.863607, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.863622, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.863636, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.863651, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.863668, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.863695, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.863728, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.863745, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-501 [2010/04/24 15:00:02.863764, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-501 from rid 501 [2010/04/24 15:00:02.863803, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-21-4031555581-2449722753-3032957831-513 couldn't be found [2010/04/24 15:00:02.863929, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-21-4031555581-2449722753-3032957831-513 [2010/04/24 15:00:02.863949, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.863963, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.863978, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.863992, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.864005, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.864029, 5] passdb/pdb_interface.c:1473(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 513. [2010/04/24 15:00:02.864047, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.864061, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:02.864075, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.864089, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.864102, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.864151, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(sambaSID=S-1-5-21-4031555581-2449722753-3032957831-513)(objectclass=sambaSamAccount))], scope => [2] [2010/04/24 15:00:02.864898, 4] passdb/pdb_ldap.c:1695(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-4031555581-2449722753-3032957831-513] count=0 [2010/04/24 15:00:02.864941, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-4031555581-2449722753-3032957831-513))], scope => [2] [2010/04/24 15:00:02.865607, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 513 [2010/04/24 15:00:02.865645, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.865664, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.865679, 10] passdb/lookup_sid.c:1288(legacy_sid_to_gid) LEGACY: sid S-1-5-21-4031555581-2449722753-3032957831-513 -> gid 513 [2010/04/24 15:00:02.865698, 10] passdb/pdb_get_set.c:595(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-4031555581-2449722753-3032957831-513 [2010/04/24 15:00:02.865715, 3] auth/auth.c:265(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2010/04/24 15:00:02.865730, 5] auth/auth.c:304(check_ntlm_password) check_ntlm_password: guest authentication for user [] -> [] -> [nobody] succeeded [2010/04/24 15:00:02.865746, 5] auth/auth_util.c:2119(free_user_info) attempting to free (and zero) a user_info structure [2010/04/24 15:00:02.865760, 10] auth/auth_util.c:2123(free_user_info) structure was created for [2010/04/24 15:00:02.865777, 10] auth/token_util.c:356(create_local_nt_token) Create local NT token for S-1-5-21-4031555581-2449722753-3032957831-501 [2010/04/24 15:00:02.865804, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found [2010/04/24 15:00:02.865827, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2010/04/24 15:00:02.865842, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.865857, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.865871, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.865885, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.865898, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.865925, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2010/04/24 15:00:02.866442, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2010/04/24 15:00:02.866464, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.866479, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2010/04/24 15:00:02.866495, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.866509, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.866522, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.866536, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.866549, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.866596, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found [2010/04/24 15:00:02.866618, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2010/04/24 15:00:02.866634, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.866648, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:02.866672, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.866686, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.866699, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.866727, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2010/04/24 15:00:02.867243, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2010/04/24 15:00:02.867264, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.867279, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2010/04/24 15:00:02.867298, 5] auth/token_util.c:277(create_builtin_users) create_builtin_users: Failed to create Users [2010/04/24 15:00:02.867315, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.867329, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.867343, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.867357, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.867371, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.867384, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.867432, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-4031555581-2449722753-3032957831-501)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-32-546)))], scope => [2] [2010/04/24 15:00:02.870016, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.870045, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-4031555581-2449722753-3032957831-501] [2010/04/24 15:00:02.870067, 5] lib/privileges.c:128(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/24 15:00:02.870100, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2010/04/24 15:00:02.870119, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2010/04/24 15:00:02.870142, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-1-0 couldn't be found [2010/04/24 15:00:02.870163, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-1-0 [2010/04/24 15:00:02.870178, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.870192, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.870206, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.870220, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.870233, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.870260, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2010/04/24 15:00:02.870937, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2010/04/24 15:00:02.870969, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.870984, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2010/04/24 15:00:02.870999, 10] auth/auth_util.c:753(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2010/04/24 15:00:02.871021, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-2 couldn't be found [2010/04/24 15:00:02.871042, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-2 [2010/04/24 15:00:02.871057, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.871071, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.871085, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.871099, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.871112, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.871139, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2010/04/24 15:00:02.871734, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2010/04/24 15:00:02.871756, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.871770, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2010/04/24 15:00:02.871786, 10] auth/auth_util.c:753(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2010/04/24 15:00:02.871808, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-32-546 couldn't be found [2010/04/24 15:00:02.871829, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-546 [2010/04/24 15:00:02.871845, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.871859, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.871872, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.871886, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.871899, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.871926, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546))], scope => [2] [2010/04/24 15:00:02.872584, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-546)) [2010/04/24 15:00:02.872606, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.872621, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-546 [2010/04/24 15:00:02.872635, 10] auth/auth_util.c:753(create_local_token) Could not convert SID S-1-5-32-546 to gid, ignoring it [2010/04/24 15:00:02.872652, 10] auth/token_util.c:531(debug_nt_user_token) NT user token of user S-1-5-21-4031555581-2449722753-3032957831-501 contains 5 SIDs SID[ 0]: S-1-5-21-4031555581-2449722753-3032957831-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-99 SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/24 15:00:02.872707, 10] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups [2010/04/24 15:00:02.872739, 10] auth/auth_ntlmssp.c:139(auth_ntlmssp_check_password) Got NT session key of length 16 [2010/04/24 15:00:02.872756, 10] auth/auth_ntlmssp.c:146(auth_ntlmssp_check_password) Got LM session key of length 16 [2010/04/24 15:00:02.872771, 10] libsmb/ntlmssp.c:853(ntlmssp_server_auth) ntlmssp_server_auth: Using unmodified nt session key. [2010/04/24 15:00:02.872795, 3] libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2010/04/24 15:00:02.872810, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2010/04/24 15:00:02.872890, 10] smbd/password.c:278(register_existing_vuid) register_existing_vuid: (99,99) nobody GYM-OHA guest=1 [2010/04/24 15:00:02.872906, 3] smbd/password.c:282(register_existing_vuid) register_existing_vuid: User name: nobody Real name: Nobody [2010/04/24 15:00:02.872920, 3] smbd/password.c:292(register_existing_vuid) register_existing_vuid: UNIX uid 99 is UNIX user nobody, and will be vuid 100 [2010/04/24 15:00:02.872954, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 15:00:02.873003, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.873014, 5] lib/util.c:627(show_msg) size=102 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 1 (0x1) smb_vwv[ 3]= 9 (0x9) smb_bcc=59 [2010/04/24 15:00:02.873089, 10] ../lib/util/util.c:278(_dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ¡.0. ... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 35 00 2E 00 32 00 00 00 47 00 59 00 4D ...5...2 ...G.Y.M [0030] 00 2D 00 4F 00 48 00 41 00 00 00 .-.O.H.A ... [2010/04/24 15:00:02.873514, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 86 [2010/04/24 15:00:02.873533, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x56 [2010/04/24 15:00:02.873548, 3] smbd/process.c:1485(process_smb) Transaction 3 of length 90 (0 toread) [2010/04/24 15:00:02.873562, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.873571, 5] lib/util.c:627(show_msg) size=86 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 86 (0x56) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=43 [2010/04/24 15:00:02.873645, 10] ../lib/util/util.c:278(_dump_data) [0000] 00 5C 00 5C 00 46 00 49 00 4C 00 45 00 53 00 45 .\.\.F.I .L.E.S.E [0010] 00 52 00 56 00 45 00 52 00 5C 00 49 00 50 00 43 .R.V.E.R .\.I.P.C [0020] 00 24 00 00 00 3F 3F 3F 3F 3F 00 .$...??? ??. [2010/04/24 15:00:02.873706, 3] smbd/process.c:1294(switch_message) switch message SMBtconX (pid 4988) conn 0x0 [2010/04/24 15:00:02.873721, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.873735, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.873748, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.873768, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:02.873790, 4] smbd/reply.c:767(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2010/04/24 15:00:02.873816, 5] smbd/service.c:1226(make_connection) making a connection to 'normal' service ipc$ [2010/04/24 15:00:02.873858, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.873873, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.873887, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.873901, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.873914, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.873940, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.873970, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.873990, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username nobody, was [2010/04/24 15:00:02.874004, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:02.874019, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username , was [2010/04/24 15:00:02.874033, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Nobody, was [2010/04/24 15:00:02.874047, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.874066, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\nobody, was [2010/04/24 15:00:02.874080, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:02.874098, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\nobody.bat, was [2010/04/24 15:00:02.874113, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.874129, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\nobody\NTProfile, was [2010/04/24 15:00:02.874144, 10] passdb/pdb_get_set.c:813(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/24 15:00:02.874159, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.874173, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.874186, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.874200, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.874213, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.874239, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.874269, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.874284, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-501 [2010/04/24 15:00:02.874300, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-501 from rid 501 [2010/04/24 15:00:02.874323, 10] passdb/pdb_get_set.c:595(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-4031555581-2449722753-3032957831-513 [2010/04/24 15:00:02.874340, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user nobody [2010/04/24 15:00:02.874354, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2010/04/24 15:00:02.874369, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2010/04/24 15:00:02.874398, 10] smbd/service.c:163(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /var/tmp [2010/04/24 15:00:02.874423, 3] smbd/service.c:807(make_connection_snum) Connect path is '/var/tmp' for service [IPC$] [2010/04/24 15:00:02.874449, 10] lib/util_seaccess.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2010/04/24 15:00:02.874468, 3] smbd/vfs.c:97(vfs_init_default) Initialising default vfs hooks [2010/04/24 15:00:02.874487, 10] smbd/vfs.c:48(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2010/04/24 15:00:02.874501, 5] smbd/vfs.c:87(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2010/04/24 15:00:02.874518, 10] smbd/vfs.c:48(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2010/04/24 15:00:02.874532, 5] smbd/vfs.c:87(smb_register_vfs) Successfully added vfs backend 'posixacl' [2010/04/24 15:00:02.874545, 3] smbd/vfs.c:122(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2010/04/24 15:00:02.874559, 10] smbd/vfs.c:48(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2010/04/24 15:00:02.874580, 5] smbd/connection.c:142(claim_connection) claiming [IPC$] [2010/04/24 15:00:02.874663, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 7C130000010000004950 [2010/04/24 15:00:02.874682, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x70cf120 [2010/04/24 15:00:02.874707, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 7C130000010000004950 [2010/04/24 15:00:02.874808, 10] smbd/service.c:163(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /var/tmp [2010/04/24 15:00:02.874826, 10] smbd/share_access.c:238(user_ok_token) user_ok_token: share IPC$ is ok for unix user nobody [2010/04/24 15:00:02.874843, 10] smbd/share_access.c:283(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user nobody [2010/04/24 15:00:02.874864, 10] lib/util_seaccess.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2010/04/24 15:00:02.874881, 3] lib/util_sid.c:228(string_to_sid) string_to_sid: Sid @GYM-OHA\Domain Admins does not start with 'S-'. [2010/04/24 15:00:02.874931, 5] smbd/password.c:423(user_in_netgroup) Unable to get default yp domain, let's try without specifying it [2010/04/24 15:00:02.874946, 5] smbd/password.c:430(user_in_netgroup) looking for user nobody of domain (ANY) in netgroup GYM-OHA\Domain Admins [2010/04/24 15:00:02.874991, 10] passdb/lookup_sid.c:69(lookup_name) lookup_name: GYM-OHA\Domain Admins => GYM-OHA (domain), Domain Admins (name) [2010/04/24 15:00:02.875006, 10] passdb/lookup_sid.c:70(lookup_name) lookup_name: flags = 0x077 [2010/04/24 15:00:02.875022, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.875036, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.875050, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.875063, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.875077, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.875105, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=Domain Admins)(cn=Domain Admins)))], scope => [2] [2010/04/24 15:00:02.875785, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 512 [2010/04/24 15:00:02.875821, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.875841, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.875856, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.875880, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.875895, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.875908, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.875933, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.875964, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.875982, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username nobody, was [2010/04/24 15:00:02.875996, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:02.876010, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username , was [2010/04/24 15:00:02.876024, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Nobody, was [2010/04/24 15:00:02.876038, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.876056, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\nobody, was [2010/04/24 15:00:02.876071, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:02.876087, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\nobody.bat, was [2010/04/24 15:00:02.876102, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.876118, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\nobody\NTProfile, was [2010/04/24 15:00:02.876134, 10] passdb/pdb_get_set.c:813(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/24 15:00:02.876148, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.876161, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.876175, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.876188, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.876201, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.876226, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.876257, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.876272, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-501 [2010/04/24 15:00:02.876288, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-501 from rid 501 [2010/04/24 15:00:02.876311, 10] passdb/pdb_get_set.c:595(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-4031555581-2449722753-3032957831-513 [2010/04/24 15:00:02.876331, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.876345, 5] auth/token_util.c:531(debug_nt_user_token) NT user token of user S-1-5-21-4031555581-2449722753-3032957831-501 contains 5 SIDs SID[ 0]: S-1-5-21-4031555581-2449722753-3032957831-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-99 SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/24 15:00:02.876398, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups [2010/04/24 15:00:02.876431, 5] smbd/uid.c:354(change_to_user) change_to_user uid=(0,99) gid=(0,99) [2010/04/24 15:00:02.876456, 10] smbd/service.c:163(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /var/tmp [2010/04/24 15:00:02.876481, 3] smbd/service.c:1069(make_connection_snum) pc274 (192.168.206.1) connect to service IPC$ initially as user nobody (uid=99, gid=99) (pid 4988) [2010/04/24 15:00:02.876501, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.876514, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.876527, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.876550, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:02.876567, 3] smbd/reply.c:846(reply_tcon_and_X) tconX service=IPC$ [2010/04/24 15:00:02.876858, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 104 [2010/04/24 15:00:02.876876, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x68 [2010/04/24 15:00:02.876890, 3] smbd/process.c:1485(process_smb) Transaction 4 of length 108 (0 toread) [2010/04/24 15:00:02.876905, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.876914, 5] lib/util.c:627(show_msg) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=440 smb_uid=100 smb_mid=256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16896 (0x4200) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2010/04/24 15:00:02.877071, 10] ../lib/util/util.c:278(_dump_data) [0000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [0010] 00 4E 00 00 00 .N... [2010/04/24 15:00:02.877112, 3] smbd/process.c:1294(switch_message) switch message SMBntcreateX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.877127, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.877141, 5] auth/token_util.c:531(debug_nt_user_token) NT user token of user S-1-5-21-4031555581-2449722753-3032957831-501 contains 5 SIDs SID[ 0]: S-1-5-21-4031555581-2449722753-3032957831-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-99 SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/24 15:00:02.877192, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups [2010/04/24 15:00:02.877214, 5] smbd/uid.c:354(change_to_user) change_to_user uid=(0,99) gid=(0,99) [2010/04/24 15:00:02.877233, 4] smbd/vfs.c:721(vfs_ChDir) vfs_ChDir to /var/tmp [2010/04/24 15:00:02.877260, 10] smbd/nttrans.c:498(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x420040 root_dir_fid = 0x0, fname = NETLOGON [2010/04/24 15:00:02.877284, 4] smbd/nttrans.c:283(nt_open_pipe) nt_open_pipe: Opening pipe \NETLOGON. [2010/04/24 15:00:02.877305, 5] smbd/files.c:119(file_new) allocated file structure 14382, fnum = 18478 (1 used) [2010/04/24 15:00:02.877333, 4] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) Create pipe requested \netlogon [2010/04/24 15:00:02.877377, 10] rpc_server/srv_lsa_hnd.c:114(init_pipe_handle_list) init_pipe_handles: created handle list for pipe \netlogon [2010/04/24 15:00:02.877393, 10] rpc_server/srv_lsa_hnd.c:131(init_pipe_handle_list) init_pipe_handles: pipe_handles ref count = 1 for pipe \netlogon [2010/04/24 15:00:02.877412, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.877428, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.877442, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.877456, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.877469, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.877496, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.877526, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.877544, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username nobody, was [2010/04/24 15:00:02.877558, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:02.877571, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username , was [2010/04/24 15:00:02.877585, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Nobody, was [2010/04/24 15:00:02.877599, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.877616, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\nobody, was [2010/04/24 15:00:02.877630, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:02.877646, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\nobody.bat, was [2010/04/24 15:00:02.877661, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.877677, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\nobody\NTProfile, was [2010/04/24 15:00:02.877692, 10] passdb/pdb_get_set.c:813(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/24 15:00:02.877706, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.877721, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.877734, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.877747, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.877761, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.877786, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.877816, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.877831, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-501 [2010/04/24 15:00:02.877847, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-501 from rid 501 [2010/04/24 15:00:02.877869, 10] passdb/pdb_get_set.c:595(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-4031555581-2449722753-3032957831-513 [2010/04/24 15:00:02.877886, 4] rpc_server/srv_pipe_hnd.c:162(make_internal_rpc_pipe_p) Created internal pipe \netlogon (pipes_open=0) [2010/04/24 15:00:02.877913, 5] smbd/nttrans.c:372(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \NETLOGON [2010/04/24 15:00:02.878306, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 72 [2010/04/24 15:00:02.878323, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x48 [2010/04/24 15:00:02.878337, 3] smbd/process.c:1485(process_smb) Transaction 5 of length 76 (0 toread) [2010/04/24 15:00:02.878350, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.878359, 5] lib/util.c:627(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=440 smb_uid=100 smb_mid=320 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2010/04/24 15:00:02.878476, 10] ../lib/util/util.c:278(_dump_data) [0000] 00 00 00 2E 48 ED 03 ....Hí. [2010/04/24 15:00:02.878499, 3] smbd/process.c:1294(switch_message) switch message SMBtrans2 (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.878514, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.878540, 9] smbd/trans2.c:910(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2010/04/24 15:00:02.878557, 9] smbd/trans2.c:912(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2010/04/24 15:00:02.878571, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.878580, 5] lib/util.c:627(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=440 smb_uid=100 smb_mid=320 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2010/04/24 15:00:02.878677, 10] ../lib/util/util.c:278(_dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2010/04/24 15:00:02.879004, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 180 [2010/04/24 15:00:02.879021, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0xb4 [2010/04/24 15:00:02.879035, 3] smbd/process.c:1485(process_smb) Transaction 6 of length 184 (0 toread) [2010/04/24 15:00:02.879048, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.879057, 5] lib/util.c:627(show_msg) size=180 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=384 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18478 (0x482E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 116 (0x74) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 116 (0x74) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=117 [2010/04/24 15:00:02.879190, 10] ../lib/util/util.c:278(_dump_data) [0000] EE 05 00 0B 03 10 00 00 00 74 00 00 00 02 00 00 î....... .t...... [0010] 00 B8 10 B8 10 00 00 00 00 02 00 00 00 00 00 01 .¸.¸.... ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.Í «ï..#EgÏ [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 û.....]. .ë.É..è. [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4.Í«ï.. #EgÏû... [0060] 00 2C 1C B7 6C 12 98 40 45 03 00 00 00 00 00 00 .,.·l..@ E....... [0070] 00 01 00 00 00 ..... [2010/04/24 15:00:02.879340, 3] smbd/process.c:1294(switch_message) switch message SMBwriteX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.879354, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.879372, 6] smbd/pipes.c:291(reply_pipe_write_and_X) reply_pipe_write_and_X: 482e name: NETLOGON len: 116 [2010/04/24 15:00:02.879389, 6] rpc_server/srv_pipe_hnd.c:1208(np_write_send) np_write_send: len: 116 [2010/04/24 15:00:02.879407, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 116 [2010/04/24 15:00:02.879423, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 116 [2010/04/24 15:00:02.879437, 10] rpc_server/srv_pipe_hnd.c:193(fill_rpc_header) fill_rpc_header: data_to_copy = 116, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/24 15:00:02.879452, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/24 15:00:02.879466, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 100 [2010/04/24 15:00:02.879480, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 100 [2010/04/24 15:00:02.879497, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0074 000a auth_len : 0000 000c call_id : 00000002 [2010/04/24 15:00:02.879572, 5] rpc_server/srv_pipe_hnd.c:289(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/24 15:00:02.879586, 10] rpc_server/srv_pipe_hnd.c:318(unmarshall_rpc_header) unmarshall_rpc_header: type = 11, flags = 3 [2010/04/24 15:00:02.879601, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/24 15:00:02.879614, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 100 [2010/04/24 15:00:02.879627, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 100, incoming data = 100 [2010/04/24 15:00:02.879643, 10] rpc_server/srv_pipe_hnd.c:537(process_complete_pdu) process_complete_pdu: processing packet type 11 [2010/04/24 15:00:02.879664, 5] rpc_server/srv_pipe.c:1641(api_pipe_bind_req) api_pipe_bind_req: decode request. 1641 [2010/04/24 15:00:02.879680, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_rb [2010/04/24 15:00:02.879694, 6] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 02 000c context_id : 0000 000e num_transfer_syntaxes: 01 [2010/04/24 15:00:02.879739, 6] rpc_parse/parse_prs.c:89(prs_debug) 00000f smb_io_rpc_iface [2010/04/24 15:00:02.879754, 7] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_uuid uuid 0010 data : 12345678 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 cf fb 0020 version: 00000001 [2010/04/24 15:00:02.879805, 6] rpc_parse/parse_prs.c:89(prs_debug) 000024 smb_io_rpc_iface [2010/04/24 15:00:02.879819, 7] rpc_parse/parse_prs.c:89(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 0038 context_id : 0001 003a num_transfer_syntaxes: 01 [2010/04/24 15:00:02.879886, 6] rpc_parse/parse_prs.c:89(prs_debug) 00003b smb_io_rpc_iface [2010/04/24 15:00:02.879901, 7] rpc_parse/parse_prs.c:89(prs_debug) 00003c smb_io_uuid uuid 003c data : 12345678 0040 data : 1234 0042 data : abcd 0044 data : ef 00 0046 data : 01 23 45 67 cf fb 004c version: 00000001 [2010/04/24 15:00:02.879948, 6] rpc_parse/parse_prs.c:89(prs_debug) 000050 smb_io_rpc_iface [2010/04/24 15:00:02.879962, 7] rpc_parse/parse_prs.c:89(prs_debug) 000050 smb_io_uuid uuid 0050 data : 6cb71c2c 0054 data : 9812 0056 data : 4540 0058 data : 03 00 005a data : 00 00 00 00 00 00 0060 version: 00000001 [2010/04/24 15:00:02.880011, 3] rpc_server/srv_pipe.c:1667(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2010/04/24 15:00:02.880026, 5] rpc_server/srv_pipe.c:1717(api_pipe_bind_req) api_pipe_bind_req: make response. 1717 [2010/04/24 15:00:02.880041, 3] rpc_server/srv_pipe.c:998(check_bind_req) check_bind_req for \netlogon checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon [2010/04/24 15:00:02.880087, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_ba [2010/04/24 15:00:02.880101, 6] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 [2010/04/24 15:00:02.880130, 6] rpc_parse/parse_prs.c:89(prs_debug) 000008 smb_io_rpc_addr_str 0008 len: 000f 000a str: \PIPE\netlogon. [2010/04/24 15:00:02.880160, 6] rpc_parse/parse_prs.c:89(prs_debug) 000019 smb_io_rpc_results 001c num_results: 01 0020 result : 0000 0022 reason : 0000 [2010/04/24 15:00:02.880190, 6] rpc_parse/parse_prs.c:89(prs_debug) 000024 smb_io_rpc_iface [2010/04/24 15:00:02.880204, 7] rpc_parse/parse_prs.c:89(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 [2010/04/24 15:00:02.880252, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000002 [2010/04/24 15:00:02.880323, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 100 [2010/04/24 15:00:02.880354, 3] smbd/pipes.c:352(pipe_write_andx_done) writeX-IPC nwritten=116 [2010/04/24 15:00:02.880553, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 59 [2010/04/24 15:00:02.880570, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x3b [2010/04/24 15:00:02.880584, 3] smbd/process.c:1485(process_smb) Transaction 7 of length 63 (0 toread) [2010/04/24 15:00:02.880597, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.880606, 5] lib/util.c:627(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=448 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18478 (0x482E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/24 15:00:02.880713, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.880740, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.880757, 6] rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe) name: \netlogon len: 1024 [2010/04/24 15:00:02.880773, 10] rpc_server/srv_pipe_hnd.c:854(read_from_internal_pipe) read_from_pipe: \netlogon: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2010/04/24 15:00:02.880796, 3] smbd/pipes.c:462(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=72 [2010/04/24 15:00:02.881000, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 164 [2010/04/24 15:00:02.881017, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0xa4 [2010/04/24 15:00:02.881031, 3] smbd/process.c:1485(process_smb) Transaction 8 of length 168 (0 toread) [2010/04/24 15:00:02.881044, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.881053, 5] lib/util.c:627(show_msg) size=164 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=512 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18478 (0x482E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 100 (0x64) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 100 (0x64) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=101 [2010/04/24 15:00:02.881168, 10] ../lib/util/util.c:278(_dump_data) [0000] EE 05 00 00 03 10 00 00 00 64 00 00 00 02 00 00 î....... .d...... [0010] 00 4C 00 00 00 00 00 04 00 00 00 02 00 0D 00 00 .L...... ........ [0020] 00 00 00 00 00 0D 00 00 00 5C 00 5C 00 46 00 49 ........ .\.\.F.I [0030] 00 4C 00 45 00 53 00 45 00 52 00 56 00 45 00 52 .L.E.S.E .R.V.E.R [0040] 00 00 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ [0050] 00 50 00 43 00 32 00 37 00 34 00 00 00 E0 B9 5A .P.C.2.7 .4...à¹Z [0060] B9 EE 5F 7E BD ¹î_~½ [2010/04/24 15:00:02.881292, 3] smbd/process.c:1294(switch_message) switch message SMBwriteX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.881306, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.881319, 6] smbd/pipes.c:291(reply_pipe_write_and_X) reply_pipe_write_and_X: 482e name: NETLOGON len: 100 [2010/04/24 15:00:02.881334, 6] rpc_server/srv_pipe_hnd.c:1208(np_write_send) np_write_send: len: 100 [2010/04/24 15:00:02.881348, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 100 [2010/04/24 15:00:02.881361, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 [2010/04/24 15:00:02.881375, 10] rpc_server/srv_pipe_hnd.c:193(fill_rpc_header) fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/24 15:00:02.881389, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/24 15:00:02.881403, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 84 [2010/04/24 15:00:02.881416, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 [2010/04/24 15:00:02.881430, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000002 [2010/04/24 15:00:02.881497, 5] rpc_server/srv_pipe_hnd.c:289(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/24 15:00:02.881521, 10] rpc_server/srv_pipe_hnd.c:318(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/24 15:00:02.881536, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/24 15:00:02.881549, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 84 [2010/04/24 15:00:02.881562, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 [2010/04/24 15:00:02.881576, 10] rpc_server/srv_pipe_hnd.c:537(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/24 15:00:02.881590, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000004c 0004 context_id: 0000 0006 opnum : 0004 [2010/04/24 15:00:02.881622, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 121 [2010/04/24 15:00:02.881639, 5] rpc_server/srv_pipe.c:2366(api_pipe_request) Requested \PIPE\\netlogon [2010/04/24 15:00:02.881654, 4] rpc_server/srv_pipe.c:2403(api_rpcTNP) api_rpcTNP: \netlogon op 0x4 - api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE [2010/04/24 15:00:02.881671, 6] rpc_server/srv_pipe.c:2433(api_rpcTNP) api_rpc_cmds[4].fn == 0x6925630 [2010/04/24 15:00:02.881696, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\FILESERVER' computer_name : * computer_name : 'PC274' credentials : * credentials: struct netr_Credential data : e0b95ab9ee5f7ebd [2010/04/24 15:00:02.901842, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : 1d28c1032dfcf606 result : NT_STATUS_OK [2010/04/24 15:00:02.901898, 5] rpc_server/srv_pipe.c:2468(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2010/04/24 15:00:02.901914, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/24 15:00:02.901928, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 84 [2010/04/24 15:00:02.901951, 3] smbd/pipes.c:352(pipe_write_andx_done) writeX-IPC nwritten=100 [2010/04/24 15:00:02.902170, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 59 [2010/04/24 15:00:02.902187, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x3b [2010/04/24 15:00:02.902201, 3] smbd/process.c:1485(process_smb) Transaction 9 of length 63 (0 toread) [2010/04/24 15:00:02.902215, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.902224, 5] lib/util.c:627(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=576 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18478 (0x482E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/24 15:00:02.902329, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.902343, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.902357, 6] rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe) name: \netlogon len: 1024 [2010/04/24 15:00:02.902385, 10] rpc_server/srv_pipe_hnd.c:875(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2010/04/24 15:00:02.902403, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0024 000a auth_len : 0000 000c call_id : 00000002 [2010/04/24 15:00:02.902473, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000000c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/24 15:00:02.902515, 3] smbd/pipes.c:462(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=36 [2010/04/24 15:00:02.902865, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 196 [2010/04/24 15:00:02.902882, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0xc4 [2010/04/24 15:00:02.902896, 3] smbd/process.c:1485(process_smb) Transaction 10 of length 200 (0 toread) [2010/04/24 15:00:02.902909, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.902918, 5] lib/util.c:627(show_msg) size=196 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=640 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18478 (0x482E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 132 (0x84) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 132 (0x84) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=133 [2010/04/24 15:00:02.903034, 10] ../lib/util/util.c:278(_dump_data) [0000] EE 05 00 00 03 10 00 00 00 84 00 00 00 03 00 00 î....... ........ [0010] 00 6C 00 00 00 00 00 1A 00 00 00 02 00 0D 00 00 .l...... ........ [0020] 00 00 00 00 00 0D 00 00 00 5C 00 5C 00 46 00 49 ........ .\.\.F.I [0030] 00 4C 00 45 00 53 00 45 00 52 00 56 00 45 00 52 .L.E.S.E .R.V.E.R [0040] 00 00 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0050] 00 50 00 43 00 32 00 37 00 34 00 24 00 00 00 02 .P.C.2.7 .4.$.... [0060] 00 06 00 00 00 00 00 00 00 06 00 00 00 50 00 43 ........ .....P.C [0070] 00 32 00 37 00 34 00 00 00 36 21 64 1E 9E A1 0B .2.7.4.. .6!d..¡. [0080] 32 FF FF 2F 61 2ÿÿ/a [2010/04/24 15:00:02.903204, 3] smbd/process.c:1294(switch_message) switch message SMBwriteX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.903219, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.903232, 6] smbd/pipes.c:291(reply_pipe_write_and_X) reply_pipe_write_and_X: 482e name: NETLOGON len: 132 [2010/04/24 15:00:02.903246, 6] rpc_server/srv_pipe_hnd.c:1208(np_write_send) np_write_send: len: 132 [2010/04/24 15:00:02.903260, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 132 [2010/04/24 15:00:02.903274, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 132 [2010/04/24 15:00:02.903288, 10] rpc_server/srv_pipe_hnd.c:193(fill_rpc_header) fill_rpc_header: data_to_copy = 132, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/24 15:00:02.903302, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/24 15:00:02.903315, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 116 [2010/04/24 15:00:02.903329, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 116 [2010/04/24 15:00:02.903343, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0084 000a auth_len : 0000 000c call_id : 00000003 [2010/04/24 15:00:02.903422, 5] rpc_server/srv_pipe_hnd.c:289(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/24 15:00:02.903436, 10] rpc_server/srv_pipe_hnd.c:318(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/24 15:00:02.903450, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/24 15:00:02.903463, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 116 [2010/04/24 15:00:02.903477, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 116, incoming data = 116 [2010/04/24 15:00:02.903491, 10] rpc_server/srv_pipe_hnd.c:537(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/24 15:00:02.903504, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000006c 0004 context_id: 0000 0006 opnum : 001a [2010/04/24 15:00:02.903534, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/24 15:00:02.903548, 5] rpc_server/srv_pipe.c:2366(api_pipe_request) Requested \PIPE\\netlogon [2010/04/24 15:00:02.903562, 4] rpc_server/srv_pipe.c:2403(api_rpcTNP) api_rpcTNP: \netlogon op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2010/04/24 15:00:02.903577, 6] rpc_server/srv_pipe.c:2433(api_rpcTNP) api_rpc_cmds[26].fn == 0x6920a40 [2010/04/24 15:00:02.903601, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\FILESERVER' account_name : * account_name : 'PC274$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'PC274' credentials : * credentials: struct netr_Credential data : 3621641e9ea10b32 negotiate_flags : * negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2010/04/24 15:00:02.903889, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.903905, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.903920, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.903934, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.903947, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.903989, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(uid=PC274$)(objectclass=sambaSamAccount))], scope => [2] [2010/04/24 15:00:02.904994, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pc274$ [2010/04/24 15:00:02.905011, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username pc274$, was [2010/04/24 15:00:02.905027, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:02.905042, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username pc274$, was [2010/04/24 15:00:02.905064, 10] passdb/pdb_get_set.c:550(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:02.905081, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:02.905141, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute displayName does not exist [2010/04/24 15:00:02.905159, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Workstation-Trust-Account, was [2010/04/24 15:00:02.905181, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2010/04/24 15:00:02.905195, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:02.905216, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2010/04/24 15:00:02.905231, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.905249, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\pc274_, was [2010/04/24 15:00:02.905271, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2010/04/24 15:00:02.905288, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\pc274_.bat, was [2010/04/24 15:00:02.905309, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2010/04/24 15:00:02.905323, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.905340, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\pc274_\NTProfile, was [2010/04/24 15:00:02.905362, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute description does not exist [2010/04/24 15:00:02.905383, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2010/04/24 15:00:02.905404, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2010/04/24 15:00:02.905424, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLMPassword does not exist [2010/04/24 15:00:02.905450, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.905465, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:02.905479, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.905505, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.905518, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.905547, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.905579, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.905607, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2010/04/24 15:00:02.905629, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2010/04/24 15:00:02.905650, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2010/04/24 15:00:02.905684, 7] passdb/login_cache.c:87(login_cache_read) Looking up login cache for user pc274$ [2010/04/24 15:00:02.905704, 7] passdb/login_cache.c:103(login_cache_read) No cache entry found [2010/04/24 15:00:02.905718, 9] passdb/pdb_ldap.c:1126(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2010/04/24 15:00:02.905737, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.905751, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:02.905765, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.905778, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.905792, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.905819, 10] lib/gencache.c:345(gencache_get_data_blob) Returning expired cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Sat Apr 24 14:52:11 2010 [2010/04/24 15:00:02.905849, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/maximum password age and timeout = Thu Jan 1 01:00:00 1970 (-1272114002 seconds in the past) [2010/04/24 15:00:02.905888, 10] passdb/pdb_ldap.c:3983(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2010/04/24 15:00:02.905906, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=GYM-OHA,dc=gym-oha,dc=de], filter => [(objectClass=sambaDomain)], scope => [0] [2010/04/24 15:00:02.906420, 10] lib/account_pol.c:396(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2010/04/24 15:00:02.906439, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/maximum password age and timeout = Sat Apr 24 15:01:02 2010 (60 seconds ahead) [2010/04/24 15:00:02.906478, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.906496, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user pc274$ [2010/04/24 15:00:02.906510, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pc274$ [2010/04/24 15:00:02.908171, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [pc274$]! [2010/04/24 15:00:02.908234, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/GID2SID/515 couldn't be found [2010/04/24 15:00:02.908263, 5] passdb/lookup_sid.c:1387(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 515 [2010/04/24 15:00:02.908280, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.908297, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:02.908312, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.908327, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.908355, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.908397, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2010/04/24 15:00:02.909110, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2010/04/24 15:00:02.909156, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.909172, 10] passdb/lookup_sid.c:1182(legacy_gid_to_sid) LEGACY: gid 515 -> sid S-1-5-21-4031555581-2449722753-3032957831-515 [2010/04/24 15:00:02.909194, 10] passdb/pdb_get_set.c:257(pdb_get_group_sid) do lookup_sid(S-1-5-21-4031555581-2449722753-3032957831-515) for group of user S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:02.909214, 10] passdb/lookup_sid.c:965(lookup_sid) lookup_sid called for SID 'S-1-5-21-4031555581-2449722753-3032957831-515' [2010/04/24 15:00:02.909239, 10] passdb/lookup_sid.c:720(check_dom_sid_to_level) Accepting SID S-1-5-21-4031555581-2449722753-3032957831 in level 1 [2010/04/24 15:00:02.909257, 10] passdb/lookup_sid.c:480(lookup_rids) lookup_rids called for domain sid 'S-1-5-21-4031555581-2449722753-3032957831' [2010/04/24 15:00:02.909275, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.909290, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:02.909304, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.909317, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.909331, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.909353, 5] passdb/pdb_interface.c:1473(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2010/04/24 15:00:02.909369, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2010/04/24 15:00:02.909383, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2010/04/24 15:00:02.909397, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/24 15:00:02.909411, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.909424, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.909466, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(sambaSID=S-1-5-21-4031555581-2449722753-3032957831-515)(objectclass=sambaSamAccount))], scope => [2] [2010/04/24 15:00:02.910130, 4] passdb/pdb_ldap.c:1695(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-4031555581-2449722753-3032957831-515] count=0 [2010/04/24 15:00:02.910158, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-4031555581-2449722753-3032957831-515))], scope => [2] [2010/04/24 15:00:02.910829, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2010/04/24 15:00:02.910871, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.910887, 5] passdb/pdb_interface.c:1595(pdb_default_lookup_rids) lookup_rids: Domain Computers:2 [2010/04/24 15:00:02.910904, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.910920, 10] passdb/lookup_sid.c:1000(lookup_sid) Sid S-1-5-21-4031555581-2449722753-3032957831-515 -> GYM-OHA\Domain Computers(2) [2010/04/24 15:00:02.910939, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.910965, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:02.910979, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.910992, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.911006, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.911034, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.911068, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.911092, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username pc274$, was [2010/04/24 15:00:02.911107, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:02.911122, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username pc274$, was [2010/04/24 15:00:02.911139, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Workstation-Trust-Account, was [2010/04/24 15:00:02.911155, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.911176, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\pc274_, was [2010/04/24 15:00:02.911192, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:02.911209, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\pc274_.bat, was [2010/04/24 15:00:02.911225, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.911242, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\pc274_\NTProfile, was [2010/04/24 15:00:02.911258, 10] passdb/pdb_get_set.c:813(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/24 15:00:02.911274, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.911289, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:02.911303, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.911317, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.911330, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.911356, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.911387, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.911403, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:02.911420, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 from rid 3548 [2010/04/24 15:00:02.911444, 10] passdb/pdb_get_set.c:595(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-4031555581-2449722753-3032957831-515 [2010/04/24 15:00:02.911465, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.911481, 5] ../lib/util/util.c:278(_dump_data) [0000] C1 35 14 6C 52 37 F3 4B E9 D4 E1 C3 E6 D2 22 C1 Á5.lR7óK éÔáÃæÒ"Á [2010/04/24 15:00:02.911612, 2] ../libcli/auth/credentials.c:306(netlogon_creds_server_check_internal) credentials check failed [2010/04/24 15:00:02.911628, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client PC274 machine account PC274$ [2010/04/24 15:00:02.911726, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 out: struct netr_ServerAuthenticate3 return_credentials : * return_credentials: struct netr_Credential data : 0000000000000000 negotiate_flags : * negotiate_flags : 0x400241ff (1073889791) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 0: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC rid : * rid : 0x00000000 (0) result : NT_STATUS_ACCESS_DENIED [2010/04/24 15:00:02.911979, 5] rpc_server/srv_pipe.c:2468(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2010/04/24 15:00:02.912012, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/24 15:00:02.912029, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 116 [2010/04/24 15:00:02.912061, 3] smbd/pipes.c:352(pipe_write_andx_done) writeX-IPC nwritten=132 [2010/04/24 15:00:02.912258, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 59 [2010/04/24 15:00:02.912277, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x3b [2010/04/24 15:00:02.912291, 3] smbd/process.c:1485(process_smb) Transaction 11 of length 63 (0 toread) [2010/04/24 15:00:02.912306, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.912315, 5] lib/util.c:627(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=704 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18478 (0x482E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/24 15:00:02.912424, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.912440, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.912457, 6] rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe) name: \netlogon len: 1024 [2010/04/24 15:00:02.912484, 10] rpc_server/srv_pipe_hnd.c:875(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 20. [2010/04/24 15:00:02.912501, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000003 [2010/04/24 15:00:02.912573, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000014 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/24 15:00:02.912616, 3] smbd/pipes.c:462(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=44 [2010/04/24 15:00:02.912902, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 164 [2010/04/24 15:00:02.912920, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0xa4 [2010/04/24 15:00:02.912934, 3] smbd/process.c:1485(process_smb) Transaction 12 of length 168 (0 toread) [2010/04/24 15:00:02.912948, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.912957, 5] lib/util.c:627(show_msg) size=164 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=768 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18478 (0x482E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 100 (0x64) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 100 (0x64) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=101 [2010/04/24 15:00:02.913072, 10] ../lib/util/util.c:278(_dump_data) [0000] EE 05 00 00 03 10 00 00 00 64 00 00 00 04 00 00 î....... .d...... [0010] 00 4C 00 00 00 00 00 04 00 00 00 02 00 0D 00 00 .L...... ........ [0020] 00 00 00 00 00 0D 00 00 00 5C 00 5C 00 46 00 49 ........ .\.\.F.I [0030] 00 4C 00 45 00 53 00 45 00 52 00 56 00 45 00 52 .L.E.S.E .R.V.E.R [0040] 00 00 00 00 00 06 00 00 00 00 00 00 00 06 00 00 ........ ........ [0050] 00 50 00 43 00 32 00 37 00 34 00 00 00 E0 B9 5A .P.C.2.7 .4...à¹Z [0060] B9 EE 5F 7E BD ¹î_~½ [2010/04/24 15:00:02.913197, 3] smbd/process.c:1294(switch_message) switch message SMBwriteX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.913212, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.913226, 6] smbd/pipes.c:291(reply_pipe_write_and_X) reply_pipe_write_and_X: 482e name: NETLOGON len: 100 [2010/04/24 15:00:02.913242, 6] rpc_server/srv_pipe_hnd.c:1208(np_write_send) np_write_send: len: 100 [2010/04/24 15:00:02.913257, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 100 [2010/04/24 15:00:02.913271, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 100 [2010/04/24 15:00:02.913286, 10] rpc_server/srv_pipe_hnd.c:193(fill_rpc_header) fill_rpc_header: data_to_copy = 100, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/24 15:00:02.913301, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/24 15:00:02.913315, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 84 [2010/04/24 15:00:02.913328, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 84 [2010/04/24 15:00:02.913343, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0064 000a auth_len : 0000 000c call_id : 00000004 [2010/04/24 15:00:02.913422, 5] rpc_server/srv_pipe_hnd.c:289(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/24 15:00:02.913437, 10] rpc_server/srv_pipe_hnd.c:318(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/24 15:00:02.913451, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/24 15:00:02.913465, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 84 [2010/04/24 15:00:02.913478, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 84, incoming data = 84 [2010/04/24 15:00:02.913493, 10] rpc_server/srv_pipe_hnd.c:537(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/24 15:00:02.913507, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000004c 0004 context_id: 0000 0006 opnum : 0004 [2010/04/24 15:00:02.913538, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/24 15:00:02.913552, 5] rpc_server/srv_pipe.c:2366(api_pipe_request) Requested \PIPE\\netlogon [2010/04/24 15:00:02.913567, 4] rpc_server/srv_pipe.c:2403(api_rpcTNP) api_rpcTNP: \netlogon op 0x4 - api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE [2010/04/24 15:00:02.913584, 6] rpc_server/srv_pipe.c:2433(api_rpcTNP) api_rpc_cmds[4].fn == 0x6925630 [2010/04/24 15:00:02.913605, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge in: struct netr_ServerReqChallenge server_name : * server_name : '\\FILESERVER' computer_name : * computer_name : 'PC274' credentials : * credentials: struct netr_Credential data : e0b95ab9ee5f7ebd [2010/04/24 15:00:02.913672, 10] rpc_server/srv_netlog_nt.c:554(_netr_ServerReqChallenge) _netr_ServerReqChallenge: new challenge requested. Clearing old state. [2010/04/24 15:00:02.913693, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_ServerReqChallenge: struct netr_ServerReqChallenge out: struct netr_ServerReqChallenge return_credentials : * return_credentials: struct netr_Credential data : f9b219a9586dca66 result : NT_STATUS_OK [2010/04/24 15:00:02.913741, 5] rpc_server/srv_pipe.c:2468(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2010/04/24 15:00:02.913757, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/24 15:00:02.913772, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 84 [2010/04/24 15:00:02.913795, 3] smbd/pipes.c:352(pipe_write_andx_done) writeX-IPC nwritten=100 [2010/04/24 15:00:02.913999, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 59 [2010/04/24 15:00:02.914017, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x3b [2010/04/24 15:00:02.914031, 3] smbd/process.c:1485(process_smb) Transaction 13 of length 63 (0 toread) [2010/04/24 15:00:02.914045, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.914054, 5] lib/util.c:627(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=832 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18478 (0x482E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/24 15:00:02.914174, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.914189, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.914203, 6] rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe) name: \netlogon len: 1024 [2010/04/24 15:00:02.914218, 10] rpc_server/srv_pipe_hnd.c:875(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2010/04/24 15:00:02.914234, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0024 000a auth_len : 0000 000c call_id : 00000004 [2010/04/24 15:00:02.914302, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000000c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/24 15:00:02.914344, 3] smbd/pipes.c:462(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=36 [2010/04/24 15:00:02.914649, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 196 [2010/04/24 15:00:02.914666, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0xc4 [2010/04/24 15:00:02.914680, 3] smbd/process.c:1485(process_smb) Transaction 14 of length 200 (0 toread) [2010/04/24 15:00:02.914694, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.914703, 5] lib/util.c:627(show_msg) size=196 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=896 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18478 (0x482E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 132 (0x84) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 132 (0x84) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=133 [2010/04/24 15:00:02.914820, 10] ../lib/util/util.c:278(_dump_data) [0000] EE 05 00 00 03 10 00 00 00 84 00 00 00 05 00 00 î....... ........ [0010] 00 6C 00 00 00 00 00 1A 00 00 00 02 00 0D 00 00 .l...... ........ [0020] 00 00 00 00 00 0D 00 00 00 5C 00 5C 00 46 00 49 ........ .\.\.F.I [0030] 00 4C 00 45 00 53 00 45 00 52 00 56 00 45 00 52 .L.E.S.E .R.V.E.R [0040] 00 00 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0050] 00 50 00 43 00 32 00 37 00 34 00 24 00 00 00 02 .P.C.2.7 .4.$.... [0060] 00 06 00 00 00 00 00 00 00 06 00 00 00 50 00 43 ........ .....P.C [0070] 00 32 00 37 00 34 00 00 00 0E F9 FE E4 6F F0 81 .2.7.4.. ..ùþäoð. [0080] D2 FF FF 2F 61 Òÿÿ/a [2010/04/24 15:00:02.914981, 3] smbd/process.c:1294(switch_message) switch message SMBwriteX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.914996, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.915009, 6] smbd/pipes.c:291(reply_pipe_write_and_X) reply_pipe_write_and_X: 482e name: NETLOGON len: 132 [2010/04/24 15:00:02.915024, 6] rpc_server/srv_pipe_hnd.c:1208(np_write_send) np_write_send: len: 132 [2010/04/24 15:00:02.915038, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 132 [2010/04/24 15:00:02.915051, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 132 [2010/04/24 15:00:02.915066, 10] rpc_server/srv_pipe_hnd.c:193(fill_rpc_header) fill_rpc_header: data_to_copy = 132, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/24 15:00:02.915090, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/24 15:00:02.915104, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 116 [2010/04/24 15:00:02.915118, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 116 [2010/04/24 15:00:02.915132, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0084 000a auth_len : 0000 000c call_id : 00000005 [2010/04/24 15:00:02.915201, 5] rpc_server/srv_pipe_hnd.c:289(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/24 15:00:02.915215, 10] rpc_server/srv_pipe_hnd.c:318(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/24 15:00:02.915229, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/24 15:00:02.915242, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 116 [2010/04/24 15:00:02.915256, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 116, incoming data = 116 [2010/04/24 15:00:02.915270, 10] rpc_server/srv_pipe_hnd.c:537(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/24 15:00:02.915283, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000006c 0004 context_id: 0000 0006 opnum : 001a [2010/04/24 15:00:02.915313, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/24 15:00:02.915327, 5] rpc_server/srv_pipe.c:2366(api_pipe_request) Requested \PIPE\\netlogon [2010/04/24 15:00:02.915341, 4] rpc_server/srv_pipe.c:2403(api_rpcTNP) api_rpcTNP: \netlogon op 0x1a - api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE3 [2010/04/24 15:00:02.915357, 6] rpc_server/srv_pipe.c:2433(api_rpcTNP) api_rpc_cmds[26].fn == 0x6920a40 [2010/04/24 15:00:02.915377, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 in: struct netr_ServerAuthenticate3 server_name : * server_name : '\\FILESERVER' account_name : * account_name : 'PC274$' secure_channel_type : SEC_CHAN_WKSTA (2) computer_name : * computer_name : 'PC274' credentials : * credentials: struct netr_Credential data : 0ef9fee46ff081d2 negotiate_flags : * negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC [2010/04/24 15:00:02.915654, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.915670, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.915684, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.915697, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.915711, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.915751, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(uid=PC274$)(objectclass=sambaSamAccount))], scope => [2] [2010/04/24 15:00:02.916492, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pc274$ [2010/04/24 15:00:02.916509, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username pc274$, was [2010/04/24 15:00:02.916524, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:02.916538, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username pc274$, was [2010/04/24 15:00:02.916560, 10] passdb/pdb_get_set.c:550(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:02.916576, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:02.916636, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute displayName does not exist [2010/04/24 15:00:02.916654, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Workstation-Trust-Account, was [2010/04/24 15:00:02.916676, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2010/04/24 15:00:02.916690, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:02.916711, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2010/04/24 15:00:02.916726, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.916744, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\pc274_, was [2010/04/24 15:00:02.916766, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2010/04/24 15:00:02.916783, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\pc274_.bat, was [2010/04/24 15:00:02.916805, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2010/04/24 15:00:02.916820, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.916837, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\pc274_\NTProfile, was [2010/04/24 15:00:02.916858, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute description does not exist [2010/04/24 15:00:02.916879, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2010/04/24 15:00:02.916900, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2010/04/24 15:00:02.916933, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLMPassword does not exist [2010/04/24 15:00:02.916959, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.916974, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:02.916988, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.917002, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.917015, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.917044, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.917075, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.917103, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2010/04/24 15:00:02.917125, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2010/04/24 15:00:02.917146, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2010/04/24 15:00:02.917175, 7] passdb/login_cache.c:87(login_cache_read) Looking up login cache for user pc274$ [2010/04/24 15:00:02.917193, 7] passdb/login_cache.c:103(login_cache_read) No cache entry found [2010/04/24 15:00:02.917207, 9] passdb/pdb_ldap.c:1126(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2010/04/24 15:00:02.917225, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.917239, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:02.917253, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.917267, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.917279, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.917304, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.917334, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.917351, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user pc274$ [2010/04/24 15:00:02.917364, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pc274$ [2010/04/24 15:00:02.917380, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [pc274$]! [2010/04/24 15:00:02.917396, 10] passdb/pdb_get_set.c:257(pdb_get_group_sid) do lookup_sid(S-1-5-21-4031555581-2449722753-3032957831-515) for group of user S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:02.917416, 10] passdb/lookup_sid.c:965(lookup_sid) lookup_sid called for SID 'S-1-5-21-4031555581-2449722753-3032957831-515' [2010/04/24 15:00:02.917439, 10] passdb/lookup_sid.c:720(check_dom_sid_to_level) Accepting SID S-1-5-21-4031555581-2449722753-3032957831 in level 1 [2010/04/24 15:00:02.917457, 10] passdb/lookup_sid.c:480(lookup_rids) lookup_rids called for domain sid 'S-1-5-21-4031555581-2449722753-3032957831' [2010/04/24 15:00:02.917474, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.917488, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:02.917502, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.917515, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.917539, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.917561, 5] passdb/pdb_interface.c:1473(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2010/04/24 15:00:02.917576, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2010/04/24 15:00:02.917590, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2010/04/24 15:00:02.917604, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/24 15:00:02.917617, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.917630, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.917666, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(sambaSID=S-1-5-21-4031555581-2449722753-3032957831-515)(objectclass=sambaSamAccount))], scope => [2] [2010/04/24 15:00:02.918366, 4] passdb/pdb_ldap.c:1695(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-4031555581-2449722753-3032957831-515] count=0 [2010/04/24 15:00:02.918395, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-4031555581-2449722753-3032957831-515))], scope => [2] [2010/04/24 15:00:02.918966, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2010/04/24 15:00:02.919007, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.919023, 5] passdb/pdb_interface.c:1595(pdb_default_lookup_rids) lookup_rids: Domain Computers:2 [2010/04/24 15:00:02.919041, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.919056, 10] passdb/lookup_sid.c:1000(lookup_sid) Sid S-1-5-21-4031555581-2449722753-3032957831-515 -> GYM-OHA\Domain Computers(2) [2010/04/24 15:00:02.919075, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.919090, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:02.919103, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.919117, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.919130, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.919156, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.919187, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.919207, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username pc274$, was [2010/04/24 15:00:02.919221, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:02.919235, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username pc274$, was [2010/04/24 15:00:02.919249, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Workstation-Trust-Account, was [2010/04/24 15:00:02.919264, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.919281, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\pc274_, was [2010/04/24 15:00:02.919296, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:02.919313, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\pc274_.bat, was [2010/04/24 15:00:02.919339, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.919357, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\pc274_\NTProfile, was [2010/04/24 15:00:02.919372, 10] passdb/pdb_get_set.c:813(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/24 15:00:02.919387, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.919400, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:02.919414, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:02.919428, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.919441, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.919466, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.919495, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.919511, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:02.919526, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 from rid 3548 [2010/04/24 15:00:02.919550, 10] passdb/pdb_get_set.c:595(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-4031555581-2449722753-3032957831-515 [2010/04/24 15:00:02.919572, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.919587, 5] ../lib/util/util.c:278(_dump_data) [0000] C1 35 14 6C 52 37 F3 4B E9 D4 E1 C3 E6 D2 22 C1 Á5.lR7óK éÔáÃæÒ"Á [2010/04/24 15:00:02.919704, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.919720, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.919733, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.919747, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.919760, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.919853, 3] ../libcli/auth/schannel_state_tdb.c:68(schannel_store_session_key_tdb) schannel_store_session_key_tdb: stored schannel info with key SECRETS/SCHANNEL/PC274 [2010/04/24 15:00:02.919869, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) creds: struct netlogon_creds_CredentialState negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC session_key : 042a72287d4e6f18c08d439716f1667d sequence : 0x00000000 (0) seed: struct netr_Credential data : 0ef9fee46ff081d2 client: struct netr_Credential data : 0ef9fee46ff081d2 server: struct netr_Credential data : a87174eb463138d0 secure_channel_type : SEC_CHAN_WKSTA (0x2) computer_name : 'PC274' account_name : 'PC274$' sid : * sid : S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:02.920173, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.920192, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_ServerAuthenticate3: struct netr_ServerAuthenticate3 out: struct netr_ServerAuthenticate3 return_credentials : * return_credentials: struct netr_Credential data : a87174eb463138d0 negotiate_flags : * negotiate_flags : 0x400241ff (1073889791) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 0: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC rid : * rid : 0x00000ddc (3548) result : NT_STATUS_OK [2010/04/24 15:00:02.920436, 5] rpc_server/srv_pipe.c:2468(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2010/04/24 15:00:02.920462, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 1169 [2010/04/24 15:00:02.920478, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 116 [2010/04/24 15:00:02.920504, 3] smbd/pipes.c:352(pipe_write_andx_done) writeX-IPC nwritten=132 [2010/04/24 15:00:02.920692, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 59 [2010/04/24 15:00:02.920710, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x3b [2010/04/24 15:00:02.920724, 3] smbd/process.c:1485(process_smb) Transaction 15 of length 63 (0 toread) [2010/04/24 15:00:02.920738, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.920757, 5] lib/util.c:627(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=960 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18478 (0x482E) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/24 15:00:02.920866, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.920881, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.920897, 6] rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe) name: \netlogon len: 1024 [2010/04/24 15:00:02.920911, 10] rpc_server/srv_pipe_hnd.c:875(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 20. [2010/04/24 15:00:02.920927, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000005 [2010/04/24 15:00:02.920997, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000014 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/24 15:00:02.921038, 3] smbd/pipes.c:462(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=44 [2010/04/24 15:00:02.921437, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 104 [2010/04/24 15:00:02.921454, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x68 [2010/04/24 15:00:02.921468, 3] smbd/process.c:1485(process_smb) Transaction 16 of length 108 (0 toread) [2010/04/24 15:00:02.921482, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.921491, 5] lib/util.c:627(show_msg) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=440 smb_uid=100 smb_mid=1024 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16896 (0x4200) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2010/04/24 15:00:02.921648, 10] ../lib/util/util.c:278(_dump_data) [0000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [0010] 00 4E 00 00 00 .N... [2010/04/24 15:00:02.921687, 3] smbd/process.c:1294(switch_message) switch message SMBntcreateX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.921701, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.921719, 10] smbd/nttrans.c:498(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x420040 root_dir_fid = 0x0, fname = NETLOGON [2010/04/24 15:00:02.921737, 4] smbd/nttrans.c:283(nt_open_pipe) nt_open_pipe: Opening pipe \NETLOGON. [2010/04/24 15:00:02.921755, 5] smbd/files.c:119(file_new) allocated file structure 14383, fnum = 18479 (2 used) [2010/04/24 15:00:02.921774, 4] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) Create pipe requested \netlogon [2010/04/24 15:00:02.921802, 10] rpc_server/srv_lsa_hnd.c:131(init_pipe_handle_list) init_pipe_handles: pipe_handles ref count = 2 for pipe \netlogon [2010/04/24 15:00:02.921822, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.921837, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.921851, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.921864, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.921878, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.921905, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.921937, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.921956, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username nobody, was [2010/04/24 15:00:02.921970, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:02.921985, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username , was [2010/04/24 15:00:02.921998, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Nobody, was [2010/04/24 15:00:02.922013, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.922031, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\nobody, was [2010/04/24 15:00:02.922046, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:02.922062, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\nobody.bat, was [2010/04/24 15:00:02.922077, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:02.922094, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\nobody\NTProfile, was [2010/04/24 15:00:02.922109, 10] passdb/pdb_get_set.c:813(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/24 15:00:02.922123, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.922138, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.922152, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.922165, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.922178, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.922205, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:02.922235, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.922250, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-501 [2010/04/24 15:00:02.922267, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-501 from rid 501 [2010/04/24 15:00:02.922290, 10] passdb/pdb_get_set.c:595(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-4031555581-2449722753-3032957831-513 [2010/04/24 15:00:02.922307, 4] rpc_server/srv_pipe_hnd.c:162(make_internal_rpc_pipe_p) Created internal pipe \netlogon (pipes_open=0) [2010/04/24 15:00:02.922332, 5] smbd/nttrans.c:372(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \NETLOGON [2010/04/24 15:00:02.922686, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 173 [2010/04/24 15:00:02.922704, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0xad [2010/04/24 15:00:02.922718, 3] smbd/process.c:1485(process_smb) Transaction 17 of length 177 (0 toread) [2010/04/24 15:00:02.922732, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.922741, 5] lib/util.c:627(show_msg) size=173 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1088 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18479 (0x482F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 109 (0x6D) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 109 (0x6D) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=110 [2010/04/24 15:00:02.922857, 10] ../lib/util/util.c:278(_dump_data) [0000] EE 05 00 0B 07 10 00 00 00 6D 00 1D 00 06 00 00 î....... .m...... [0010] 00 B8 10 B8 10 F0 53 00 00 01 00 00 00 00 00 01 .¸.¸.ðS. ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.Í «ï..#EgÏ [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 û.....]. .ë.É..è. [0040] 00 2B 10 48 60 02 00 00 00 44 06 00 00 00 00 00 .+.H`... .D...... [0050] 00 00 00 00 00 13 00 00 00 47 59 4D 2D 4F 48 41 ........ .GYM-OHA [0060] 00 50 43 32 37 34 00 05 50 43 32 37 34 00 .PC274.. PC274. [2010/04/24 15:00:02.922984, 3] smbd/process.c:1294(switch_message) switch message SMBwriteX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.922998, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.923013, 6] smbd/pipes.c:291(reply_pipe_write_and_X) reply_pipe_write_and_X: 482f name: NETLOGON len: 109 [2010/04/24 15:00:02.923028, 6] rpc_server/srv_pipe_hnd.c:1208(np_write_send) np_write_send: len: 109 [2010/04/24 15:00:02.923042, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 109 [2010/04/24 15:00:02.923057, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 109 [2010/04/24 15:00:02.923071, 10] rpc_server/srv_pipe_hnd.c:193(fill_rpc_header) fill_rpc_header: data_to_copy = 109, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/24 15:00:02.923086, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/24 15:00:02.923100, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 93 [2010/04/24 15:00:02.923113, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 93 [2010/04/24 15:00:02.923127, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 07 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006d 000a auth_len : 001d 000c call_id : 00000006 [2010/04/24 15:00:02.923197, 5] rpc_server/srv_pipe_hnd.c:289(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/24 15:00:02.923210, 10] rpc_server/srv_pipe_hnd.c:318(unmarshall_rpc_header) unmarshall_rpc_header: type = 11, flags = 7 [2010/04/24 15:00:02.923225, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/24 15:00:02.923238, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 93 [2010/04/24 15:00:02.923252, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 93, incoming data = 93 [2010/04/24 15:00:02.923277, 10] rpc_server/srv_pipe_hnd.c:537(process_complete_pdu) process_complete_pdu: processing packet type 11 [2010/04/24 15:00:02.923295, 5] rpc_server/srv_pipe.c:1641(api_pipe_bind_req) api_pipe_bind_req: decode request. 1641 [2010/04/24 15:00:02.923310, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_rb [2010/04/24 15:00:02.923324, 6] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 0008 num_contexts: 01 000c context_id : 0000 000e num_transfer_syntaxes: 01 [2010/04/24 15:00:02.923369, 6] rpc_parse/parse_prs.c:89(prs_debug) 00000f smb_io_rpc_iface [2010/04/24 15:00:02.923384, 7] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_uuid uuid 0010 data : 12345678 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 cf fb 0020 version: 00000001 [2010/04/24 15:00:02.923433, 6] rpc_parse/parse_prs.c:89(prs_debug) 000024 smb_io_rpc_iface [2010/04/24 15:00:02.923447, 7] rpc_parse/parse_prs.c:89(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 [2010/04/24 15:00:02.923494, 3] rpc_server/srv_pipe.c:1667(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2010/04/24 15:00:02.923509, 5] rpc_server/srv_pipe.c:1717(api_pipe_bind_req) api_pipe_bind_req: make response. 1717 [2010/04/24 15:00:02.923523, 5] rpc_parse/parse_prs.c:89(prs_debug) 000038 smb_io_rpc_hdr_auth 0038 auth_type : 44 0039 auth_level : 06 003a auth_pad_len : 00 003b auth_reserved: 00 003c auth_context_id: 00000000 [2010/04/24 15:00:02.923572, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &neg: struct NL_AUTH_MESSAGE MessageType : NL_NEGOTIATE_REQUEST (0x0) Flags : 0x00000013 (19) 1: NL_FLAG_OEM_NETBIOS_DOMAIN_NAME 1: NL_FLAG_OEM_NETBIOS_COMPUTER_NAME 0: NL_FLAG_UTF8_DNS_DOMAIN_NAME 0: NL_FLAG_UTF8_DNS_HOST_NAME 1: NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME oem_netbios_domain : 'GYM-OHA' oem_netbios_computer : 'PC274' utf8_netbios_computer : 'PC274' [2010/04/24 15:00:02.924015, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.924031, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:02.924045, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:02.924058, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:02.924071, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:02.924129, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) creds: struct netlogon_creds_CredentialState negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC session_key : 042a72287d4e6f18c08d439716f1667d sequence : 0x00000000 (0) seed: struct netr_Credential data : 0ef9fee46ff081d2 client: struct netr_Credential data : 0ef9fee46ff081d2 server: struct netr_Credential data : a87174eb463138d0 secure_channel_type : SEC_CHAN_WKSTA (0x2) computer_name : 'PC274' account_name : 'PC274$' sid : * sid : S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:02.924423, 3] ../libcli/auth/schannel_state_tdb.c:132(schannel_fetch_session_key_tdb) schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/PC274 [2010/04/24 15:00:02.924449, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:02.924468, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_auth 0000 auth_type : 44 0001 auth_level : 06 0002 auth_pad_len : 08 0003 auth_reserved: 00 0004 auth_context_id: 00000001 [2010/04/24 15:00:02.924511, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &reply: struct NL_AUTH_MESSAGE MessageType : NL_NEGOTIATE_RESPONSE (0x1) Flags : 0x00000000 (0) 0: NL_FLAG_OEM_NETBIOS_DOMAIN_NAME 0: NL_FLAG_OEM_NETBIOS_COMPUTER_NAME 0: NL_FLAG_UTF8_DNS_DOMAIN_NAME 0: NL_FLAG_UTF8_DNS_HOST_NAME 0: NL_FLAG_UTF8_NETBIOS_COMPUTER_NAME Buffer : 0x00000005 (5) [2010/04/24 15:00:02.924577, 10] rpc_server/srv_pipe.c:1498(pipe_schannel_auth_bind) pipe_schannel_auth_bind: schannel auth: domain [GYM-OHA] myname [PC274] [2010/04/24 15:00:02.924592, 3] rpc_server/srv_pipe.c:998(check_bind_req) check_bind_req for \netlogon checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon [2010/04/24 15:00:02.924640, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_ba [2010/04/24 15:00:02.924655, 6] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 [2010/04/24 15:00:02.924685, 6] rpc_parse/parse_prs.c:89(prs_debug) 000008 smb_io_rpc_addr_str 0008 len: 000f 000a str: \PIPE\netlogon. [2010/04/24 15:00:02.924716, 6] rpc_parse/parse_prs.c:89(prs_debug) 000019 smb_io_rpc_results 001c num_results: 01 0020 result : 0000 0022 reason : 0000 [2010/04/24 15:00:02.924746, 6] rpc_parse/parse_prs.c:89(prs_debug) 000024 smb_io_rpc_iface [2010/04/24 15:00:02.924760, 7] rpc_parse/parse_prs.c:89(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 [2010/04/24 15:00:02.924810, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 005c 000a auth_len : 000c 000c call_id : 00000006 [2010/04/24 15:00:02.924891, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 93 [2010/04/24 15:00:02.924919, 3] smbd/pipes.c:352(pipe_write_andx_done) writeX-IPC nwritten=109 [2010/04/24 15:00:02.925133, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 59 [2010/04/24 15:00:02.925150, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x3b [2010/04/24 15:00:02.925165, 3] smbd/process.c:1485(process_smb) Transaction 18 of length 63 (0 toread) [2010/04/24 15:00:02.925179, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.925188, 5] lib/util.c:627(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1152 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18479 (0x482F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/24 15:00:02.925295, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.925308, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.925323, 6] rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe) name: \netlogon len: 1024 [2010/04/24 15:00:02.925339, 10] rpc_server/srv_pipe_hnd.c:854(read_from_internal_pipe) read_from_pipe: \netlogon: current_pdu_len = 92, current_pdu_sent = 0 returning 92 bytes. [2010/04/24 15:00:02.925360, 3] smbd/pipes.c:462(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=92 [2010/04/24 15:00:02.925632, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 264 [2010/04/24 15:00:02.925649, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x108 [2010/04/24 15:00:02.925663, 3] smbd/process.c:1485(process_smb) Transaction 19 of length 268 (0 toread) [2010/04/24 15:00:02.925677, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.925686, 5] lib/util.c:627(show_msg) size=264 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1216 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18479 (0x482F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 200 (0xC8) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 200 (0xC8) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=201 [2010/04/24 15:00:02.925800, 10] ../lib/util/util.c:278(_dump_data) [0000] EE 05 00 00 03 10 00 00 00 C8 00 38 00 06 00 00 î....... .È.8.... [0010] 00 70 00 00 00 00 00 15 00 DE 0A 6B 7E ED 44 8C .p...... .Þ.k~íD. [0020] 1F 50 71 D5 D6 8A FF 20 CC 8A C6 E1 CC B2 4F 0D .PqÕÖ.ÿ Ì.Æá̲O. [0030] D3 28 D3 72 FB 2D 7C EB A4 0D D8 2E 55 3B DC F9 Ó(Órû-|ë ¤.Ø.U;Üù [0040] 01 F3 BD 0C BE 82 04 5E B7 8C B0 78 61 A6 3C 1C .ó½.¾..^ ·.°xa¦<. [0050] 1A 51 52 BD 1E 24 B8 75 A2 2D FE 78 45 1C AF 80 .QR½.$¸u ¢-þxE.¯. [0060] 3F F2 D4 0D F4 2F 69 ED 98 83 8C 97 4A 14 23 BC ?òÔ.ô/ií ....J.#¼ [0070] EE 51 53 1E AB 80 53 A7 A5 08 BF A8 AD 62 C9 5A îQS.«.S§ ¥.¿¨­bÉZ [0080] 0E 4C A6 24 1E 98 12 1B FB 44 06 00 00 00 00 00 .L¦$.... ûD...... [0090] 00 77 00 7A 00 FF FF 00 00 82 D8 DE 98 53 62 E0 .w.z.ÿÿ. ..ØÞ.Sbà [00A0] 88 BD A5 08 C1 1B 6E 6E 04 A3 3A 89 61 C6 5A D1 .½¥.Á.nn .£:.aÆZÑ [00B0] 85 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 ........ . [2010/04/24 15:00:02.926035, 3] smbd/process.c:1294(switch_message) switch message SMBwriteX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.926050, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.926063, 6] smbd/pipes.c:291(reply_pipe_write_and_X) reply_pipe_write_and_X: 482f name: NETLOGON len: 200 [2010/04/24 15:00:02.926078, 6] rpc_server/srv_pipe_hnd.c:1208(np_write_send) np_write_send: len: 200 [2010/04/24 15:00:02.926092, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 200 [2010/04/24 15:00:02.926105, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 200 [2010/04/24 15:00:02.926119, 10] rpc_server/srv_pipe_hnd.c:193(fill_rpc_header) fill_rpc_header: data_to_copy = 200, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/24 15:00:02.926133, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/24 15:00:02.926147, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 184 [2010/04/24 15:00:02.926160, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 184 [2010/04/24 15:00:02.926174, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00c8 000a auth_len : 0038 000c call_id : 00000006 [2010/04/24 15:00:02.926241, 5] rpc_server/srv_pipe_hnd.c:289(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/24 15:00:02.926255, 10] rpc_server/srv_pipe_hnd.c:318(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/24 15:00:02.926269, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/24 15:00:02.926283, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 184 [2010/04/24 15:00:02.926296, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 184, incoming data = 184 [2010/04/24 15:00:02.926310, 10] rpc_server/srv_pipe_hnd.c:537(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/24 15:00:02.926324, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000070 0004 context_id: 0000 0006 opnum : 0015 [2010/04/24 15:00:02.926353, 5] rpc_server/srv_pipe.c:2228(api_pipe_schannel_process) data 112 auth 56 [2010/04/24 15:00:02.926368, 5] rpc_parse/parse_prs.c:89(prs_debug) 000078 smb_io_rpc_hdr_auth hdr_auth 0078 auth_type : 44 0079 auth_level : 06 007a auth_pad_len : 00 007b auth_reserved: 00 007c auth_context_id: 00000000 [2010/04/24 15:00:02.926409, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &r: struct NL_AUTH_SIGNATURE SignatureAlgorithm : NL_SIGN_HMAC_MD5 (0x77) SealAlgorithm : NL_SEAL_RC4 (0x7A) Pad : 0xffff (65535) Flags : 0x0000 (0) SequenceNumber : 82d8de985362e088 Checksum : bda508c11b6e6e04 Confounder : a33a8961c65ad185 [2010/04/24 15:00:02.926504, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 73 [2010/04/24 15:00:02.926520, 5] rpc_server/srv_pipe.c:2366(api_pipe_request) Requested \PIPE\\netlogon [2010/04/24 15:00:02.926535, 4] rpc_server/srv_pipe.c:2403(api_rpcTNP) api_rpcTNP: \netlogon op 0x15 - api_rpcTNP: rpc command: NETR_LOGONGETCAPABILITIES [2010/04/24 15:00:02.926551, 6] rpc_server/srv_pipe.c:2433(api_rpcTNP) api_rpc_cmds[21].fn == 0x6921ac0 [2010/04/24 15:00:02.926585, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_LogonGetCapabilities: struct netr_LogonGetCapabilities in: struct netr_LogonGetCapabilities server_name : * server_name : '\\FILESERVER' computer_name : * computer_name : 'PC274' credential : * credential: struct netr_Authenticator cred: struct netr_Credential data : 9094040d270f948a timestamp : Sa 24 Apr 2010 15:00:02 MEST MEST return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 0000000000000000 timestamp : (time_t)0 query_level : 0x00000001 (1) [2010/04/24 15:00:02.926719, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_LogonGetCapabilities: struct netr_LogonGetCapabilities out: struct netr_LogonGetCapabilities return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 0000000000000000 timestamp : (time_t)0 capabilities : * capabilities : union netr_Capabilities(case 1) server_capabilities : 0x00000000 (0) 0: NETLOGON_NEG_ACCOUNT_LOCKOUT 0: NETLOGON_NEG_PERSISTENT_SAMREPL 0: NETLOGON_NEG_ARCFOUR 0: NETLOGON_NEG_PROMOTION_COUNT 0: NETLOGON_NEG_CHANGELOG_BDC 0: NETLOGON_NEG_FULL_SYNC_REPL 0: NETLOGON_NEG_MULTIPLE_SIDS 0: NETLOGON_NEG_REDO 0: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 0: NETLOGON_NEG_STRONG_KEYS 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 0: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 0: NETLOGON_NEG_SUPPORTS_AES 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 0: NETLOGON_NEG_AUTHENTICATED_RPC result : NT_STATUS_NOT_IMPLEMENTED [2010/04/24 15:00:02.926975, 5] rpc_server/srv_pipe.c:2468(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2010/04/24 15:00:02.926990, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/24 15:00:02.927005, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 184 [2010/04/24 15:00:02.927031, 3] smbd/pipes.c:352(pipe_write_andx_done) writeX-IPC nwritten=200 [2010/04/24 15:00:02.927229, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 59 [2010/04/24 15:00:02.927247, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x3b [2010/04/24 15:00:02.927261, 3] smbd/process.c:1485(process_smb) Transaction 20 of length 63 (0 toread) [2010/04/24 15:00:02.927285, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:02.927295, 5] lib/util.c:627(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1280 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18479 (0x482F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/24 15:00:02.927402, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:02.927416, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:02.927430, 6] rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe) name: \netlogon len: 1024 [2010/04/24 15:00:02.927444, 10] rpc_server/srv_pipe_hnd.c:875(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/24 15:00:02.927461, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0058 000a auth_len : 0020 000c call_id : 00000006 [2010/04/24 15:00:02.927529, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/24 15:00:02.927563, 5] rpc_parse/parse_prs.c:89(prs_debug) 000030 smb_io_rpc_hdr_auth hdr_auth 0030 auth_type : 44 0031 auth_level : 06 0032 auth_pad_len : 00 0033 auth_reserved: 00 0034 auth_context_id: 00000001 [2010/04/24 15:00:02.927636, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &r: struct NL_AUTH_SIGNATURE SignatureAlgorithm : NL_SIGN_HMAC_MD5 (0x77) SealAlgorithm : NL_SEAL_RC4 (0x7A) Pad : 0xffff (65535) Flags : 0x0000 (0) SequenceNumber : c89601ba4a1a88eb Checksum : 8ede419f9ef49969 Confounder : 5bb8c65e38bb3c2d [2010/04/24 15:00:02.927705, 3] smbd/pipes.c:462(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=88 [2010/04/24 15:00:03.552893, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 138 [2010/04/24 15:00:03.552925, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x8a [2010/04/24 15:00:03.552941, 3] smbd/process.c:1485(process_smb) Transaction 21 of length 142 (0 toread) [2010/04/24 15:00:03.552956, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.552966, 5] lib/util.c:627(show_msg) size=138 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=65535 smb_pid=65279 smb_uid=0 smb_mid=1344 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 74 (0x4A) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=79 [2010/04/24 15:00:03.553078, 10] ../lib/util/util.c:278(_dump_data) [0000] 60 48 06 06 2B 06 01 05 05 02 A0 3E 30 3C A0 0E `H..+... .. >0< . [0010] 30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A A2 2A 0...+... ..7...¢* [0020] 04 28 4E 54 4C 4D 53 53 50 00 01 00 00 00 97 82 .(NTLMSS P....... [0030] 08 E2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .â...... ........ [0040] 00 00 06 01 B0 1D 00 00 00 0F 00 00 00 00 00 ....°... ....... [2010/04/24 15:00:03.553192, 3] smbd/process.c:1294(switch_message) switch message SMBsesssetupX (pid 4988) conn 0x0 [2010/04/24 15:00:03.553208, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.553224, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.553239, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.553271, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:03.553289, 3] smbd/sesssetup.c:1435(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2010/04/24 15:00:03.553304, 3] smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego) Doing spnego session setup [2010/04/24 15:00:03.553324, 3] smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2010/04/24 15:00:03.553340, 10] smbd/password.c:184(register_initial_vuid) register_initial_vuid: allocated vuid = 101 [2010/04/24 15:00:03.553358, 10] smbd/sesssetup.c:1134(check_spnego_blob_complete) check_spnego_blob_complete: needed_len = 74, pblob->length = 74 [2010/04/24 15:00:03.553390, 5] smbd/sesssetup.c:753(parse_spnego_mechanisms) parse_spnego_mechanisms: Got OID 1.3.6.1.4.1.311.2.2.10 [2010/04/24 15:00:03.553405, 3] smbd/sesssetup.c:805(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 40 [2010/04/24 15:00:03.553426, 5] auth/auth.c:481(make_auth_context_subsystem) Making default auth method list for DC, security=user, encrypt passwords = yes [2010/04/24 15:00:03.553446, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2010/04/24 15:00:03.553461, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method guest has a valid init [2010/04/24 15:00:03.553475, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2010/04/24 15:00:03.553490, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method sam has a valid init [2010/04/24 15:00:03.553504, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2010/04/24 15:00:03.553519, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match trustdomain [2010/04/24 15:00:03.553534, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method trustdomain has a valid init [2010/04/24 15:00:03.553547, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method winbind has a valid init [2010/04/24 15:00:03.553566, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2010/04/24 15:00:03.553638, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0xe2088297 (3792208535) 1: NTLMSSP_NEGOTIATE_UNICODE 1: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 1: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : NULL WorkstationLen : 0x0000 (0) WorkstationMaxLen : 0x0000 (0) Workstation : NULL Version: struct VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x1db0 (7600) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) [2010/04/24 15:00:03.553929, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module guest did not want to specify a challenge [2010/04/24 15:00:03.553944, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module sam did not want to specify a challenge [2010/04/24 15:00:03.553958, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module winbind did not want to specify a challenge [2010/04/24 15:00:03.554009, 5] auth/auth.c:132(get_ntlm_challenge) auth_context challenge created by random [2010/04/24 15:00:03.554024, 5] auth/auth.c:133(get_ntlm_challenge) challenge is: [2010/04/24 15:00:03.554038, 5] ../lib/util/util.c:278(_dump_data) [0000] 85 C4 F2 A3 4D 8F E2 C9 .Äò£M.âÉ [2010/04/24 15:00:03.554086, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x000e (14) TargetNameMaxLen : 0x000e (14) TargetName : * TargetName : 'GYM-OHA' NegotiateFlags : 0xe2898295 (3800662677) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 1: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 ServerChallenge : 85c4f2a34d8fe2c9 Reserved : 0000000000000000 TargetInfoLen : 0x0068 (104) TargetNameInfoMaxLen : 0x0068 (104) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'GYM-OHA' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0014 (20) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'FILESERVER' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'gym-oha' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0024 (36) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'fileserver.gym-oha' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Version: struct VERSION ProductMajorVersion : UNKNOWN_ENUM_VALUE (0x47) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_0 (0x0) ProductBuild : 0x0059 (89) Reserved : 4d002d NTLMRevisionCurrent : UNKNOWN_ENUM_VALUE (0x0) [2010/04/24 15:00:03.554594, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.554605, 5] lib/util.c:627(show_msg) size=290 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=101 smb_mid=1344 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 197 (0xC5) smb_bcc=247 [2010/04/24 15:00:03.554681, 10] ../lib/util/util.c:278(_dump_data) [0000] A1 81 C2 30 81 BF A0 03 0A 01 01 A1 0C 06 0A 2B ¡.Â0.¿ . ...¡...+ [0010] 06 01 04 01 82 37 02 02 0A A2 81 A9 04 81 A6 4E .....7.. .¢.©..¦N [0020] 54 4C 4D 53 53 50 00 02 00 00 00 0E 00 0E 00 30 TLMSSP.. .......0 [0030] 00 00 00 95 82 89 E2 85 C4 F2 A3 4D 8F E2 C9 00 ......â. Äò£M.âÉ. [0040] 00 00 00 00 00 00 00 68 00 68 00 3E 00 00 00 47 .......h .h.>...G [0050] 00 59 00 4D 00 2D 00 4F 00 48 00 41 00 02 00 0E .Y.M.-.O .H.A.... [0060] 00 47 00 59 00 4D 00 2D 00 4F 00 48 00 41 00 01 .G.Y.M.- .O.H.A.. [0070] 00 14 00 46 00 49 00 4C 00 45 00 53 00 45 00 52 ...F.I.L .E.S.E.R [0080] 00 56 00 45 00 52 00 04 00 0E 00 67 00 79 00 6D .V.E.R.. ...g.y.m [0090] 00 2D 00 6F 00 68 00 61 00 03 00 24 00 66 00 69 .-.o.h.a ...$.f.i [00A0] 00 6C 00 65 00 73 00 65 00 72 00 76 00 65 00 72 .l.e.s.e .r.v.e.r [00B0] 00 2E 00 67 00 79 00 6D 00 2D 00 6F 00 68 00 61 ...g.y.m .-.o.h.a [00C0] 00 00 00 00 00 55 00 6E 00 69 00 78 00 00 00 53 .....U.n .i.x...S [00D0] 00 61 00 6D 00 62 00 61 00 20 00 33 00 2E 00 35 .a.m.b.a . .3...5 [00E0] 00 2E 00 32 00 00 00 47 00 59 00 4D 00 2D 00 4F ...2...G .Y.M.-.O [00F0] 00 48 00 41 00 00 00 .H.A... [2010/04/24 15:00:03.555432, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 518 [2010/04/24 15:00:03.555450, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x206 [2010/04/24 15:00:03.555475, 3] smbd/process.c:1485(process_smb) Transaction 22 of length 522 (0 toread) [2010/04/24 15:00:03.555489, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.555498, 5] lib/util.c:627(show_msg) size=518 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=65535 smb_pid=65279 smb_uid=101 smb_mid=1408 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=16644 (0x4104) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 454 (0x1C6) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 212 (0xD4) smb_vwv[11]=40960 (0xA000) smb_bcc=459 [2010/04/24 15:00:03.555607, 10] ../lib/util/util.c:278(_dump_data) [0000] A1 82 01 C2 30 82 01 BE A2 82 01 BA 04 82 01 B6 ¡..Â0..¾ ¢..º...¶ [0010] 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 NTLMSSP. ........ [0020] 7C 00 00 00 12 01 12 01 94 00 00 00 0E 00 0E 00 |....... ........ [0030] 58 00 00 00 0C 00 0C 00 66 00 00 00 0A 00 0A 00 X....... f....... [0040] 72 00 00 00 10 00 10 00 A6 01 00 00 15 82 88 E2 r....... ¦......â [0050] 06 01 B0 1D 00 00 00 0F D1 1E C1 E5 52 49 DB 02 ..°..... Ñ.ÁåRIÛ. [0060] 9F 6B AF 68 9B 49 06 11 47 00 59 00 4D 00 2D 00 .k¯h.I.. G.Y.M.-. [0070] 4F 00 48 00 41 00 50 00 43 00 32 00 37 00 34 00 O.H.A.P. C.2.7.4. [0080] 24 00 50 00 43 00 32 00 37 00 34 00 00 00 00 00 $.P.C.2. 7.4..... [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 46 36 28 DE 29 7B 78 9D 52 A3 B7 47 ....F6(Þ ){x.R£·G [00B0] 80 E1 13 22 01 01 00 00 00 00 00 00 43 55 BC 0D .á.".... ....CU¼. [00C0] AE E3 CA 01 11 FC E3 09 30 6D 82 A8 00 00 00 00 ®ãÊ..üã. 0m.¨.... [00D0] 02 00 0E 00 47 00 59 00 4D 00 2D 00 4F 00 48 00 ....G.Y. M.-.O.H. [00E0] 41 00 01 00 14 00 46 00 49 00 4C 00 45 00 53 00 A.....F. I.L.E.S. [00F0] 45 00 52 00 56 00 45 00 52 00 04 00 0E 00 67 00 E.R.V.E. R.....g. [0100] 79 00 6D 00 2D 00 6F 00 68 00 61 00 03 00 24 00 y.m.-.o. h.a...$. [0110] 66 00 69 00 6C 00 65 00 73 00 65 00 72 00 76 00 f.i.l.e. s.e.r.v. [0120] 65 00 72 00 2E 00 67 00 79 00 6D 00 2D 00 6F 00 e.r...g. y.m.-.o. [0130] 68 00 61 00 08 00 30 00 30 00 00 00 00 00 00 00 h.a...0. 0....... [0140] 00 00 00 00 00 40 00 00 1C 67 21 5C BB 49 C4 19 .....@.. .g!\»IÄ. [0150] 49 0E 2A E1 B0 54 90 7B 8E F7 D5 FE 49 4E EA 90 I.*á°T.{ .÷ÕþINê. [0160] 5E 2E 8E AE 07 58 A2 A0 0A 00 10 00 00 00 00 00 ^..®.X¢  ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 09 00 2E 00 ........ ........ [0180] 63 00 69 00 66 00 73 00 2F 00 46 00 49 00 4C 00 c.i.f.s. /.F.I.L. [0190] 45 00 53 00 45 00 52 00 56 00 45 00 52 00 2E 00 E.S.E.R. V.E.R... [01A0] 47 00 59 00 4D 00 2D 00 4F 00 48 00 41 00 00 00 G.Y.M.-. O.H.A... [01B0] 00 00 00 00 00 00 4C B4 98 90 53 F6 AB 4B 6F A9 ......L´ ..Sö«Ko© [01C0] 83 2C AF 90 A7 90 00 00 00 00 00 .,¯.§... ... [2010/04/24 15:00:03.556106, 3] smbd/process.c:1294(switch_message) switch message SMBsesssetupX (pid 4988) conn 0x0 [2010/04/24 15:00:03.556121, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.556135, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.556157, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.556180, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:03.556195, 3] smbd/sesssetup.c:1435(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2010/04/24 15:00:03.556208, 3] smbd/sesssetup.c:1189(reply_sesssetup_and_X_spnego) Doing spnego session setup [2010/04/24 15:00:03.556226, 3] smbd/sesssetup.c:1231(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2010/04/24 15:00:03.556242, 10] smbd/sesssetup.c:1134(check_spnego_blob_complete) check_spnego_blob_complete: needed_len = 454, pblob->length = 454 [2010/04/24 15:00:03.556297, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : 000000000000000000000000000000000000000000000000 NtChallengeResponseLen : 0x0112 (274) NtChallengeResponseMaxLen: 0x0112 (274) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 274) v2: struct NTLMv2_RESPONSE Response : 463628de297b789d52a3b74780e11322 Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : Sa 24 Apr 2010 15:00:03 MEST MEST ChallengeFromClient : 11fce309306d82a8 Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x00000008 (8) pair: ARRAY(8) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'GYM-OHA' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0014 (20) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'FILESERVER' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x000e (14) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'gym-oha' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0024 (36) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'fileserver.gym-oha' pair: struct AV_PAIR AvId : MsAvRestrictions (0x8) AvLen : 0x0030 (48) Value : union ntlmssp_AvValue(case 0x8) AvRestrictions: struct Restriction_Encoding Size : 0x00000030 (48) Z4 : 0x00000000 (0) IntegrityLevel : 0x00000000 (0) SubjectIntegrityLevel : 0x00004000 (16384) MachineId : 1c67215cbb49c419490e2ae1b054907b8ef7d5fe494eea905e2e8eae0758a2a0 pair: struct AV_PAIR AvId : MsvChannelBindings (0xA) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0xA) ChannelBindings : 00000000000000000000000000000000 pair: struct AV_PAIR AvId : MsvAvTargetName (0x9) AvLen : 0x002e (46) Value : union ntlmssp_AvValue(case 0x9) AvTargetName : 'cifs/FILESERVER.GYM-OHA' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) DomainNameLen : 0x000e (14) DomainNameMaxLen : 0x000e (14) DomainName : * DomainName : 'GYM-OHA' UserNameLen : 0x000c (12) UserNameMaxLen : 0x000c (12) UserName : * UserName : 'PC274$' WorkstationLen : 0x000a (10) WorkstationMaxLen : 0x000a (10) Workstation : * Workstation : 'PC274' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [2010/04/24 15:00:03.556943, 10] ../lib/util/util.c:278(_dump_data) [0000] 4C B4 98 90 53 F6 AB 4B 6F A9 83 2C AF 90 A7 90 L´..Sö«K o©.,¯.§. NegotiateFlags : 0xe2888215 (3800597013) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 1: NTLMSSP_NEGOTIATE_56 Version: struct VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1) ProductBuild : 0x1db0 (7600) Reserved: ARRAY(3) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (15) [2010/04/24 15:00:03.557188, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth) Got user=[PC274$] domain=[GYM-OHA] workstation=[PC274] len1=24 len2=274 [2010/04/24 15:00:03.557223, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 15:00:03.557273, 4] smbd/map_username.c:144(map_username) Scanning username map /etc/samba/smbusers [2010/04/24 15:00:03.557304, 10] smbd/password.c:475(user_in_list) user_in_list: checking user PC274$ in list [2010/04/24 15:00:03.557320, 10] smbd/password.c:480(user_in_list) user_in_list: checking user |PC274$| against |administrator| [2010/04/24 15:00:03.557336, 10] smbd/password.c:475(user_in_list) user_in_list: checking user PC274$ in list [2010/04/24 15:00:03.557350, 10] smbd/password.c:480(user_in_list) user_in_list: checking user |PC274$| against |guest| [2010/04/24 15:00:03.557364, 10] smbd/password.c:480(user_in_list) user_in_list: checking user |PC274$| against |pcguest| [2010/04/24 15:00:03.557377, 10] smbd/password.c:480(user_in_list) user_in_list: checking user |PC274$| against |smbguest| [2010/04/24 15:00:03.559598, 5] auth/auth_util.c:211(make_user_info_map) Mapping user [GYM-OHA]\[PC274$] from workstation [PC274] [2010/04/24 15:00:03.559614, 5] auth/auth_util.c:122(make_user_info) attempting to make a user_info for PC274$ (PC274$) [2010/04/24 15:00:03.559629, 5] auth/auth_util.c:132(make_user_info) making strings for PC274$'s user_info struct [2010/04/24 15:00:03.559643, 5] auth/auth_util.c:164(make_user_info) making blobs for PC274$'s user_info struct [2010/04/24 15:00:03.559658, 10] auth/auth_util.c:182(make_user_info) made an encrypted user_info for PC274$ (PC274$) [2010/04/24 15:00:03.559673, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [GYM-OHA]\[PC274$]@[PC274] with the new password interface [2010/04/24 15:00:03.559689, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [GYM-OHA]\[PC274$]@[PC274] [2010/04/24 15:00:03.559704, 10] auth/auth.c:228(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2010/04/24 15:00:03.559718, 10] auth/auth.c:230(check_ntlm_password) challenge is: [2010/04/24 15:00:03.559732, 5] ../lib/util/util.c:278(_dump_data) [0000] 85 C4 F2 A3 4D 8F E2 C9 .Äò£M.âÉ [2010/04/24 15:00:03.559759, 10] auth/auth.c:256(check_ntlm_password) check_ntlm_password: guest had nothing to say [2010/04/24 15:00:03.559776, 8] lib/util.c:1869(is_myname) is_myname("GYM-OHA") returns 0 [2010/04/24 15:00:03.559793, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.559808, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.559823, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.559836, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.559850, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.559890, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(uid=PC274$)(objectclass=sambaSamAccount))], scope => [2] [2010/04/24 15:00:03.560769, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pc274$ [2010/04/24 15:00:03.560787, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username pc274$, was [2010/04/24 15:00:03.560810, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:03.560826, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username pc274$, was [2010/04/24 15:00:03.560849, 10] passdb/pdb_get_set.c:550(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:03.560866, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:03.560928, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute displayName does not exist [2010/04/24 15:00:03.560946, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Workstation-Trust-Account, was [2010/04/24 15:00:03.560968, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2010/04/24 15:00:03.560983, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:03.561005, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2010/04/24 15:00:03.561021, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:03.561041, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\pc274_, was [2010/04/24 15:00:03.561063, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2010/04/24 15:00:03.561081, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\pc274_.bat, was [2010/04/24 15:00:03.561103, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2010/04/24 15:00:03.561118, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:03.561135, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\pc274_\NTProfile, was [2010/04/24 15:00:03.561157, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute description does not exist [2010/04/24 15:00:03.561178, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2010/04/24 15:00:03.561199, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2010/04/24 15:00:03.561220, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLMPassword does not exist [2010/04/24 15:00:03.561246, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.561261, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:03.561275, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.561288, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.561302, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.561337, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.561369, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.561397, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2010/04/24 15:00:03.561419, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2010/04/24 15:00:03.561452, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2010/04/24 15:00:03.561484, 7] passdb/login_cache.c:87(login_cache_read) Looking up login cache for user pc274$ [2010/04/24 15:00:03.561501, 7] passdb/login_cache.c:103(login_cache_read) No cache entry found [2010/04/24 15:00:03.561515, 9] passdb/pdb_ldap.c:1126(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2010/04/24 15:00:03.561532, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.561547, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:03.561560, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.561573, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.561587, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.561612, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.561642, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.561660, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user pc274$ [2010/04/24 15:00:03.561674, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pc274$ [2010/04/24 15:00:03.561690, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [pc274$]! [2010/04/24 15:00:03.561707, 10] passdb/pdb_get_set.c:257(pdb_get_group_sid) do lookup_sid(S-1-5-21-4031555581-2449722753-3032957831-515) for group of user S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:03.561726, 10] passdb/lookup_sid.c:965(lookup_sid) lookup_sid called for SID 'S-1-5-21-4031555581-2449722753-3032957831-515' [2010/04/24 15:00:03.561751, 10] passdb/lookup_sid.c:720(check_dom_sid_to_level) Accepting SID S-1-5-21-4031555581-2449722753-3032957831 in level 1 [2010/04/24 15:00:03.561768, 10] passdb/lookup_sid.c:480(lookup_rids) lookup_rids called for domain sid 'S-1-5-21-4031555581-2449722753-3032957831' [2010/04/24 15:00:03.561785, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.561799, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:03.561813, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.561826, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.561839, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.561861, 5] passdb/pdb_interface.c:1473(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 515. [2010/04/24 15:00:03.561876, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2010/04/24 15:00:03.561890, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2010/04/24 15:00:03.561904, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/24 15:00:03.561917, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.561930, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.561967, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(sambaSID=S-1-5-21-4031555581-2449722753-3032957831-515)(objectclass=sambaSamAccount))], scope => [2] [2010/04/24 15:00:03.562592, 4] passdb/pdb_ldap.c:1695(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-4031555581-2449722753-3032957831-515] count=0 [2010/04/24 15:00:03.562632, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-4031555581-2449722753-3032957831-515))], scope => [2] [2010/04/24 15:00:03.563341, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2010/04/24 15:00:03.563383, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.563399, 5] passdb/pdb_interface.c:1595(pdb_default_lookup_rids) lookup_rids: Domain Computers:2 [2010/04/24 15:00:03.563417, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.563432, 10] passdb/lookup_sid.c:1000(lookup_sid) Sid S-1-5-21-4031555581-2449722753-3032957831-515 -> GYM-OHA\Domain Computers(2) [2010/04/24 15:00:03.563451, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.563466, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:03.563479, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.563493, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.563506, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.563532, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.563561, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.563583, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username pc274$, was [2010/04/24 15:00:03.563597, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:03.563611, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username pc274$, was [2010/04/24 15:00:03.563625, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Workstation-Trust-Account, was [2010/04/24 15:00:03.563641, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:03.563658, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\pc274_, was [2010/04/24 15:00:03.563672, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:03.563689, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\pc274_.bat, was [2010/04/24 15:00:03.563704, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:03.563721, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\pc274_\NTProfile, was [2010/04/24 15:00:03.563736, 10] passdb/pdb_get_set.c:813(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/24 15:00:03.563752, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.563766, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:03.563780, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.563793, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.563806, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.563831, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.563861, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.563887, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:03.563905, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 from rid 3548 [2010/04/24 15:00:03.563929, 10] passdb/pdb_get_set.c:595(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-4031555581-2449722753-3032957831-515 [2010/04/24 15:00:03.563952, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.563970, 4] ../libcli/auth/ntlm_check.c:351(ntlm_password_check) ntlm_password_check: Checking NTLMv2 password with domain [GYM-OHA] [2010/04/24 15:00:03.564002, 4] auth/auth_sam.c:177(sam_account_ok) sam_account_ok: Checking SMB password for user pc274$ [2010/04/24 15:00:03.564026, 5] auth/auth_sam.c:159(logon_hours_ok) logon_hours_ok: user pc274$ allowed to logon at this time (Sat Apr 24 13:00:03 2010 ) [2010/04/24 15:00:03.564046, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.564060, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.564073, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.564087, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.564100, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.564125, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.564165, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.564182, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.564195, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.564209, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.564222, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.564235, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.564289, 10] lib/system_smbd.c:122(sys_getgrouplist) sys_getgrouplist: user [pc274$] [2010/04/24 15:00:03.567118, 5] auth/auth_util.c:649(make_server_info_sam) make_server_info_sam: made server info for user pc274$ -> pc274$ [2010/04/24 15:00:03.567139, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.567154, 3] auth/auth.c:265(check_ntlm_password) check_ntlm_password: sam authentication for user [PC274$] succeeded [2010/04/24 15:00:03.567169, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.567184, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.567197, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.567210, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.567224, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.567249, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.567263, 5] auth/auth.c:291(check_ntlm_password) check_ntlm_password: PAM Account for user [pc274$] succeeded [2010/04/24 15:00:03.567276, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [PC274$] -> [PC274$] -> [pc274$] succeeded [2010/04/24 15:00:03.567291, 5] auth/auth_util.c:2119(free_user_info) attempting to free (and zero) a user_info structure [2010/04/24 15:00:03.567317, 10] auth/auth_util.c:2123(free_user_info) structure was created for PC274$ [2010/04/24 15:00:03.567332, 10] auth/token_util.c:356(create_local_nt_token) Create local NT token for S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:03.567361, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found [2010/04/24 15:00:03.567391, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2010/04/24 15:00:03.567408, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.567422, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.567435, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.567449, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.567463, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.567491, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2010/04/24 15:00:03.567982, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2010/04/24 15:00:03.568004, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.568019, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2010/04/24 15:00:03.568034, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.568048, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.568062, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.568075, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.568089, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.568125, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found [2010/04/24 15:00:03.568160, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2010/04/24 15:00:03.568175, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.568189, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:03.568203, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.568217, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.568231, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.568258, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2010/04/24 15:00:03.568679, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2010/04/24 15:00:03.568701, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.568715, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2010/04/24 15:00:03.568735, 5] auth/token_util.c:277(create_builtin_users) create_builtin_users: Failed to create Users [2010/04/24 15:00:03.568752, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.568778, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.568792, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.568806, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.568820, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.568834, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.568887, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-4031555581-2449722753-3032957831-3548)(sambaSIDList=S-1-5-21-4031555581-2449722753-3032957831-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)))], scope => [2] [2010/04/24 15:00:03.569662, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.569687, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-4031555581-2449722753-3032957831-3548] [2010/04/24 15:00:03.569710, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-4031555581-2449722753-3032957831-515] [2010/04/24 15:00:03.569731, 5] lib/privileges.c:128(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/24 15:00:03.569761, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2010/04/24 15:00:03.569780, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2010/04/24 15:00:03.569803, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-1-0 couldn't be found [2010/04/24 15:00:03.569824, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-1-0 [2010/04/24 15:00:03.569840, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.569854, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.569868, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.569882, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.569895, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.569922, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2010/04/24 15:00:03.570426, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2010/04/24 15:00:03.570447, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.570462, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2010/04/24 15:00:03.570476, 10] auth/auth_util.c:753(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2010/04/24 15:00:03.570499, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-2 couldn't be found [2010/04/24 15:00:03.570519, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-2 [2010/04/24 15:00:03.570535, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.570549, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.570562, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.570576, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.570601, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.570630, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2010/04/24 15:00:03.571175, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2010/04/24 15:00:03.571197, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.571212, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2010/04/24 15:00:03.571226, 10] auth/auth_util.c:753(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2010/04/24 15:00:03.571248, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/SID2GID/S-1-5-11 couldn't be found [2010/04/24 15:00:03.571269, 10] passdb/lookup_sid.c:1511(sid_to_gid) winbind failed to find a gid for sid S-1-5-11 [2010/04/24 15:00:03.571285, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.571299, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.571312, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.571326, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.571340, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.571368, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))], scope => [2] [2010/04/24 15:00:03.571923, 4] passdb/pdb_ldap.c:2562(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11)) [2010/04/24 15:00:03.571945, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.571960, 10] passdb/lookup_sid.c:1256(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-11 [2010/04/24 15:00:03.571974, 10] auth/auth_util.c:753(create_local_token) Could not convert SID S-1-5-11 to gid, ignoring it [2010/04/24 15:00:03.571991, 10] auth/token_util.c:531(debug_nt_user_token) NT user token of user S-1-5-21-4031555581-2449722753-3032957831-3548 contains 7 SIDs SID[ 0]: S-1-5-21-4031555581-2449722753-3032957831-3548 SID[ 1]: S-1-5-21-4031555581-2449722753-3032957831-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-1274 SID[ 6]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/24 15:00:03.572057, 10] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 1274 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2010/04/24 15:00:03.572083, 10] auth/auth_ntlmssp.c:139(auth_ntlmssp_check_password) Got NT session key of length 16 [2010/04/24 15:00:03.572098, 10] auth/auth_ntlmssp.c:146(auth_ntlmssp_check_password) Got LM session key of length 8 [2010/04/24 15:00:03.572113, 10] libsmb/ntlmssp.c:853(ntlmssp_server_auth) ntlmssp_server_auth: Using unmodified nt session key. [2010/04/24 15:00:03.572135, 3] libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2010/04/24 15:00:03.572159, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2010/04/24 15:00:03.572235, 10] smbd/password.c:278(register_existing_vuid) register_existing_vuid: (1274,515) pc274$ PC274$ GYM-OHA guest=0 [2010/04/24 15:00:03.572262, 3] smbd/password.c:282(register_existing_vuid) register_existing_vuid: User name: pc274$ Real name: Workstation-Trust-Account [2010/04/24 15:00:03.572278, 3] smbd/password.c:292(register_existing_vuid) register_existing_vuid: UNIX uid 1274 is UNIX user pc274$, and will be vuid 101 [2010/04/24 15:00:03.572301, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 49442F343938382F3130 [2010/04/24 15:00:03.572322, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x721f5c8 [2010/04/24 15:00:03.572904, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 49442F343938382F3130 [2010/04/24 15:00:03.607363, 7] param/loadparm.c:9481(lp_servicenumber) lp_servicenumber: couldn't find pc274$ [2010/04/24 15:00:03.607403, 3] smbd/password.c:223(register_homes_share) Adding homes service for user 'pc274$' using home directory: '/dev/null' [2010/04/24 15:00:03.607506, 8] param/loadparm.c:6245(add_a_service) add_a_service: Creating snum = 28 for pc274$ [2010/04/24 15:00:03.607524, 10] param/loadparm.c:6292(hash_a_service) hash_a_service: hashing index 28 for service name pc274$ [2010/04/24 15:00:03.607541, 3] param/loadparm.c:6347(lp_add_home) adding home's share [pc274$] for user 'pc274$' at '/dev/null' [2010/04/24 15:00:03.607577, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 15:00:03.607633, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.607643, 5] lib/util.c:627(show_msg) size=102 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=101 smb_mid=1408 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=59 [2010/04/24 15:00:03.607720, 10] ../lib/util/util.c:278(_dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ¡.0. ... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 35 00 2E 00 32 00 00 00 47 00 59 00 4D ...5...2 ...G.Y.M [0030] 00 2D 00 4F 00 48 00 41 00 00 00 .-.O.H.A ... [2010/04/24 15:00:03.608169, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 86 [2010/04/24 15:00:03.608194, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x56 [2010/04/24 15:00:03.608210, 3] smbd/process.c:1485(process_smb) Transaction 23 of length 90 (0 toread) [2010/04/24 15:00:03.608224, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.608233, 5] lib/util.c:627(show_msg) size=86 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=1472 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 86 (0x56) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=43 [2010/04/24 15:00:03.608310, 10] ../lib/util/util.c:278(_dump_data) [0000] 00 5C 00 5C 00 46 00 49 00 4C 00 45 00 53 00 45 .\.\.F.I .L.E.S.E [0010] 00 52 00 56 00 45 00 52 00 5C 00 49 00 50 00 43 .R.V.E.R .\.I.P.C [0020] 00 24 00 00 00 3F 3F 3F 3F 3F 00 .$...??? ??. [2010/04/24 15:00:03.608372, 3] smbd/process.c:1294(switch_message) switch message SMBtconX (pid 4988) conn 0x0 [2010/04/24 15:00:03.608388, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.608403, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.608417, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.608444, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:03.608468, 4] smbd/reply.c:767(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2010/04/24 15:00:03.608508, 5] smbd/service.c:1226(make_connection) making a connection to 'normal' service ipc$ [2010/04/24 15:00:03.608530, 10] smbd/share_access.c:238(user_ok_token) user_ok_token: share IPC$ is ok for unix user pc274$ [2010/04/24 15:00:03.608552, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.608568, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.608581, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.608594, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.608608, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.608642, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.608674, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.608692, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.608707, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.608721, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.608735, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.608748, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.608773, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.608803, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.608827, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username pc274$, was [2010/04/24 15:00:03.608842, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:03.608856, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username pc274$, was [2010/04/24 15:00:03.608871, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Workstation-Trust-Account, was [2010/04/24 15:00:03.608887, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:03.608907, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\pc274_, was [2010/04/24 15:00:03.608922, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:03.608939, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\pc274_.bat, was [2010/04/24 15:00:03.608955, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:03.608971, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\pc274_\NTProfile, was [2010/04/24 15:00:03.608987, 10] passdb/pdb_get_set.c:813(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/24 15:00:03.609003, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.609017, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.609030, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.609044, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.609057, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.609082, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.609123, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.609139, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:03.609157, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 from rid 3548 [2010/04/24 15:00:03.609181, 10] passdb/pdb_get_set.c:595(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-4031555581-2449722753-3032957831-515 [2010/04/24 15:00:03.609198, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user pc274$ [2010/04/24 15:00:03.609213, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is pc274$ [2010/04/24 15:00:03.609228, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [pc274$]! [2010/04/24 15:00:03.609256, 10] smbd/service.c:163(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /var/tmp [2010/04/24 15:00:03.609271, 3] smbd/service.c:807(make_connection_snum) Connect path is '/var/tmp' for service [IPC$] [2010/04/24 15:00:03.609293, 10] lib/util_seaccess.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2010/04/24 15:00:03.609312, 3] smbd/vfs.c:97(vfs_init_default) Initialising default vfs hooks [2010/04/24 15:00:03.609326, 3] smbd/vfs.c:122(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2010/04/24 15:00:03.609341, 10] smbd/vfs.c:48(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2010/04/24 15:00:03.609362, 5] smbd/connection.c:142(claim_connection) claiming [IPC$] [2010/04/24 15:00:03.609443, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 7C130000020000004950 [2010/04/24 15:00:03.609462, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7224480 [2010/04/24 15:00:03.609488, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 7C130000020000004950 [2010/04/24 15:00:03.609574, 10] smbd/service.c:163(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /var/tmp [2010/04/24 15:00:03.609591, 10] smbd/share_access.c:238(user_ok_token) user_ok_token: share IPC$ is ok for unix user pc274$ [2010/04/24 15:00:03.609607, 10] smbd/share_access.c:283(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user pc274$ [2010/04/24 15:00:03.609627, 10] lib/util_seaccess.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2010/04/24 15:00:03.609645, 3] lib/util_sid.c:228(string_to_sid) string_to_sid: Sid @GYM-OHA\Domain Admins does not start with 'S-'. [2010/04/24 15:00:03.609663, 5] smbd/password.c:423(user_in_netgroup) Unable to get default yp domain, let's try without specifying it [2010/04/24 15:00:03.609677, 5] smbd/password.c:430(user_in_netgroup) looking for user pc274$ of domain (ANY) in netgroup GYM-OHA\Domain Admins [2010/04/24 15:00:03.609702, 10] passdb/lookup_sid.c:69(lookup_name) lookup_name: GYM-OHA\Domain Admins => GYM-OHA (domain), Domain Admins (name) [2010/04/24 15:00:03.609717, 10] passdb/lookup_sid.c:70(lookup_name) lookup_name: flags = 0x077 [2010/04/24 15:00:03.609732, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.609746, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.609760, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.609774, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.609787, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.609827, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=Domain Admins)(cn=Domain Admins)))], scope => [2] [2010/04/24 15:00:03.610592, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 512 [2010/04/24 15:00:03.610636, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.610659, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.610673, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.610688, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.610702, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.610715, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.610741, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.610773, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.610788, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.610803, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.610817, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.610831, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.610844, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.610869, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.610899, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.610918, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username pc274$, was [2010/04/24 15:00:03.610933, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:03.610947, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username pc274$, was [2010/04/24 15:00:03.610961, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Workstation-Trust-Account, was [2010/04/24 15:00:03.610976, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:03.610994, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\pc274_, was [2010/04/24 15:00:03.611009, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:03.611026, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\pc274_.bat, was [2010/04/24 15:00:03.611041, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:03.611058, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\pc274_\NTProfile, was [2010/04/24 15:00:03.611073, 10] passdb/pdb_get_set.c:813(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/24 15:00:03.611088, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.611103, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.611116, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.611141, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.611155, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.611181, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.611210, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.611226, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:03.611242, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 from rid 3548 [2010/04/24 15:00:03.611264, 10] passdb/pdb_get_set.c:595(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-4031555581-2449722753-3032957831-515 [2010/04/24 15:00:03.611285, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (1274, 515) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.611299, 5] auth/token_util.c:531(debug_nt_user_token) NT user token of user S-1-5-21-4031555581-2449722753-3032957831-3548 contains 7 SIDs SID[ 0]: S-1-5-21-4031555581-2449722753-3032957831-3548 SID[ 1]: S-1-5-21-4031555581-2449722753-3032957831-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-1274 SID[ 6]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/24 15:00:03.611366, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 1274 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2010/04/24 15:00:03.611397, 5] smbd/uid.c:354(change_to_user) change_to_user uid=(0,1274) gid=(0,515) [2010/04/24 15:00:03.611418, 10] smbd/service.c:163(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /var/tmp [2010/04/24 15:00:03.611439, 3] smbd/service.c:1069(make_connection_snum) pc274 (192.168.206.1) connect to service IPC$ initially as user pc274$ (uid=1274, gid=515) (pid 4988) [2010/04/24 15:00:03.611458, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.611472, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.611485, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.611507, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:03.611526, 3] smbd/reply.c:846(reply_tcon_and_X) tconX service=IPC$ [2010/04/24 15:00:03.611741, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 100 [2010/04/24 15:00:03.611759, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x64 [2010/04/24 15:00:03.611773, 3] smbd/process.c:1485(process_smb) Transaction 24 of length 104 (0 toread) [2010/04/24 15:00:03.611789, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.611799, 5] lib/util.c:627(show_msg) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=440 smb_uid=101 smb_mid=1536 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 512 (0x200) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2010/04/24 15:00:03.611961, 10] ../lib/util/util.c:278(_dump_data) [0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [0010] 00 . [2010/04/24 15:00:03.612012, 3] smbd/process.c:1294(switch_message) switch message SMBntcreateX (pid 4988) conn 0x720a2e8 [2010/04/24 15:00:03.612028, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (1274, 515) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.612042, 5] auth/token_util.c:531(debug_nt_user_token) NT user token of user S-1-5-21-4031555581-2449722753-3032957831-3548 contains 7 SIDs SID[ 0]: S-1-5-21-4031555581-2449722753-3032957831-3548 SID[ 1]: S-1-5-21-4031555581-2449722753-3032957831-515 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-1-1274 SID[ 6]: S-1-22-2-515 SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/24 15:00:03.612106, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 1274 Primary group is 515 and contains 1 supplementary groups Group[ 0]: 515 [2010/04/24 15:00:03.612134, 5] smbd/uid.c:354(change_to_user) change_to_user uid=(0,1274) gid=(0,515) [2010/04/24 15:00:03.612163, 10] smbd/nttrans.c:498(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x20040 root_dir_fid = 0x0, fname = lsarpc [2010/04/24 15:00:03.612183, 4] smbd/nttrans.c:283(nt_open_pipe) nt_open_pipe: Opening pipe \lsarpc. [2010/04/24 15:00:03.612201, 5] smbd/files.c:119(file_new) allocated file structure 14384, fnum = 18480 (3 used) [2010/04/24 15:00:03.612220, 4] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2010/04/24 15:00:03.612240, 10] rpc_server/srv_lsa_hnd.c:114(init_pipe_handle_list) init_pipe_handles: created handle list for pipe \lsarpc [2010/04/24 15:00:03.612255, 10] rpc_server/srv_lsa_hnd.c:131(init_pipe_handle_list) init_pipe_handles: pipe_handles ref count = 1 for pipe \lsarpc [2010/04/24 15:00:03.612273, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(1274, 515) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.612289, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.612302, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.612316, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.612329, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.612356, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.612387, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (1274, 515) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.612403, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(1274, 515) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.612420, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.612434, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.612447, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.612461, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.612487, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.612517, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (1274, 515) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.612536, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username pc274$, was [2010/04/24 15:00:03.612551, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:03.612565, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username pc274$, was [2010/04/24 15:00:03.612591, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Workstation-Trust-Account, was [2010/04/24 15:00:03.612605, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:03.612623, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\pc274_, was [2010/04/24 15:00:03.612638, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:03.612654, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\pc274_.bat, was [2010/04/24 15:00:03.612700, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:03.612719, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\pc274_\NTProfile, was [2010/04/24 15:00:03.612734, 10] passdb/pdb_get_set.c:813(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/24 15:00:03.612749, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(1274, 515) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.612766, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.612781, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.612795, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.612808, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.612836, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.612866, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (1274, 515) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.612882, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:03.612898, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-3548 from rid 3548 [2010/04/24 15:00:03.612919, 10] passdb/pdb_get_set.c:595(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-4031555581-2449722753-3032957831-515 [2010/04/24 15:00:03.612936, 4] rpc_server/srv_pipe_hnd.c:162(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2010/04/24 15:00:03.612952, 5] smbd/nttrans.c:372(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \lsarpc [2010/04/24 15:00:03.613187, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 72 [2010/04/24 15:00:03.613205, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x48 [2010/04/24 15:00:03.613220, 3] smbd/process.c:1485(process_smb) Transaction 25 of length 76 (0 toread) [2010/04/24 15:00:03.613234, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.613243, 5] lib/util.c:627(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=440 smb_uid=101 smb_mid=1600 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2010/04/24 15:00:03.613367, 10] ../lib/util/util.c:278(_dump_data) [0000] 00 00 00 30 48 ED 03 ...0Hí. [2010/04/24 15:00:03.613391, 3] smbd/process.c:1294(switch_message) switch message SMBtrans2 (pid 4988) conn 0x720a2e8 [2010/04/24 15:00:03.613418, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:03.613438, 9] smbd/trans2.c:910(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2010/04/24 15:00:03.613454, 9] smbd/trans2.c:912(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2010/04/24 15:00:03.613468, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.613477, 5] lib/util.c:627(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=440 smb_uid=101 smb_mid=1600 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2010/04/24 15:00:03.613581, 10] ../lib/util/util.c:278(_dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2010/04/24 15:00:03.613885, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 180 [2010/04/24 15:00:03.613903, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0xb4 [2010/04/24 15:00:03.613918, 3] smbd/process.c:1485(process_smb) Transaction 26 of length 184 (0 toread) [2010/04/24 15:00:03.613932, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.613941, 5] lib/util.c:627(show_msg) size=180 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=1664 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18480 (0x4830) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 116 (0x74) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 116 (0x74) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=117 [2010/04/24 15:00:03.614063, 10] ../lib/util/util.c:278(_dump_data) [0000] EE 05 00 0B 03 10 00 00 00 74 00 00 00 02 00 00 î....... .t...... [0010] 00 B8 10 B8 10 00 00 00 00 02 00 00 00 00 00 01 .¸.¸.... ........ [0020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.Í «ï..#Eg. [0030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 «.....]. .ë.É..è. [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 57 34 .+.H`... .....xW4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 00 00 .4.Í«ï.. #Eg.«... [0060] 00 2C 1C B7 6C 12 98 40 45 03 00 00 00 00 00 00 .,.·l..@ E....... [0070] 00 01 00 00 00 ..... [2010/04/24 15:00:03.614207, 3] smbd/process.c:1294(switch_message) switch message SMBwriteX (pid 4988) conn 0x720a2e8 [2010/04/24 15:00:03.614221, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:03.614236, 6] smbd/pipes.c:291(reply_pipe_write_and_X) reply_pipe_write_and_X: 4830 name: lsarpc len: 116 [2010/04/24 15:00:03.614252, 6] rpc_server/srv_pipe_hnd.c:1208(np_write_send) np_write_send: len: 116 [2010/04/24 15:00:03.614268, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 116 [2010/04/24 15:00:03.614282, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 116 [2010/04/24 15:00:03.614297, 10] rpc_server/srv_pipe_hnd.c:193(fill_rpc_header) fill_rpc_header: data_to_copy = 116, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/24 15:00:03.614312, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/24 15:00:03.614326, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 100 [2010/04/24 15:00:03.614340, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 100 [2010/04/24 15:00:03.614366, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0074 000a auth_len : 0000 000c call_id : 00000002 [2010/04/24 15:00:03.614441, 5] rpc_server/srv_pipe_hnd.c:289(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/24 15:00:03.614455, 10] rpc_server/srv_pipe_hnd.c:318(unmarshall_rpc_header) unmarshall_rpc_header: type = 11, flags = 3 [2010/04/24 15:00:03.614471, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/24 15:00:03.614485, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 100 [2010/04/24 15:00:03.614498, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 100, incoming data = 100 [2010/04/24 15:00:03.614514, 10] rpc_server/srv_pipe_hnd.c:537(process_complete_pdu) process_complete_pdu: processing packet type 11 [2010/04/24 15:00:03.614533, 5] rpc_server/srv_pipe.c:1641(api_pipe_bind_req) api_pipe_bind_req: decode request. 1641 [2010/04/24 15:00:03.614547, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_rb [2010/04/24 15:00:03.614562, 6] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 02 000c context_id : 0000 000e num_transfer_syntaxes: 01 [2010/04/24 15:00:03.614609, 6] rpc_parse/parse_prs.c:89(prs_debug) 00000f smb_io_rpc_iface [2010/04/24 15:00:03.614624, 7] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_uuid uuid 0010 data : 12345778 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 89 ab 0020 version: 00000000 [2010/04/24 15:00:03.614674, 6] rpc_parse/parse_prs.c:89(prs_debug) 000024 smb_io_rpc_iface [2010/04/24 15:00:03.614689, 7] rpc_parse/parse_prs.c:89(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 0038 context_id : 0001 003a num_transfer_syntaxes: 01 [2010/04/24 15:00:03.614749, 6] rpc_parse/parse_prs.c:89(prs_debug) 00003b smb_io_rpc_iface [2010/04/24 15:00:03.614763, 7] rpc_parse/parse_prs.c:89(prs_debug) 00003c smb_io_uuid uuid 003c data : 12345778 0040 data : 1234 0042 data : abcd 0044 data : ef 00 0046 data : 01 23 45 67 89 ab 004c version: 00000000 [2010/04/24 15:00:03.614813, 6] rpc_parse/parse_prs.c:89(prs_debug) 000050 smb_io_rpc_iface [2010/04/24 15:00:03.614828, 7] rpc_parse/parse_prs.c:89(prs_debug) 000050 smb_io_uuid uuid 0050 data : 6cb71c2c 0054 data : 9812 0056 data : 4540 0058 data : 03 00 005a data : 00 00 00 00 00 00 0060 version: 00000001 [2010/04/24 15:00:03.614877, 3] rpc_server/srv_pipe.c:1667(api_pipe_bind_req) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2010/04/24 15:00:03.614893, 5] rpc_server/srv_pipe.c:1717(api_pipe_bind_req) api_pipe_bind_req: make response. 1717 [2010/04/24 15:00:03.614907, 3] rpc_server/srv_pipe.c:998(check_bind_req) check_bind_req for \lsarpc checking lsarpc [2010/04/24 15:00:03.614927, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_ba [2010/04/24 15:00:03.614941, 6] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 [2010/04/24 15:00:03.614982, 6] rpc_parse/parse_prs.c:89(prs_debug) 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\lsarpc. [2010/04/24 15:00:03.615012, 6] rpc_parse/parse_prs.c:89(prs_debug) 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 [2010/04/24 15:00:03.615043, 6] rpc_parse/parse_prs.c:89(prs_debug) 000020 smb_io_rpc_iface [2010/04/24 15:00:03.615057, 7] rpc_parse/parse_prs.c:89(prs_debug) 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 [2010/04/24 15:00:03.615107, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000002 [2010/04/24 15:00:03.615179, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 100 [2010/04/24 15:00:03.615204, 3] smbd/pipes.c:352(pipe_write_andx_done) writeX-IPC nwritten=116 [2010/04/24 15:00:03.615433, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 59 [2010/04/24 15:00:03.615451, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x3b [2010/04/24 15:00:03.615465, 3] smbd/process.c:1485(process_smb) Transaction 27 of length 63 (0 toread) [2010/04/24 15:00:03.615479, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.615488, 5] lib/util.c:627(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=1728 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18480 (0x4830) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/24 15:00:03.615600, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 4988) conn 0x720a2e8 [2010/04/24 15:00:03.615615, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:03.615631, 6] rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/24 15:00:03.615646, 10] rpc_server/srv_pipe_hnd.c:854(read_from_internal_pipe) read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2010/04/24 15:00:03.615669, 3] smbd/pipes.c:462(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2010/04/24 15:00:03.615882, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 156 [2010/04/24 15:00:03.615900, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x9c [2010/04/24 15:00:03.615914, 3] smbd/process.c:1485(process_smb) Transaction 28 of length 160 (0 toread) [2010/04/24 15:00:03.615928, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.615937, 5] lib/util.c:627(show_msg) size=156 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=1792 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18480 (0x4830) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 92 (0x5C) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 92 (0x5C) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=93 [2010/04/24 15:00:03.616066, 10] ../lib/util/util.c:278(_dump_data) [0000] EE 05 00 00 03 10 00 00 00 5C 00 00 00 02 00 00 î....... .\...... [0010] 00 44 00 00 00 00 00 2C 00 00 00 02 00 0B 00 00 .D....., ........ [0020] 00 00 00 00 00 0B 00 00 00 46 00 49 00 4C 00 45 ........ .F.I.L.E [0030] 00 53 00 45 00 52 00 56 00 45 00 52 00 00 00 00 .S.E.R.V .E.R.... [0040] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 01 00 00 00 ........ ..... [2010/04/24 15:00:03.616189, 3] smbd/process.c:1294(switch_message) switch message SMBwriteX (pid 4988) conn 0x720a2e8 [2010/04/24 15:00:03.616204, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:03.616218, 6] smbd/pipes.c:291(reply_pipe_write_and_X) reply_pipe_write_and_X: 4830 name: lsarpc len: 92 [2010/04/24 15:00:03.616232, 6] rpc_server/srv_pipe_hnd.c:1208(np_write_send) np_write_send: len: 92 [2010/04/24 15:00:03.616246, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 92 [2010/04/24 15:00:03.616259, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 92 [2010/04/24 15:00:03.616274, 10] rpc_server/srv_pipe_hnd.c:193(fill_rpc_header) fill_rpc_header: data_to_copy = 92, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/24 15:00:03.616288, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/24 15:00:03.616301, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 76 [2010/04/24 15:00:03.616315, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 76 [2010/04/24 15:00:03.616329, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 005c 000a auth_len : 0000 000c call_id : 00000002 [2010/04/24 15:00:03.616398, 5] rpc_server/srv_pipe_hnd.c:289(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/24 15:00:03.616412, 10] rpc_server/srv_pipe_hnd.c:318(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/24 15:00:03.616426, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/24 15:00:03.616440, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 76 [2010/04/24 15:00:03.616452, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 76, incoming data = 76 [2010/04/24 15:00:03.616467, 10] rpc_server/srv_pipe_hnd.c:537(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/24 15:00:03.616480, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000044 0004 context_id: 0000 0006 opnum : 002c [2010/04/24 15:00:03.616512, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 119 [2010/04/24 15:00:03.616528, 5] rpc_server/srv_pipe.c:2366(api_pipe_request) Requested \PIPE\\lsarpc [2010/04/24 15:00:03.616543, 4] rpc_server/srv_pipe.c:2403(api_rpcTNP) api_rpcTNP: \lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2010/04/24 15:00:03.616562, 6] rpc_server/srv_pipe.c:2433(api_rpcTNP) api_rpc_cmds[44].fn == 0x68d89e0 [2010/04/24 15:00:03.616589, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : 'FILESERVER' attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : NULL access_mask : 0x00000001 (1) 1: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2010/04/24 15:00:03.616791, 4] rpc_server/srv_samr_nt.c:230(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x00000001, granted: 0x00000001) [2010/04/24 15:00:03.616818, 4] rpc_server/srv_lsa_hnd.c:191(create_policy_hnd_internal) Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D2 4B 53 EB ........ ....ÒKSë [0010] 7C 13 00 00 |... [2010/04/24 15:00:03.616858, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d24b-53eb7c130000 result : NT_STATUS_OK [2010/04/24 15:00:03.616920, 5] rpc_server/srv_pipe.c:2468(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2010/04/24 15:00:03.616937, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 1052 [2010/04/24 15:00:03.616952, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 76 [2010/04/24 15:00:03.616974, 3] smbd/pipes.c:352(pipe_write_andx_done) writeX-IPC nwritten=92 [2010/04/24 15:00:03.617280, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 59 [2010/04/24 15:00:03.617297, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x3b [2010/04/24 15:00:03.617312, 3] smbd/process.c:1485(process_smb) Transaction 29 of length 63 (0 toread) [2010/04/24 15:00:03.617325, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.617334, 5] lib/util.c:627(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=1856 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18480 (0x4830) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/24 15:00:03.617445, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 4988) conn 0x720a2e8 [2010/04/24 15:00:03.617459, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:03.617474, 6] rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/24 15:00:03.617489, 10] rpc_server/srv_pipe_hnd.c:875(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/24 15:00:03.617505, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000002 [2010/04/24 15:00:03.617589, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/24 15:00:03.617631, 3] smbd/pipes.c:462(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=48 [2010/04/24 15:00:03.617879, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 116 [2010/04/24 15:00:03.617896, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x74 [2010/04/24 15:00:03.617910, 3] smbd/process.c:1485(process_smb) Transaction 30 of length 120 (0 toread) [2010/04/24 15:00:03.617924, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.617933, 5] lib/util.c:627(show_msg) size=116 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=1920 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18480 (0x4830) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 52 (0x34) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 52 (0x34) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=53 [2010/04/24 15:00:03.618049, 10] ../lib/util/util.c:278(_dump_data) [0000] EE 05 00 00 03 10 00 00 00 34 00 00 00 03 00 00 î....... .4...... [0010] 00 1C 00 00 00 00 00 0D 00 00 00 00 00 01 00 00 ........ ........ [0020] 00 00 00 00 00 D2 4B 53 EB 7C 13 00 00 00 00 00 .....ÒKS ë|...... [0030] 00 FF FF FF FF .ÿÿÿÿ [2010/04/24 15:00:03.618124, 3] smbd/process.c:1294(switch_message) switch message SMBwriteX (pid 4988) conn 0x720a2e8 [2010/04/24 15:00:03.618138, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:03.618152, 6] smbd/pipes.c:291(reply_pipe_write_and_X) reply_pipe_write_and_X: 4830 name: lsarpc len: 52 [2010/04/24 15:00:03.618166, 6] rpc_server/srv_pipe_hnd.c:1208(np_write_send) np_write_send: len: 52 [2010/04/24 15:00:03.618181, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 52 [2010/04/24 15:00:03.618194, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2010/04/24 15:00:03.618208, 10] rpc_server/srv_pipe_hnd.c:193(fill_rpc_header) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/24 15:00:03.618222, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/24 15:00:03.618236, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 36 [2010/04/24 15:00:03.618249, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2010/04/24 15:00:03.618263, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0034 000a auth_len : 0000 000c call_id : 00000003 [2010/04/24 15:00:03.618332, 5] rpc_server/srv_pipe_hnd.c:289(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/24 15:00:03.618345, 10] rpc_server/srv_pipe_hnd.c:318(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/24 15:00:03.618359, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/24 15:00:03.618383, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 36 [2010/04/24 15:00:03.618397, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 [2010/04/24 15:00:03.618411, 10] rpc_server/srv_pipe_hnd.c:537(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/24 15:00:03.618424, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000001c 0004 context_id: 0000 0006 opnum : 000d [2010/04/24 15:00:03.618454, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/24 15:00:03.618469, 5] rpc_server/srv_pipe.c:2366(api_pipe_request) Requested \PIPE\\lsarpc [2010/04/24 15:00:03.618483, 4] rpc_server/srv_pipe.c:2403(api_rpcTNP) api_rpcTNP: \lsarpc op 0xd - api_rpcTNP: rpc command: LSA_ENUMTRUSTDOM [2010/04/24 15:00:03.618498, 6] rpc_server/srv_pipe.c:2433(api_rpcTNP) api_rpc_cmds[13].fn == 0x68def70 [2010/04/24 15:00:03.618520, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_EnumTrustDom: struct lsa_EnumTrustDom in: struct lsa_EnumTrustDom handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d24b-53eb7c130000 resume_handle : * resume_handle : 0x00000000 (0) max_size : 0xffffffff (4294967295) [2010/04/24 15:00:03.618597, 4] rpc_server/srv_lsa_hnd.c:219(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D2 4B 53 EB ........ ....ÒKSë [0010] 7C 13 00 00 |... [2010/04/24 15:00:03.618638, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(1274, 515) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.618657, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(101) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.618671, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.618685, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.618698, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.618725, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=GYM-OHA,dc=gym-oha,dc=de], filter => [(objectClass=sambaTrustedDomainPassword)], scope => [2] [2010/04/24 15:00:03.619306, 5] passdb/pdb_ldap.c:6428(ldapsam_enum_trusteddoms) ldapsam_enum_trusteddoms: got 0 domains [2010/04/24 15:00:03.619326, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (1274, 515) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.619341, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_EnumTrustDom: struct lsa_EnumTrustDom out: struct lsa_EnumTrustDom resume_handle : * resume_handle : 0xffffffff (4294967295) domains : * domains: struct lsa_DomainList count : 0x00000000 (0) domains : NULL result : NT_STATUS_NO_MORE_ENTRIES [2010/04/24 15:00:03.619411, 5] rpc_server/srv_pipe.c:2468(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2010/04/24 15:00:03.619427, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 8 [2010/04/24 15:00:03.619443, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 36 [2010/04/24 15:00:03.619465, 3] smbd/pipes.c:352(pipe_write_andx_done) writeX-IPC nwritten=52 [2010/04/24 15:00:03.619676, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 59 [2010/04/24 15:00:03.619707, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x3b [2010/04/24 15:00:03.619722, 3] smbd/process.c:1485(process_smb) Transaction 31 of length 63 (0 toread) [2010/04/24 15:00:03.619736, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.619746, 5] lib/util.c:627(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=1984 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18480 (0x4830) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/24 15:00:03.619857, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 4988) conn 0x720a2e8 [2010/04/24 15:00:03.619872, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:03.619887, 6] rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/24 15:00:03.619901, 10] rpc_server/srv_pipe_hnd.c:875(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2010/04/24 15:00:03.619918, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0028 000a auth_len : 0000 000c call_id : 00000003 [2010/04/24 15:00:03.619987, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000010 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/24 15:00:03.620029, 3] smbd/pipes.c:462(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=40 [2010/04/24 15:00:03.620225, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 108 [2010/04/24 15:00:03.620243, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x6c [2010/04/24 15:00:03.620257, 3] smbd/process.c:1485(process_smb) Transaction 32 of length 112 (0 toread) [2010/04/24 15:00:03.620271, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.620280, 5] lib/util.c:627(show_msg) size=108 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2048 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18480 (0x4830) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 44 (0x2C) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 44 (0x2C) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=45 [2010/04/24 15:00:03.620398, 10] ../lib/util/util.c:278(_dump_data) [0000] EE 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 î....... .,...... [0010] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0020] 00 00 00 00 00 D2 4B 53 EB 7C 13 00 00 .....ÒKS ë|... [2010/04/24 15:00:03.620459, 3] smbd/process.c:1294(switch_message) switch message SMBwriteX (pid 4988) conn 0x720a2e8 [2010/04/24 15:00:03.620473, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:03.620487, 6] smbd/pipes.c:291(reply_pipe_write_and_X) reply_pipe_write_and_X: 4830 name: lsarpc len: 44 [2010/04/24 15:00:03.620502, 6] rpc_server/srv_pipe_hnd.c:1208(np_write_send) np_write_send: len: 44 [2010/04/24 15:00:03.620516, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 44 [2010/04/24 15:00:03.620530, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2010/04/24 15:00:03.620555, 10] rpc_server/srv_pipe_hnd.c:193(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/24 15:00:03.620569, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/24 15:00:03.620583, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/24 15:00:03.620597, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2010/04/24 15:00:03.620611, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000004 [2010/04/24 15:00:03.620680, 5] rpc_server/srv_pipe_hnd.c:289(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/24 15:00:03.620694, 10] rpc_server/srv_pipe_hnd.c:318(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/24 15:00:03.620708, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/24 15:00:03.620722, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/24 15:00:03.620735, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2010/04/24 15:00:03.620750, 10] rpc_server/srv_pipe_hnd.c:537(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/24 15:00:03.620764, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0000 [2010/04/24 15:00:03.620794, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/24 15:00:03.620809, 5] rpc_server/srv_pipe.c:2366(api_pipe_request) Requested \PIPE\\lsarpc [2010/04/24 15:00:03.620823, 4] rpc_server/srv_pipe.c:2403(api_rpcTNP) api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2010/04/24 15:00:03.620838, 6] rpc_server/srv_pipe.c:2433(api_rpcTNP) api_rpc_cmds[0].fn == 0x68e1a20 [2010/04/24 15:00:03.620859, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d24b-53eb7c130000 [2010/04/24 15:00:03.620912, 4] rpc_server/srv_lsa_hnd.c:219(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D2 4B 53 EB ........ ....ÒKSë [0010] 7C 13 00 00 |... [2010/04/24 15:00:03.620953, 4] rpc_server/srv_lsa_hnd.c:219(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D2 4B 53 EB ........ ....ÒKSë [0010] 7C 13 00 00 |... [2010/04/24 15:00:03.620993, 3] rpc_server/srv_lsa_hnd.c:258(close_policy_hnd) Closed policy [2010/04/24 15:00:03.621008, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2010/04/24 15:00:03.621067, 5] rpc_server/srv_pipe.c:2468(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2010/04/24 15:00:03.621093, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/24 15:00:03.621108, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 28 [2010/04/24 15:00:03.621131, 3] smbd/pipes.c:352(pipe_write_andx_done) writeX-IPC nwritten=44 [2010/04/24 15:00:03.621323, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 59 [2010/04/24 15:00:03.621340, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x3b [2010/04/24 15:00:03.621355, 3] smbd/process.c:1485(process_smb) Transaction 33 of length 63 (0 toread) [2010/04/24 15:00:03.621369, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.621378, 5] lib/util.c:627(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2112 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18480 (0x4830) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/24 15:00:03.621490, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 4988) conn 0x720a2e8 [2010/04/24 15:00:03.621505, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:03.621520, 6] rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/24 15:00:03.621535, 10] rpc_server/srv_pipe_hnd.c:875(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/24 15:00:03.621551, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000004 [2010/04/24 15:00:03.621622, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/24 15:00:03.621663, 3] smbd/pipes.c:462(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=48 [2010/04/24 15:00:03.621872, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 41 [2010/04/24 15:00:03.621890, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x29 [2010/04/24 15:00:03.621904, 3] smbd/process.c:1485(process_smb) Transaction 34 of length 45 (0 toread) [2010/04/24 15:00:03.621918, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.621927, 5] lib/util.c:627(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2176 smt_wct=3 smb_vwv[ 0]=18480 (0x4830) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2010/04/24 15:00:03.621999, 3] smbd/process.c:1294(switch_message) switch message SMBclose (pid 4988) conn 0x720a2e8 [2010/04/24 15:00:03.622013, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:03.622029, 3] smbd/reply.c:4634(reply_close) close fd=-1 fnum=18480 (numopen=1) [2010/04/24 15:00:03.622048, 6] smbd/close.c:501(set_close_write_time) close_write_time: Thu Jan 1 00:59:59 1970 [2010/04/24 15:00:03.622073, 10] rpc_server/srv_lsa_hnd.c:290(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2010/04/24 15:00:03.622092, 5] smbd/files.c:497(file_free) freed files structure 18480 (2 used) [2010/04/24 15:00:03.622107, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.622117, 5] lib/util.c:627(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2176 smt_wct=0 smb_bcc=0 [2010/04/24 15:00:03.623070, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 440 [2010/04/24 15:00:03.623089, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x1b8 [2010/04/24 15:00:03.623103, 3] smbd/process.c:1485(process_smb) Transaction 35 of length 444 (0 toread) [2010/04/24 15:00:03.623117, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.623126, 5] lib/util.c:627(show_msg) size=440 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2240 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18479 (0x482F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 376 (0x178) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 376 (0x178) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=377 [2010/04/24 15:00:03.623245, 10] ../lib/util/util.c:278(_dump_data) [0000] EE 05 00 00 03 10 00 00 00 78 01 38 00 07 00 00 î....... .x.8.... [0010] 00 20 01 00 00 00 00 02 00 92 FB E4 56 AD D4 01 . ...... ..ûäV­Ô. [0020] 25 32 59 A9 33 7A A6 80 72 56 0F A0 42 3E 2E 2F %2Y©3z¦. rV. B>./ [0030] 86 63 F1 AD 43 9D AB C4 66 63 4C DD 33 55 DE 08 .cñ­C.«Ä fcLÝ3UÞ. [0040] C1 6F 2E 59 D4 E4 26 99 B5 9A E1 46 EF 3A 52 0B Áo.YÔä&. µ.áFï:R. [0050] 6D 86 56 BB E4 73 52 1B 3E 9F A6 EC 77 7D 54 90 m.V»äsR. >.¦ìw}T. [0060] 4D 61 4A 65 40 7A 2C EF A6 44 35 CC 5D 99 77 9B MaJe@z,ï ¦D5Ì].w. [0070] A7 EA 80 CC 72 1E 73 40 09 27 CF 85 A8 A3 CB 4C §ê.Ìr.s@ .'Ï.¨£ËL [0080] 60 8F 6D BD 7E A5 8C 99 4B 46 41 B3 DD 36 46 31 `.m½~¥.. KFA³Ý6F1 [0090] DA 1D 90 B8 F1 32 A7 36 68 1C 67 6E 64 EE AA 09 Ú..¸ñ2§6 h.gndîª. [00A0] 89 42 CB E7 64 11 9F DF F7 7C BB 4A 8C 84 BB 38 .BËçd..ß ÷|»J..»8 [00B0] A3 50 40 45 48 BC CF F8 F5 A6 42 CF B1 F1 85 31 £P@EH¼Ïø õ¦Bϱñ.1 [00C0] A8 0F 9A 8E D8 BD FE 34 C7 BF 50 18 35 3D 27 9F ¨...ؽþ4 Ç¿P.5='. [00D0] 8A 2E D7 47 4E AD 31 0D FE 8E E9 FA 6B 70 ED 08 ..×GN­1. þ.éúkpí. [00E0] AD 3D C8 32 48 8C D4 D3 65 0E BA D3 FA 52 B4 9B ­=È2H.ÔÓ e.ºÓúR´. [00F0] 77 5E 44 29 AC B2 49 16 17 35 D5 A7 0A 94 81 D1 w^D)¬²I. .5Õ§...Ñ [0100] DA B9 C0 9E 67 70 92 92 46 57 36 82 CD 15 C7 AE Ú¹À.gp.. FW6.Í.Ç® [0110] 44 D6 4B E8 4E D4 30 A4 79 92 C7 8A 91 08 4B 91 DÖKèNÔ0¤ y.Ç...K. [0120] CC 4F A4 7B B2 E9 E4 81 98 15 F2 1D 2C D6 A9 44 ÌO¤{²éä. ..ò.,Ö©D [0130] 61 96 2B C1 F1 10 42 69 D9 44 06 00 00 00 00 00 a.+Áñ.Bi ÙD...... [0140] 00 77 00 7A 00 FF FF 00 00 0F D1 75 27 DF 24 D4 .w.z.ÿÿ. ..Ñu'ß$Ô [0150] 58 DD 48 79 45 58 DC F3 75 A9 90 35 0E 4F 95 1C XÝHyEXÜó u©.5.O.. [0160] FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ÿ....... ........ [0170] 00 00 00 00 00 00 00 00 00 ........ . [2010/04/24 15:00:03.623662, 3] smbd/process.c:1294(switch_message) switch message SMBwriteX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:03.623679, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.623693, 5] auth/token_util.c:531(debug_nt_user_token) NT user token of user S-1-5-21-4031555581-2449722753-3032957831-501 contains 5 SIDs SID[ 0]: S-1-5-21-4031555581-2449722753-3032957831-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-99 SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/24 15:00:03.623747, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups [2010/04/24 15:00:03.623772, 5] smbd/uid.c:354(change_to_user) change_to_user uid=(0,99) gid=(0,99) [2010/04/24 15:00:03.623788, 6] smbd/pipes.c:291(reply_pipe_write_and_X) reply_pipe_write_and_X: 482f name: NETLOGON len: 376 [2010/04/24 15:00:03.623814, 6] rpc_server/srv_pipe_hnd.c:1208(np_write_send) np_write_send: len: 376 [2010/04/24 15:00:03.623829, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 376 [2010/04/24 15:00:03.623842, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 376 [2010/04/24 15:00:03.623857, 10] rpc_server/srv_pipe_hnd.c:193(fill_rpc_header) fill_rpc_header: data_to_copy = 376, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/24 15:00:03.623871, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/24 15:00:03.623885, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 360 [2010/04/24 15:00:03.623898, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 360 [2010/04/24 15:00:03.623913, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0178 000a auth_len : 0038 000c call_id : 00000007 [2010/04/24 15:00:03.623982, 5] rpc_server/srv_pipe_hnd.c:289(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/24 15:00:03.623996, 10] rpc_server/srv_pipe_hnd.c:318(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/24 15:00:03.624010, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/24 15:00:03.624023, 10] rpc_server/srv_pipe_hnd.c:772(write_to_internal_pipe) write_to_pipe: data_left = 360 [2010/04/24 15:00:03.624036, 10] rpc_server/srv_pipe_hnd.c:682(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 360, incoming data = 360 [2010/04/24 15:00:03.624051, 10] rpc_server/srv_pipe_hnd.c:537(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/24 15:00:03.624065, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000120 0004 context_id: 0000 0006 opnum : 0002 [2010/04/24 15:00:03.624095, 5] rpc_server/srv_pipe.c:2228(api_pipe_schannel_process) data 288 auth 56 [2010/04/24 15:00:03.624110, 5] rpc_parse/parse_prs.c:89(prs_debug) 000128 smb_io_rpc_hdr_auth hdr_auth 0128 auth_type : 44 0129 auth_level : 06 012a auth_pad_len : 00 012b auth_reserved: 00 012c auth_context_id: 00000000 [2010/04/24 15:00:03.624176, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &r: struct NL_AUTH_SIGNATURE SignatureAlgorithm : NL_SIGN_HMAC_MD5 (0x77) SealAlgorithm : NL_SEAL_RC4 (0x7A) Pad : 0xffff (65535) Flags : 0x0000 (0) SequenceNumber : 0fd17527df24d458 Checksum : dd48794558dcf375 Confounder : a990350e4f951cff [2010/04/24 15:00:03.624276, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/24 15:00:03.624291, 5] rpc_server/srv_pipe.c:2366(api_pipe_request) Requested \PIPE\\netlogon [2010/04/24 15:00:03.624306, 4] rpc_server/srv_pipe.c:2403(api_rpcTNP) api_rpcTNP: \netlogon op 0x2 - api_rpcTNP: rpc command: NETR_LOGONSAMLOGON [2010/04/24 15:00:03.624321, 6] rpc_server/srv_pipe.c:2433(api_rpcTNP) api_rpc_cmds[2].fn == 0x6925cb0 [2010/04/24 15:00:03.624360, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_LogonSamLogon: struct netr_LogonSamLogon in: struct netr_LogonSamLogon server_name : * server_name : '\\FILESERVER' computer_name : * computer_name : 'PC274' credential : * credential: struct netr_Authenticator cred: struct netr_Credential data : 9094040d270f948a timestamp : Sa 24 Apr 2010 15:00:02 MEST MEST return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 3c290d7700003500 timestamp : (time_t)0 logon_level : NetlogonInteractiveInformation (1) logon : * logon : union netr_LogonLevel(case 1) password : * password: struct netr_PasswordInfo identity_info: struct netr_IdentityInfo domain_name: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'GYM-OHA' parameter_control : 0x00000000 (0) 0: MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0: MSV1_0_UPDATE_LOGON_STATISTICS 0: MSV1_0_RETURN_USER_PARAMETERS 0: MSV1_0_DONT_TRY_GUEST_ACCOUNT 0: MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0: MSV1_0_RETURN_PASSWORD_EXPIRY 0: MSV1_0_USE_CLIENT_CHALLENGE 0: MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0: MSV1_0_RETURN_PROFILE_PATH 0: MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0: MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0: MSV1_0_DISABLE_PERSONAL_FALLBACK 0: MSV1_0_ALLOW_FORCE_GUEST 0: MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0: MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0: MSV1_0_ALLOW_MSVCHAPV2 0: MSV1_0_S4U2SELF 0: MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0: MSV1_0_SUBAUTHENTICATION_DLL_EX logon_id_low : 0x000318a9 (202921) logon_id_high : 0x00000000 (0) account_name: struct lsa_String length : 0x002c (44) size : 0x002c (44) string : * string : '09lenasophiewarrelmann' workstation: struct lsa_String length : 0x000a (10) size : 0x000a (10) string : * string : 'PC274' lmpassword: struct samr_Password hash : 736081684aa26b5ca05d465fb6ea64ff ntpassword: struct samr_Password hash : 8a235815d4eb3a3192406e6f7e9d6bfb validation_level : 0x0003 (3) [2010/04/24 15:00:03.634906, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.634934, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.634949, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.634963, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.634977, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.635074, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) creds: struct netlogon_creds_CredentialState negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC session_key : 042a72287d4e6f18c08d439716f1667d sequence : 0x00000000 (0) seed: struct netr_Credential data : 0ef9fee46ff081d2 client: struct netr_Credential data : 0ef9fee46ff081d2 server: struct netr_Credential data : a87174eb463138d0 secure_channel_type : SEC_CHAN_WKSTA (0x2) computer_name : 'PC274' account_name : 'PC274$' sid : * sid : S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:03.635335, 3] ../libcli/auth/schannel_state_tdb.c:132(schannel_fetch_session_key_tdb) schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/PC274 [2010/04/24 15:00:03.635351, 5] ../libcli/auth/credentials.c:107(netlogon_creds_step) seed e4fef90e:d281f06f [2010/04/24 15:00:03.635366, 5] ../libcli/auth/credentials.c:112(netlogon_creds_step) seed+time 30d1e460:d281f06f [2010/04/24 15:00:03.635424, 5] ../libcli/auth/credentials.c:117(netlogon_creds_step) CLIENT 0d049490:8a940f27 [2010/04/24 15:00:03.635438, 5] ../libcli/auth/credentials.c:123(netlogon_creds_step) seed+time+1 30d1e461:d281f06f [2010/04/24 15:00:03.635493, 5] ../libcli/auth/credentials.c:128(netlogon_creds_step) SERVER 429a3917:e5195f46 [2010/04/24 15:00:03.635525, 3] ../libcli/auth/schannel_state_tdb.c:68(schannel_store_session_key_tdb) schannel_store_session_key_tdb: stored schannel info with key SECRETS/SCHANNEL/PC274 [2010/04/24 15:00:03.635540, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) creds: struct netlogon_creds_CredentialState negotiate_flags : 0x612fffff (1630535679) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 1: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 1: NETLOGON_NEG_GENERIC_PASSTHROUGH 1: NETLOGON_NEG_CONCURRENT_RPC 1: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 1: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_STRONG_KEYS 1: NETLOGON_NEG_TRANSITIVE_TRUSTS 1: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 1: NETLOGON_NEG_PASSWORD_SET2 1: NETLOGON_NEG_GETDOMAININFO 1: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 1: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_SUPPORTS_AES_SHA2 1: NETLOGON_NEG_SUPPORTS_AES 1: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_AUTHENTICATED_RPC session_key : 042a72287d4e6f18c08d439716f1667d sequence : 0x4bd2eb52 (1272114002) seed: struct netr_Credential data : 61e4d1306ff081d2 client: struct netr_Credential data : 9094040d270f948a server: struct netr_Credential data : 17399a42465f19e5 secure_channel_type : SEC_CHAN_WKSTA (0x2) computer_name : 'PC274' account_name : 'PC274$' sid : * sid : S-1-5-21-4031555581-2449722753-3032957831-3548 [2010/04/24 15:00:03.672507, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.672547, 3] rpc_server/srv_netlog_nt.c:1123(_netr_LogonSamLogon_base) SAM Logon (Interactive). Domain:[GYM-OHA]. User:[09lenasophiewarrelmann@PC274] Requested Domain:[GYM-OHA] [2010/04/24 15:00:03.672570, 5] rpc_server/srv_netlog_nt.c:1146(_netr_LogonSamLogon_base) Attempting validation level 3 for unmapped username 09lenasophiewarrelmann. [2010/04/24 15:00:03.672586, 5] auth/auth.c:481(make_auth_context_subsystem) Making default auth method list for DC, security=user, encrypt passwords = yes [2010/04/24 15:00:03.672609, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2010/04/24 15:00:03.672625, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method guest has a valid init [2010/04/24 15:00:03.672639, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2010/04/24 15:00:03.672656, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method sam has a valid init [2010/04/24 15:00:03.672670, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2010/04/24 15:00:03.672686, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match trustdomain [2010/04/24 15:00:03.672701, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method trustdomain has a valid init [2010/04/24 15:00:03.672715, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method winbind has a valid init [2010/04/24 15:00:03.672730, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module guest did not want to specify a challenge [2010/04/24 15:00:03.672744, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module sam did not want to specify a challenge [2010/04/24 15:00:03.672759, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module winbind did not want to specify a challenge [2010/04/24 15:00:03.672777, 5] auth/auth.c:132(get_ntlm_challenge) auth_context challenge created by random [2010/04/24 15:00:03.672793, 5] auth/auth.c:133(get_ntlm_challenge) challenge is: [2010/04/24 15:00:03.672807, 5] ../lib/util/util.c:278(_dump_data) [0000] F9 8E 57 A8 71 BA 91 54 ù.W¨qº.T [2010/04/24 15:00:03.673002, 4] smbd/map_username.c:144(map_username) Scanning username map /etc/samba/smbusers [2010/04/24 15:00:03.673031, 10] smbd/password.c:475(user_in_list) user_in_list: checking user 09lenasophiewarrelmann in list [2010/04/24 15:00:03.673046, 10] smbd/password.c:480(user_in_list) user_in_list: checking user |09lenasophiewarrelmann| against |administrator| [2010/04/24 15:00:03.673063, 10] smbd/password.c:475(user_in_list) user_in_list: checking user 09lenasophiewarrelmann in list [2010/04/24 15:00:03.673077, 10] smbd/password.c:480(user_in_list) user_in_list: checking user |09lenasophiewarrelmann| against |guest| [2010/04/24 15:00:03.673091, 10] smbd/password.c:480(user_in_list) user_in_list: checking user |09lenasophiewarrelmann| against |pcguest| [2010/04/24 15:00:03.673105, 10] smbd/password.c:480(user_in_list) user_in_list: checking user |09lenasophiewarrelmann| against |smbguest| [2010/04/24 15:00:03.675332, 5] auth/auth_util.c:211(make_user_info_map) Mapping user [GYM-OHA]\[09lenasophiewarrelmann] from workstation [PC274] [2010/04/24 15:00:03.675348, 5] auth/auth_util.c:122(make_user_info) attempting to make a user_info for 09lenasophiewarrelmann (09lenasophiewarrelmann) [2010/04/24 15:00:03.675363, 5] auth/auth_util.c:132(make_user_info) making strings for 09lenasophiewarrelmann's user_info struct [2010/04/24 15:00:03.675377, 5] auth/auth_util.c:164(make_user_info) making blobs for 09lenasophiewarrelmann's user_info struct [2010/04/24 15:00:03.675392, 10] auth/auth_util.c:182(make_user_info) made an encrypted user_info for 09lenasophiewarrelmann (09lenasophiewarrelmann) [2010/04/24 15:00:03.675407, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [GYM-OHA]\[09lenasophiewarrelmann]@[PC274] with the new password interface [2010/04/24 15:00:03.675425, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [GYM-OHA]\[09lenasophiewarrelmann]@[PC274] [2010/04/24 15:00:03.675439, 10] auth/auth.c:228(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2010/04/24 15:00:03.675452, 10] auth/auth.c:230(check_ntlm_password) challenge is: [2010/04/24 15:00:03.675466, 5] ../lib/util/util.c:278(_dump_data) [0000] F9 8E 57 A8 71 BA 91 54 ù.W¨qº.T [2010/04/24 15:00:03.675494, 10] auth/auth.c:256(check_ntlm_password) check_ntlm_password: guest had nothing to say [2010/04/24 15:00:03.675511, 8] lib/util.c:1869(is_myname) is_myname("GYM-OHA") returns 0 [2010/04/24 15:00:03.675528, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.675544, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.675559, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.675573, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.675587, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.675630, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(uid=09lenasophiewarrelmann)(objectclass=sambaSamAccount))], scope => [2] [2010/04/24 15:00:03.676564, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: 09lenasophiewarrelmann [2010/04/24 15:00:03.676583, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username 09lenasophiewarrelmann, was [2010/04/24 15:00:03.676599, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:03.676614, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username 09lenasophiewarrelmann, was [2010/04/24 15:00:03.676637, 10] passdb/pdb_get_set.c:550(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-4031555581-2449722753-3032957831-8486 [2010/04/24 15:00:03.676655, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-8486 [2010/04/24 15:00:03.676717, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute displayName does not exist [2010/04/24 15:00:03.676735, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Lena Sophie Warrelmann, was [2010/04/24 15:00:03.676758, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2010/04/24 15:00:03.676773, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:03.676808, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2010/04/24 15:00:03.676824, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:03.676846, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\09lenasophiewarrelmann, was [2010/04/24 15:00:03.676869, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2010/04/24 15:00:03.676888, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\09lenasophiewarrelmann.bat, was [2010/04/24 15:00:03.676912, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2010/04/24 15:00:03.676926, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:03.676945, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\09lenasophiewarrelmann\NTProfile, was [2010/04/24 15:00:03.676967, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute description does not exist [2010/04/24 15:00:03.676989, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2010/04/24 15:00:03.677012, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2010/04/24 15:00:03.677050, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.677064, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:03.677079, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.677093, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.677106, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.677139, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.677172, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.677215, 10] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2010/04/24 15:00:03.677248, 7] passdb/login_cache.c:87(login_cache_read) Looking up login cache for user 09lenasophiewarrelmann [2010/04/24 15:00:03.677267, 7] passdb/login_cache.c:103(login_cache_read) No cache entry found [2010/04/24 15:00:03.677281, 9] passdb/pdb_ldap.c:1126(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2010/04/24 15:00:03.677302, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user 09lenasophiewarrelmann [2010/04/24 15:00:03.677317, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is 09lenasophiewarrelmann [2010/04/24 15:00:03.677338, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [09lenasophiewarrelmann]! [2010/04/24 15:00:03.677356, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.677370, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:03.677384, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.677398, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.677412, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.677437, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.677468, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.677500, 10] passdb/pdb_get_set.c:608(pdb_set_username) pdb_set_username: setting username 09lenasophiewarrelmann, was [2010/04/24 15:00:03.677514, 10] passdb/pdb_get_set.c:631(pdb_set_domain) pdb_set_domain: setting domain GYM-OHA, was [2010/04/24 15:00:03.677528, 10] passdb/pdb_get_set.c:654(pdb_set_nt_username) pdb_set_nt_username: setting nt username 09lenasophiewarrelmann, was [2010/04/24 15:00:03.677542, 10] passdb/pdb_get_set.c:677(pdb_set_fullname) pdb_set_full_name: setting full name Lena Sophie Warrelmann, was [2010/04/24 15:00:03.677557, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:03.677575, 10] passdb/pdb_get_set.c:770(pdb_set_homedir) pdb_set_homedir: setting home dir \\fileserver\09lenasophiewarrelmann, was [2010/04/24 15:00:03.677590, 10] passdb/pdb_get_set.c:746(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive U:, was NULL [2010/04/24 15:00:03.677608, 10] passdb/pdb_get_set.c:700(pdb_set_logon_script) pdb_set_logon_script: setting logon script skripts\09lenasophiewarrelmann.bat, was [2010/04/24 15:00:03.677623, 4] lib/substitute.c:504(automount_server) Home server: fileserver [2010/04/24 15:00:03.677641, 10] passdb/pdb_get_set.c:723(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\fileserver\09lenasophiewarrelmann\NTProfile, was [2010/04/24 15:00:03.677657, 10] passdb/pdb_get_set.c:813(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/24 15:00:03.677672, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.677688, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:03.677702, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.677715, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.677729, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.677754, 10] lib/gencache.c:345(gencache_get_data_blob) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Sat Apr 24 15:01:02 2010 [2010/04/24 15:00:03.677784, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.677800, 10] passdb/pdb_get_set.c:537(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-8486 [2010/04/24 15:00:03.677816, 10] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4031555581-2449722753-3032957831-8486 from rid 8486 [2010/04/24 15:00:03.677840, 10] passdb/pdb_get_set.c:595(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-4031555581-2449722753-3032957831-513 [2010/04/24 15:00:03.677860, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.677876, 9] passdb/passdb.c:2182(pdb_update_autolock_flag) pdb_update_autolock_flag: Account 09lenasophiewarrelmann not autolocked, no check needed [2010/04/24 15:00:03.677895, 4] auth/auth_sam.c:177(sam_account_ok) sam_account_ok: Checking SMB password for user 09lenasophiewarrelmann [2010/04/24 15:00:03.677914, 5] auth/auth_sam.c:159(logon_hours_ok) logon_hours_ok: user 09lenasophiewarrelmann allowed to logon at this time (Sat Apr 24 13:00:03 2010 ) [2010/04/24 15:00:03.677936, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.677951, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.677964, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.677979, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.677992, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.678054, 10] lib/system_smbd.c:122(sys_getgrouplist) sys_getgrouplist: user [09lenasophiewarrelmann] [2010/04/24 15:00:03.682177, 10] lib/gencache.c:334(gencache_get_data_blob) Cache entry with key = IDMAP/GID2SID/1023 couldn't be found [2010/04/24 15:00:03.682204, 5] passdb/lookup_sid.c:1387(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 1023 [2010/04/24 15:00:03.682219, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.682233, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/24 15:00:03.682247, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/24 15:00:03.682260, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.682274, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.682303, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [dc=gym-oha,dc=de], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1023))], scope => [2] [2010/04/24 15:00:03.682951, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1023 [2010/04/24 15:00:03.682995, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.683010, 10] passdb/lookup_sid.c:1182(legacy_gid_to_sid) LEGACY: gid 1023 -> sid S-1-5-21-4031555581-2449722753-3032957831-3047 [2010/04/24 15:00:03.683029, 5] auth/auth_util.c:649(make_server_info_sam) make_server_info_sam: made server info for user 09lenasophiewarrelmann -> 09lenasophiewarrelmann [2010/04/24 15:00:03.683047, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.683062, 3] auth/auth.c:265(check_ntlm_password) check_ntlm_password: sam authentication for user [09lenasophiewarrelmann] succeeded [2010/04/24 15:00:03.683077, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.683092, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.683105, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.683119, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.683132, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.683157, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.683172, 5] auth/auth.c:291(check_ntlm_password) check_ntlm_password: PAM Account for user [09lenasophiewarrelmann] succeeded [2010/04/24 15:00:03.683186, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [09lenasophiewarrelmann] -> [09lenasophiewarrelmann] -> [09lenasophiewarrelmann] succeeded [2010/04/24 15:00:03.683205, 5] auth/auth_util.c:2119(free_user_info) attempting to free (and zero) a user_info structure [2010/04/24 15:00:03.683220, 10] auth/auth_util.c:2123(free_user_info) structure was created for 09lenasophiewarrelmann [2010/04/24 15:00:03.683235, 5] rpc_server/srv_netlog_nt.c:1225(_netr_LogonSamLogon_base) _netr_LogonSamLogon: check_password returned status NT_STATUS_OK [2010/04/24 15:00:03.683261, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.683276, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/24 15:00:03.683289, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/24 15:00:03.683303, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:03.683316, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:03.683357, 10] lib/gencache.c:345(gencache_get_data_blob) Returning expired cache entry: key = ACCT_POL/minimum password age, value = 0 , timeout = Sat Apr 24 09:55:28 2010 [2010/04/24 15:00:03.683388, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/minimum password age and timeout = Thu Jan 1 01:00:00 1970 (-1272114003 seconds in the past) [2010/04/24 15:00:03.683429, 10] passdb/pdb_ldap.c:3983(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2010/04/24 15:00:03.683447, 5] lib/smbldap.c:1360(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=GYM-OHA,dc=gym-oha,dc=de], filter => [(objectClass=sambaDomain)], scope => [0] [2010/04/24 15:00:03.683912, 10] lib/account_pol.c:396(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2010/04/24 15:00:03.683932, 10] lib/gencache.c:180(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/minimum password age and timeout = Sat Apr 24 15:01:03 2010 (60 seconds ahead) [2010/04/24 15:00:03.683971, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:03.683993, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_LogonSamLogon: struct netr_LogonSamLogon out: struct netr_LogonSamLogon return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : 17399a42465f19e5 timestamp : Sa 24 Apr 2010 15:00:02 MEST MEST validation : * validation : union netr_Validation(case 3) sam3 : * sam3: struct netr_SamInfo3 base: struct netr_SamBaseInfo last_logon : NTTIME(0) last_logoff : Di 19 Jan 2038 04:14:07 MET MET acct_expiry : Di 19 Jan 2038 04:14:07 MET MET last_password_change : Sa 24 Apr 2010 14:57:33 MEST MEST allow_password_change : Sa 24 Apr 2010 14:57:33 MEST MEST force_password_change : Di 19 Jan 2038 04:14:07 MET MET account_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '09lenasophiewarrelmann' full_name: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : 'Lena Sophie Warrelmann' logon_script: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : 'skripts\09lenasophiewarrelmann.bat' profile_path: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '\\fileserver\09lenasophiewarrelmann\NTProfile' home_directory: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : '\\fileserver\09lenasophiewarrelmann' home_drive: struct lsa_String length : 0x0000 (0) size : 0x0000 (0) string : * string : 'U:' logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) rid : 0x00002126 (8486) primary_gid : 0x00000201 (513) groups: struct samr_RidWithAttributeArray count : 0x00000002 (2) rids : * rids: ARRAY(2) rids: struct samr_RidWithAttribute rid : 0x00000201 (513) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) rids: struct samr_RidWithAttribute rid : 0x00000be7 (3047) attributes : 0x00000007 (7) 1: SE_GROUP_MANDATORY 1: SE_GROUP_ENABLED_BY_DEFAULT 1: SE_GROUP_ENABLED 0: SE_GROUP_OWNER 0: SE_GROUP_USE_FOR_DENY_ONLY 0: SE_GROUP_RESOURCE 0x00: SE_GROUP_LOGON_ID (0) user_flags : 0x00000020 (32) 0: NETLOGON_GUEST 0: NETLOGON_NOENCRYPTION 0: NETLOGON_CACHED_ACCOUNT 0: NETLOGON_USED_LM_PASSWORD 1: NETLOGON_EXTRA_SIDS 0: NETLOGON_SUBAUTH_SESSION_KEY 0: NETLOGON_SERVER_TRUST_ACCOUNT 0: NETLOGON_NTLMV2_ENABLED 0: NETLOGON_RESOURCE_GROUPS 0: NETLOGON_PROFILE_PATH_RETURNED 0: NETLOGON_GRACE_LOGON key: struct netr_UserSessionKey key : 8115b1ca9d82d2f4a25a99bbeb69050a logon_server: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : * string : 'FILESERVER' domain: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : * string : 'GYM-OHA' domain_sid : * domain_sid : S-1-5-21-4031555581-2449722753-3032957831 LMSessKey: struct netr_LMSessionKey key : 0000000000000000 acct_flags : 0x00000210 (528) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 1: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 0: ACB_WSTRUST 0: ACB_SVRTRUST 1: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_NO_AUTH_DATA_REQD unknown: ARRAY(7) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) unknown : 0x00000000 (0) sidcount : 0x00000000 (0) sids : NULL authoritative : * authoritative : 0x01 (1) result : NT_STATUS_OK [2010/04/24 15:00:03.685212, 5] rpc_server/srv_pipe.c:2468(api_rpcTNP) api_rpcTNP: called \netlogon successfully [2010/04/24 15:00:03.685265, 3] rpc_server/srv_pipe_hnd.c:344(free_pipe_context) free_pipe_context: destroying talloc pool of size 1687 [2010/04/24 15:00:03.685284, 10] rpc_server/srv_pipe_hnd.c:776(write_to_internal_pipe) write_to_pipe: data_used = 360 [2010/04/24 15:00:03.685320, 3] smbd/pipes.c:352(pipe_write_andx_done) writeX-IPC nwritten=376 [2010/04/24 15:00:03.685575, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 59 [2010/04/24 15:00:03.685607, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x3b [2010/04/24 15:00:03.685623, 3] smbd/process.c:1485(process_smb) Transaction 36 of length 63 (0 toread) [2010/04/24 15:00:03.685638, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:03.685648, 5] lib/util.c:627(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2304 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=18479 (0x482F) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/24 15:00:03.685782, 3] smbd/process.c:1294(switch_message) switch message SMBreadX (pid 4988) conn 0x7209b10 [2010/04/24 15:00:03.685798, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:03.685816, 6] rpc_server/srv_pipe_hnd.c:813(read_from_internal_pipe) name: \netlogon len: 1024 [2010/04/24 15:00:03.685832, 10] rpc_server/srv_pipe_hnd.c:875(read_from_internal_pipe) read_from_pipe: \netlogon: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 740. [2010/04/24 15:00:03.685849, 10] rpc_server/srv_pipe.c:355(create_next_pdu_schannel) create_next_pdu_schannel: adding sign/seal padding of 4 [2010/04/24 15:00:03.685864, 5] rpc_parse/parse_prs.c:89(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0328 000a auth_len : 0020 000c call_id : 00000007 [2010/04/24 15:00:03.685939, 5] rpc_parse/parse_prs.c:89(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 000002e4 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/24 15:00:03.685977, 5] rpc_parse/parse_prs.c:89(prs_debug) 000300 smb_io_rpc_hdr_auth hdr_auth 0300 auth_type : 44 0301 auth_level : 06 0302 auth_pad_len : 04 0303 auth_reserved: 00 0304 auth_context_id: 00000001 [2010/04/24 15:00:03.686067, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &r: struct NL_AUTH_SIGNATURE SignatureAlgorithm : NL_SIGN_HMAC_MD5 (0x77) SealAlgorithm : NL_SEAL_RC4 (0x7A) Pad : 0xffff (65535) Flags : 0x0000 (0) SequenceNumber : 5d63182957abaccb Checksum : a65c63367b64c8f7 Confounder : a97081a3eceb274a [2010/04/24 15:00:03.686139, 3] smbd/pipes.c:462(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=808 [2010/04/24 15:00:13.566896, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 41 [2010/04/24 15:00:13.566930, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x29 [2010/04/24 15:00:13.566946, 3] smbd/process.c:1485(process_smb) Transaction 37 of length 45 (0 toread) [2010/04/24 15:00:13.566960, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:13.566970, 5] lib/util.c:627(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2368 smt_wct=3 smb_vwv[ 0]=18478 (0x482E) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2010/04/24 15:00:13.567041, 3] smbd/process.c:1294(switch_message) switch message SMBclose (pid 4988) conn 0x7209b10 [2010/04/24 15:00:13.567057, 4] smbd/uid.c:257(change_to_user) change_to_user: Skipping user change - already user [2010/04/24 15:00:13.567073, 3] smbd/reply.c:4634(reply_close) close fd=-1 fnum=18478 (numopen=2) [2010/04/24 15:00:13.567088, 6] smbd/close.c:501(set_close_write_time) close_write_time: Thu Jan 1 00:59:59 1970 [2010/04/24 15:00:13.567120, 5] smbd/files.c:497(file_free) freed files structure 18478 (1 used) [2010/04/24 15:00:13.567136, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:13.567149, 5] lib/util.c:627(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2368 smt_wct=0 smb_bcc=0 [2010/04/24 15:00:15.095700, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 35 [2010/04/24 15:00:15.095723, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x23 [2010/04/24 15:00:15.095737, 3] smbd/process.c:1485(process_smb) Transaction 38 of length 39 (0 toread) [2010/04/24 15:00:15.095768, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:15.095777, 5] lib/util.c:627(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2432 smt_wct=0 smb_bcc=0 [2010/04/24 15:00:15.095834, 3] smbd/process.c:1294(switch_message) switch message SMBtdis (pid 4988) conn 0x720a2e8 [2010/04/24 15:00:15.095855, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:15.095869, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:15.095883, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:15.095915, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:15.095934, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:15.095948, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:15.095960, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:15.095981, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:15.095995, 3] smbd/service.c:1250(close_cnum) pc274 (192.168.206.1) closed connection to service IPC$ [2010/04/24 15:00:15.096015, 3] smbd/connection.c:31(yield_connection) Yielding connection to IPC$ [2010/04/24 15:00:15.096093, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 7C130000020000004950 [2010/04/24 15:00:15.096122, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x72230b8 [2010/04/24 15:00:15.096155, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 7C130000020000004950 [2010/04/24 15:00:15.096234, 4] smbd/vfs.c:721(vfs_ChDir) vfs_ChDir to / [2010/04/24 15:00:15.096251, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:15.096264, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:15.096277, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:15.096298, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:15.096320, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:15.096329, 5] lib/util.c:627(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=2 smb_pid=65279 smb_uid=101 smb_mid=2432 smt_wct=0 smb_bcc=0 [2010/04/24 15:00:15.096548, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 39 [2010/04/24 15:00:15.096565, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x27 [2010/04/24 15:00:15.096579, 3] smbd/process.c:1485(process_smb) Transaction 39 of length 43 (0 toread) [2010/04/24 15:00:15.096593, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:15.096602, 5] lib/util.c:627(show_msg) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=101 smb_mid=2496 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2010/04/24 15:00:15.096664, 3] smbd/process.c:1294(switch_message) switch message SMBulogoffX (pid 4988) conn 0x0 [2010/04/24 15:00:15.096678, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:15.096691, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:15.096705, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:15.096725, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:15.096756, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 49442F343938382F3130 [2010/04/24 15:00:15.096776, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x722b4e0 [2010/04/24 15:00:15.108099, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 49442F343938382F3130 [2010/04/24 15:00:15.108137, 3] smbd/reply.c:2055(reply_ulogoffX) ulogoffX vuid=101 [2010/04/24 15:00:18.558595, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 41 [2010/04/24 15:00:18.558643, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x29 [2010/04/24 15:00:18.558660, 3] smbd/process.c:1485(process_smb) Transaction 40 of length 45 (0 toread) [2010/04/24 15:00:18.558675, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:18.558685, 5] lib/util.c:627(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2560 smt_wct=3 smb_vwv[ 0]=18479 (0x482F) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2010/04/24 15:00:18.558763, 3] smbd/process.c:1294(switch_message) switch message SMBclose (pid 4988) conn 0x7209b10 [2010/04/24 15:00:18.558784, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:18.558799, 5] auth/token_util.c:531(debug_nt_user_token) NT user token of user S-1-5-21-4031555581-2449722753-3032957831-501 contains 5 SIDs SID[ 0]: S-1-5-21-4031555581-2449722753-3032957831-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 SID[ 4]: S-1-22-1-99 SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/24 15:00:18.558856, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 99 Primary group is 99 and contains 0 supplementary groups [2010/04/24 15:00:18.558886, 5] smbd/uid.c:354(change_to_user) change_to_user uid=(0,99) gid=(0,99) [2010/04/24 15:00:18.558902, 4] smbd/vfs.c:721(vfs_ChDir) vfs_ChDir to /var/tmp [2010/04/24 15:00:18.558923, 3] smbd/reply.c:4634(reply_close) close fd=-1 fnum=18479 (numopen=1) [2010/04/24 15:00:18.558937, 6] smbd/close.c:501(set_close_write_time) close_write_time: Thu Jan 1 00:59:59 1970 [2010/04/24 15:00:18.558961, 10] rpc_server/srv_lsa_hnd.c:290(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \netlogon [2010/04/24 15:00:18.558987, 5] smbd/files.c:497(file_free) freed files structure 18479 (0 used) [2010/04/24 15:00:18.559004, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:18.559013, 5] lib/util.c:627(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2560 smt_wct=0 smb_bcc=0 [2010/04/24 15:00:33.096948, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 35 [2010/04/24 15:00:33.096985, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x23 [2010/04/24 15:00:33.097001, 3] smbd/process.c:1485(process_smb) Transaction 41 of length 39 (0 toread) [2010/04/24 15:00:33.097017, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:33.097026, 5] lib/util.c:627(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2624 smt_wct=0 smb_bcc=0 [2010/04/24 15:00:33.097088, 3] smbd/process.c:1294(switch_message) switch message SMBtdis (pid 4988) conn 0x7209b10 [2010/04/24 15:00:33.097105, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:33.097120, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:33.097135, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:33.097168, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:33.097186, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:33.097215, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:33.097229, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:33.097250, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:33.097265, 3] smbd/service.c:1250(close_cnum) pc274 (192.168.206.1) closed connection to service IPC$ [2010/04/24 15:00:33.097286, 3] smbd/connection.c:31(yield_connection) Yielding connection to IPC$ [2010/04/24 15:00:33.097364, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 7C130000010000004950 [2010/04/24 15:00:33.097393, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7180b00 [2010/04/24 15:00:33.097416, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 7C130000010000004950 [2010/04/24 15:00:33.097496, 4] smbd/vfs.c:721(vfs_ChDir) vfs_ChDir to / [2010/04/24 15:00:33.097513, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:33.097527, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:33.097541, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:33.097562, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:33.097586, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:33.097596, 5] lib/util.c:627(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2624 smt_wct=0 smb_bcc=0 [2010/04/24 15:00:33.097784, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 39 [2010/04/24 15:00:33.097801, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x27 [2010/04/24 15:00:33.097816, 3] smbd/process.c:1485(process_smb) Transaction 42 of length 43 (0 toread) [2010/04/24 15:00:33.097830, 5] lib/util.c:617(show_msg) [2010/04/24 15:00:33.097839, 5] lib/util.c:627(show_msg) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=2688 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2010/04/24 15:00:33.097907, 3] smbd/process.c:1294(switch_message) switch message SMBulogoffX (pid 4988) conn 0x0 [2010/04/24 15:00:33.097921, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:33.097935, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:33.097948, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:33.097969, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:33.097993, 3] smbd/reply.c:2055(reply_ulogoffX) ulogoffX vuid=100 [2010/04/24 15:00:33.098333, 0] lib/util_sock.c:474(read_fd_with_timeout) [2010/04/24 15:00:33.098391, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Der Socket ist nicht verbunden read_fd_with_timeout: client 0.0.0.0 read error = Die Verbindung wurde vom Kommunikationspartner zurückgesetzt. [2010/04/24 15:00:33.098443, 10] smbd/process.c:286(receive_smb_raw_talloc) receive_smb_raw: NT_STATUS_CONNECTION_RESET [2010/04/24 15:00:33.098463, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:33.098477, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:33.098491, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:33.098514, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:33.098545, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/04/24 15:00:33.098620, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 7C130000FFFFFFFF0000 [2010/04/24 15:00:33.098640, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7180b00 [2010/04/24 15:00:33.098660, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 7C130000FFFFFFFF0000 [2010/04/24 15:00:33.098782, 3] smbd/server.c:902(exit_server_common) Server exit (failed to receive smb request) [2010/04/24 15:00:59.639176, 10] lib/events.c:123(run_events) Running timed event "smbd_idle_event_handler" 0x72043e0 [2010/04/24 15:00:59.639229, 10] smbd/process.c:683(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) called [2010/04/24 15:00:59.639247, 2] smbd/process.c:2216(deadtime_fn) Closing idle connection [2010/04/24 15:00:59.639297, 10] lib/messages_local.c:234(messaging_tdb_store) messaging_tdb_store: [2010/04/24 15:00:59.639313, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_SHUTDOWN (13) dest: struct server_id id : 0x0000135f (4959) src: struct server_id id : 0x0000135f (4959) buf : DATA_BLOB length=0 [2010/04/24 15:00:59.639469, 10] smbd/process.c:687(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) stopped [2010/04/24 15:00:59.639494, 10] lib/messages_local.c:73(messaging_tdb_signal_handler) messaging_tdb_signal_handler: sig[10] count[1] msgs[1] [2010/04/24 15:00:59.639509, 10] lib/messages_local.c:444(message_dispatch) message_dispatch: received_messages = 1 [2010/04/24 15:00:59.639539, 10] lib/messages_local.c:193(messaging_tdb_fetch) messaging_tdb_fetch: [2010/04/24 15:00:59.639553, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) result: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_SHUTDOWN (13) dest: struct server_id id : 0x0000135f (4959) src: struct server_id id : 0x0000135f (4959) buf : DATA_BLOB length=0 [2010/04/24 15:00:59.639638, 3] smbd/server.c:146(msg_exit_server) got a SHUTDOWN message [2010/04/24 15:00:59.639656, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:00:59.639675, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:00:59.639690, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:00:59.639724, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:00:59.639747, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2010/04/24 15:00:59.639829, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 5F130000FFFFFFFF0000 [2010/04/24 15:00:59.639851, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x70cf120 [2010/04/24 15:00:59.639868, 3] smbd/connection.c:42(yield_connection) deleting connection record returned NT_STATUS_NOT_FOUND [2010/04/24 15:00:59.639888, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 5F130000FFFFFFFF0000 [2010/04/24 15:00:59.640020, 3] smbd/server.c:902(exit_server_common) Server exit (normal exit) [2010/04/24 15:00:59.643485, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 15:00:59.643699, 5] lib/util_sock.c:304(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 16384 SO_RCVBUF = 16384 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 [2010/04/24 15:00:59.643894, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 15:00:59.644003, 3] smbd/oplock.c:894(init_oplocks) init_oplocks: initializing messages. [2010/04/24 15:00:59.644693, 3] smbd/oplock_linux.c:224(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2010/04/24 15:00:59.644758, 5] lib/messages.c:329(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2010/04/24 15:00:59.644799, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(keepalive) 0x70d1648 [2010/04/24 15:00:59.644834, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(deadtime) 0x72043e0 [2010/04/24 15:00:59.644853, 10] smbd/process.c:740(event_add_idle) event_add_idle: idle_evt(housekeeping) 0x70ee728 [2010/04/24 15:01:57.501946, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 56 [2010/04/24 15:01:57.501993, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0x38 [2010/04/24 15:01:57.502009, 3] smbd/process.c:1485(process_smb) Transaction 0 of length 60 (0 toread) [2010/04/24 15:01:57.502024, 5] lib/util.c:617(show_msg) [2010/04/24 15:01:57.502034, 5] lib/util.c:627(show_msg) size=56 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=49153 smb_tid=0 smb_pid=5078 smb_uid=0 smb_mid=21008 smt_wct=0 smb_bcc=21 [2010/04/24 15:01:57.502098, 10] ../lib/util/util.c:278(_dump_data) [0000] 02 4E 54 20 4C 4D 20 30 2E 31 32 00 02 50 4F 53 .NT LM 0 .12..POS [0010] 49 58 20 32 00 IX 2. [2010/04/24 15:01:57.502150, 3] smbd/process.c:1294(switch_message) switch message SMBnegprot (pid 4993) conn 0x0 [2010/04/24 15:01:57.502169, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/24 15:01:57.502186, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/04/24 15:01:57.502203, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/24 15:01:57.502243, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/24 15:01:57.502302, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [NT LM 0.12] [2010/04/24 15:01:57.502320, 3] smbd/negprot.c:586(reply_negprot) Requested protocol [POSIX 2] [2010/04/24 15:01:57.502339, 10] lib/util.c:1969(set_remote_arch) set_remote_arch: Client arch is 'CIFSFS' [2010/04/24 15:01:57.502370, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 15:01:57.502406, 5] smbd/connection.c:142(claim_connection) claiming [] [2010/04/24 15:01:57.502492, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 81130000FFFFFFFF0000 [2010/04/24 15:01:57.502519, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7143b58 [2010/04/24 15:01:57.502571, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 81130000FFFFFFFF0000 [2010/04/24 15:01:57.502678, 6] param/loadparm.c:7215(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Sat Apr 24 14:49:06 2010 [2010/04/24 15:01:57.502718, 10] smbd/negprot.c:41(get_challenge) get challenge: creating negprot_global_auth_context [2010/04/24 15:01:57.502735, 5] auth/auth.c:481(make_auth_context_subsystem) Making default auth method list for DC, security=user, encrypt passwords = yes [2010/04/24 15:01:57.502758, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend sam [2010/04/24 15:01:57.502774, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'sam' [2010/04/24 15:01:57.502788, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend sam_ignoredomain [2010/04/24 15:01:57.502802, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'sam_ignoredomain' [2010/04/24 15:01:57.502817, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend unix [2010/04/24 15:01:57.502831, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'unix' [2010/04/24 15:01:57.502846, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend winbind [2010/04/24 15:01:57.502861, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'winbind' [2010/04/24 15:01:57.502875, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend wbc [2010/04/24 15:01:57.502888, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'wbc' [2010/04/24 15:01:57.502902, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend smbserver [2010/04/24 15:01:57.502916, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'smbserver' [2010/04/24 15:01:57.502931, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend trustdomain [2010/04/24 15:01:57.502945, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'trustdomain' [2010/04/24 15:01:57.502958, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend ntdomain [2010/04/24 15:01:57.502972, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'ntdomain' [2010/04/24 15:01:57.502987, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend guest [2010/04/24 15:01:57.503002, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'guest' [2010/04/24 15:01:57.503015, 5] auth/auth.c:46(smb_register_auth) Attempting to register auth backend netlogond [2010/04/24 15:01:57.503030, 5] auth/auth.c:58(smb_register_auth) Successfully added auth method 'netlogond' [2010/04/24 15:01:57.503044, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match guest [2010/04/24 15:01:57.503061, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method guest has a valid init [2010/04/24 15:01:57.503075, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match sam [2010/04/24 15:01:57.503096, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method sam has a valid init [2010/04/24 15:01:57.503110, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match winbind:trustdomain [2010/04/24 15:01:57.503125, 5] auth/auth.c:383(load_auth_module) load_auth_module: Attempting to find an auth method to match trustdomain [2010/04/24 15:01:57.503153, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method trustdomain has a valid init [2010/04/24 15:01:57.503167, 5] auth/auth.c:408(load_auth_module) load_auth_module: auth method winbind has a valid init [2010/04/24 15:01:57.503181, 10] smbd/negprot.c:49(get_challenge) get challenge: getting challenge [2010/04/24 15:01:57.503195, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module guest did not want to specify a challenge [2010/04/24 15:01:57.503219, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module sam did not want to specify a challenge [2010/04/24 15:01:57.503234, 5] auth/auth.c:97(get_ntlm_challenge) auth_get_challenge: module winbind did not want to specify a challenge [2010/04/24 15:01:57.503274, 5] auth/auth.c:132(get_ntlm_challenge) auth_context challenge created by random [2010/04/24 15:01:57.503289, 5] auth/auth.c:133(get_ntlm_challenge) challenge is: [2010/04/24 15:01:57.503304, 5] ../lib/util/util.c:278(_dump_data) [0000] 57 BD F6 3D 41 CB B8 AF W½ö=A˸¯ [2010/04/24 15:01:57.503333, 3] smbd/negprot.c:385(reply_nt1) not using SPNEGO [2010/04/24 15:01:57.503354, 3] smbd/negprot.c:691(reply_negprot) Selected protocol NT LM 0.12 [2010/04/24 15:01:57.503376, 5] smbd/negprot.c:698(reply_negprot) negprot index=0 [2010/04/24 15:01:57.503390, 5] lib/util.c:617(show_msg) [2010/04/24 15:01:57.503400, 5] lib/util.c:627(show_msg) size=93 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=128 smb_flg2=49155 smb_tid=0 smb_pid=5078 smb_uid=0 smb_mid=21008 smt_wct=17 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=33024 (0x8100) smb_vwv[ 8]= 19 (0x13) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=32768 (0x8000) smb_vwv[12]=53712 (0xD1D0) smb_vwv[13]=44625 (0xAE51) smb_vwv[14]=51939 (0xCAE3) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 2303 (0x8FF) smb_bcc=8 [2010/04/24 15:01:57.503530, 10] ../lib/util/util.c:278(_dump_data) [0000] 57 BD F6 3D 41 CB B8 AF W½ö=A˸¯ [2010/04/24 15:01:57.503813, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 234 [2010/04/24 15:01:57.503832, 6] smbd/process.c:1482(process_smb) got message type 0x0 of len 0xea [2010/04/24 15:01:57.503846, 3] smbd/process.c:1485(process_smb) Transaction 1 of length 238 (0 toread) [2010/04/24 15:01:57.503860, 5] lib/util.c:617(show_msg) [2010/04/24 15:01:57.503869, 5] lib/util.c:627(show_msg) size=234 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=53249 smb_tid=0 smb_pid=5078 smb_uid=0 smb_mid=21009 smt_wct=13 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=16472 (0x4058) smb_vwv[ 3]= 50 (0x32) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 24 (0x18) smb_vwv[ 8]= 24 (0x18) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]=53468 (0xD0DC) smb_vwv[12]= 128 (0x80) smb_bcc=173