[2010/04/27 16:57:51, 6, pid=12782] param/loadparm.c:7017(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Apr 27 16:56:37 2010 [2010/04/27 16:57:51, 5, pid=12782] auth/auth_util.c:208(make_user_info_map) Mapping user [UCCDOMAIN]\[zanchey] from workstation [MAAXEN] [2010/04/27 16:57:51, 5, pid=12782] auth/auth_util.c:120(make_user_info) attempting to make a user_info for zanchey (zanchey) [2010/04/27 16:57:51, 5, pid=12782] auth/auth_util.c:130(make_user_info) making strings for zanchey's user_info struct [2010/04/27 16:57:51, 5, pid=12782] auth/auth_util.c:162(make_user_info) making blobs for zanchey's user_info struct [2010/04/27 16:57:51, 10, pid=12782] auth/auth_util.c:180(make_user_info) made an encrypted user_info for zanchey (zanchey) [2010/04/27 16:57:51, 3, pid=12782] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [UCCDOMAIN]\[zanchey]@[MAAXEN] with the new password interface [2010/04/27 16:57:51, 3, pid=12782] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [UCCDOMAIN]\[zanchey]@[MAAXEN] [2010/04/27 16:57:51, 10, pid=12782] auth/auth.c:234(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2010/04/27 16:57:51, 10, pid=12782] auth/auth.c:236(check_ntlm_password) challenge is: [2010/04/27 16:57:51, 5, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 4B AE 83 7D 08 F4 65 5C K..}..e\ [2010/04/27 16:57:51, 10, pid=12782] auth/auth.c:262(check_ntlm_password) check_ntlm_password: guest had nothing to say [2010/04/27 16:57:51, 8, pid=12782] lib/util.c:1879(is_myname) is_myname("UCCDOMAIN") returns 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(uid=zanchey)(objectclass=sambaSamAccount))], scope => [2] [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1197(smbldap_close) The connection to the LDAP server was closed [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:710(smb_ldap_setup_conn) smb_ldap_setup_connection: ldaps://mussel.ucc.gu.uwa.edu.au ldaps://martello.ucc.gu.uwa.edu.au/ [2010/04/27 16:57:51, 2, pid=12782] lib/smbldap.c:890(smbldap_open_connection) smbldap_open_connection: connection opened [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:1055(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldaps://mussel.ucc.gu.uwa.edu.au ldaps://martello.ucc.gu.uwa.edu.au/ as "cn=admin,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au" [2010/04/27 16:57:51, 3, pid=12782] lib/smbldap.c:1101(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2010/04/27 16:57:51, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Added timed event "smbldap_idle_fn": 0x97efdf0 [2010/04/27 16:57:51, 4, pid=12782] lib/smbldap.c:1177(smbldap_open) The LDAP server is successfully connected [2010/04/27 16:57:51, 2, pid=12782] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: zanchey [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username zanchey, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username zanchey, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:549(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name David Adam, was [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\zanchey, was [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning expired cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:57:46 2010 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_ldap.c:3963(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=UCCDOMAIN,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(objectClass=sambaDomain)], scope => [0] [2010/04/27 16:57:51, 10, pid=12782] lib/account_pol.c:396(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:131(gencache_set) Adding cache entry with key = ACCT_POL/password history; value = 0 and timeout = Tue Apr 27 16:58:51 2010 (60 seconds ahead) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2010/04/27 16:57:51, 7, pid=12782] passdb/login_cache.c:87(login_cache_read) Looking up login cache for user zanchey [2010/04/27 16:57:51, 7, pid=12782] passdb/login_cache.c:103(login_cache_read) No cache entry found [2010/04/27 16:57:51, 9, pid=12782] passdb/pdb_ldap.c:1125(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning expired cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:09:36 2010 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_ldap.c:3963(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=UCCDOMAIN,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(objectClass=sambaDomain)], scope => [0] [2010/04/27 16:57:51, 10, pid=12782] lib/account_pol.c:396(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:131(gencache_set) Adding cache entry with key = ACCT_POL/maximum password age; value = 4294967295 and timeout = Tue Apr 27 16:58:51 2010 (60 seconds ahead) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] lib/username.c:133(Get_Pwnam_alloc) Finding user zanchey [2010/04/27 16:57:51, 5, pid=12782] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is zanchey [2010/04/27 16:57:51, 5, pid=12782] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [zanchey]! [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username zanchey, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username zanchey, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name David Adam, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\zanchey, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 9, pid=12782] passdb/passdb.c:2146(pdb_update_autolock_flag) pdb_update_autolock_flag: Account zanchey not autolocked, no check needed [2010/04/27 16:57:51, 4, pid=12782] libsmb/ntlm_check.c:291(ntlm_password_check) ntlm_password_check: Checking NTLMv2 password with domain [UCCDOMAIN] [2010/04/27 16:57:51, 4, pid=12782] auth/auth_sam.c:137(sam_account_ok) sam_account_ok: Checking SMB password for user zanchey [2010/04/27 16:57:51, 5, pid=12782] auth/auth_sam.c:119(logon_hours_ok) logon_hours_ok: user zanchey allowed to logon at this time (Tue Apr 27 08:57:51 2010 ) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/system_smbd.c:122(sys_getgrouplist) sys_getgrouplist: user [zanchey] [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = IDMAP/GID2SID/69 couldn't be found [2010/04/27 16:57:51, 5, pid=12782] passdb/lookup_sid.c:1378(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 69 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=69))], scope => [2] [2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=69)) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1173(legacy_gid_to_sid) LEGACY: gid 69 -> sid S-1-22-2-69 [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = IDMAP/GID2SID/101 couldn't be found [2010/04/27 16:57:51, 5, pid=12782] passdb/lookup_sid.c:1378(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 101 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=101))], scope => [2] [2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=101)) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1173(legacy_gid_to_sid) LEGACY: gid 101 -> sid S-1-22-2-101 [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = IDMAP/GID2SID/20042 couldn't be found [2010/04/27 16:57:51, 5, pid=12782] passdb/lookup_sid.c:1378(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 20042 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=20042))], scope => [2] [2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=20042)) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1173(legacy_gid_to_sid) LEGACY: gid 20042 -> sid S-1-22-2-20042 [2010/04/27 16:57:51, 5, pid=12782] auth/auth_util.c:646(make_server_info_sam) make_server_info_sam: made server info for user zanchey -> zanchey [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] auth/auth.c:271(check_ntlm_password) check_ntlm_password: sam authentication for user [zanchey] succeeded [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:472(smb_pam_start) smb_pam_start: PAM: Init user: zanchey [2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:489(smb_pam_start) smb_pam_start: PAM: setting rhost to: ::ffff:130.95.13.55 [2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:498(smb_pam_start) smb_pam_start: PAM: setting tty [2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:506(smb_pam_start) smb_pam_start: PAM: Init passed for user: zanchey [2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:564(smb_pam_account) smb_pam_account: PAM: Account Management for User: zanchey [2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:583(smb_pam_account) smb_pam_account: PAM: Account OK for User: zanchey [2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:450(smb_pam_end) smb_pam_end: PAM: PAM_END OK. [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 5, pid=12782] auth/auth.c:297(check_ntlm_password) check_ntlm_password: PAM Account for user [zanchey] succeeded [2010/04/27 16:57:51, 2, pid=12782] auth/auth.c:310(check_ntlm_password) check_ntlm_password: authentication for user [zanchey] -> [zanchey] -> [zanchey] succeeded [2010/04/27 16:57:51, 5, pid=12782] auth/auth_util.c:2114(free_user_info) attempting to free (and zero) a user_info structure [2010/04/27 16:57:51, 10, pid=12782] auth/auth_util.c:2118(free_user_info) structure was created for zanchey [2010/04/27 16:57:51, 10, pid=12782] auth/token_util.c:353(create_local_nt_token) Create local NT token for S-1-5-352321536-3342141748-1574249315-1264630062-23502 [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:303(create_builtin_administrators) create_builtin_administrators: Failed to create Administrators [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:274(create_builtin_users) create_builtin_users: Failed to create Users [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-352321536-3342141748-1574249315-1264630062-23502)(sambaSIDList=S-1-5-352321536-3342141748-1574249315-1264630062-512)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-69)(sambaSIDList=S-1-22-2-101)(sambaSIDList=S-1-22-2-20042)(sambaSIDList=S-1-5-32-544)))], scope => [2] [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-352321536-3342141748-1574249315-1264630062-23502] [2010/04/27 16:57:51, 3, pid=12782] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-352321536-3342141748-1574249315-1264630062-512] [2010/04/27 16:57:51, 5, pid=12782] lib/privileges.c:128(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: SE_PRIV 0x0 0x0 0x0 0x0 [2010/04/27 16:57:51, 3, pid=12782] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2010/04/27 16:57:51, 3, pid=12782] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2010/04/27 16:57:51, 3, pid=12782] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-69] [2010/04/27 16:57:51, 3, pid=12782] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-101] [2010/04/27 16:57:51, 3, pid=12782] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-20042] [2010/04/27 16:57:51, 5, pid=12782] lib/privileges.c:128(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-5-32-544 Privilege set: SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = IDMAP/SID2GID/S-1-1-0 couldn't be found [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) winbind failed to find a gid for sid S-1-1-0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2010/04/27 16:57:51, 10, pid=12782] auth/auth_util.c:750(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = IDMAP/SID2GID/S-1-5-2 couldn't be found [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) winbind failed to find a gid for sid S-1-5-2 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2010/04/27 16:57:51, 10, pid=12782] auth/auth_util.c:750(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = IDMAP/SID2GID/S-1-5-11 couldn't be found [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) winbind failed to find a gid for sid S-1-5-11 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))], scope => [2] [2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11)) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-11 [2010/04/27 16:57:51, 10, pid=12782] auth/auth_util.c:750(create_local_token) Could not convert SID S-1-5-11 to gid, ignoring it [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2010/04/27 16:57:51, 10, pid=12782] auth/auth_util.c:750(create_local_token) Could not convert SID S-1-5-32-544 to gid, ignoring it [2010/04/27 16:57:51, 10, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:51, 10, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 11251 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:51, 10, pid=12782] auth/auth_ntlmssp.c:139(auth_ntlmssp_check_password) Got NT session key of length 16 [2010/04/27 16:57:51, 10, pid=12782] libsmb/ntlmssp.c:851(ntlmssp_server_auth) ntlmssp_server_auth: Using unmodified nt session key. [2010/04/27 16:57:51, 3, pid=12782] libsmb/ntlmssp_sign.c:342(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2010/04/27 16:57:51, 3, pid=12782] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2010/04/27 16:57:51, 10, pid=12782] smbd/password.c:265(register_existing_vuid) register_existing_vuid: (11251,0) zanchey zanchey UCCDOMAIN guest=0 [2010/04/27 16:57:51, 3, pid=12782] smbd/password.c:269(register_existing_vuid) register_existing_vuid: User name: zanchey Real name: David Adam [2010/04/27 16:57:51, 3, pid=12782] smbd/password.c:279(register_existing_vuid) register_existing_vuid: UNIX uid 11251 is UNIX user zanchey, and will be vuid 100 [2010/04/27 16:57:51, 10, pid=12782] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 49442F31323738322F31 [2010/04/27 16:57:51, 10, pid=12782] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x97ed578 [2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:472(smb_pam_start) smb_pam_start: PAM: Init user: zanchey [2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:489(smb_pam_start) smb_pam_start: PAM: setting rhost to: ::ffff:130.95.13.55 [2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:498(smb_pam_start) smb_pam_start: PAM: setting tty [2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:506(smb_pam_start) smb_pam_start: PAM: Init passed for user: zanchey [2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:643(smb_internal_pam_session) smb_internal_pam_session: PAM: tty set to: smb/12782/100 [2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:450(smb_pam_end) smb_pam_end: PAM: PAM_END OK. [2010/04/27 16:57:51, 10, pid=12782] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 49442F31323738322F31 [2010/04/27 16:57:51, 7, pid=12782] param/loadparm.c:9279(lp_servicenumber) lp_servicenumber: couldn't find zanchey [2010/04/27 16:57:51, 3, pid=12782] smbd/password.c:211(register_homes_share) Adding homes service for user 'zanchey' using home directory: '/home/wheel/zanchey' [2010/04/27 16:57:51, 8, pid=12782] param/loadparm.c:6047(add_a_service) add_a_service: Creating snum = 8 for zanchey [2010/04/27 16:57:51, 10, pid=12782] param/loadparm.c:6094(hash_a_service) hash_a_service: hashing index 8 for service name zanchey [2010/04/27 16:57:51, 3, pid=12782] param/loadparm.c:6149(lp_add_home) adding home's share [zanchey] for user 'zanchey' at '/space/away/%H' [2010/04/27 16:57:51, 6, pid=12782] param/loadparm.c:7017(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Apr 27 16:56:37 2010 [2010/04/27 16:57:51, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:51, 5, pid=12782] lib/util.c:642(show_msg) size=106 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=128 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=63 [2010/04/27 16:57:51, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 34 00 2E 00 37 00 00 00 55 00 43 00 43 ...4...7 ...U.C.C [0030] 00 44 00 4F 00 4D 00 41 00 49 00 4E 00 00 00 .D.O.M.A .I.N... [2010/04/27 16:57:51, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 76 [2010/04/27 16:57:51, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x4c [2010/04/27 16:57:51, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 3 of length 80 (0 toread) [2010/04/27 16:57:51, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:51, 5, pid=12782] lib/util.c:642(show_msg) size=76 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=192 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=33 [2010/04/27 16:57:51, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 5C 00 4D 00 59 00 4C 00 41 00 48 00 5C .\.\.M.Y .L.A.H.\ [0010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? [0020] 00 . [2010/04/27 16:57:51, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtconX (pid 12782) conn 0x0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] smbd/uid.c:368(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/27 16:57:51, 4, pid=12782] smbd/reply.c:680(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2010/04/27 16:57:51, 5, pid=12782] smbd/service.c:1216(make_connection) making a connection to 'normal' service ipc$ [2010/04/27 16:57:51, 10, pid=12782] smbd/share_access.c:234(user_ok_token) user_ok_token: share IPC$ is ok for unix user zanchey [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username zanchey, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username zanchey, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name David Adam, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\zanchey, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 [2010/04/27 16:57:51, 5, pid=12782] lib/username.c:133(Get_Pwnam_alloc) Finding user zanchey [2010/04/27 16:57:51, 5, pid=12782] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is zanchey [2010/04/27 16:57:51, 5, pid=12782] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [zanchey]! [2010/04/27 16:57:51, 10, pid=12782] smbd/service.c:163(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2010/04/27 16:57:51, 3, pid=12782] smbd/service.c:807(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2010/04/27 16:57:51, 10, pid=12782] lib/util_seaccess.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2010/04/27 16:57:51, 3, pid=12782] smbd/vfs.c:95(vfs_init_default) Initialising default vfs hooks [2010/04/27 16:57:51, 10, pid=12782] smbd/vfs.c:47(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:85(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2010/04/27 16:57:51, 10, pid=12782] smbd/vfs.c:47(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:85(smb_register_vfs) Successfully added vfs backend 'posixacl' [2010/04/27 16:57:51, 3, pid=12782] smbd/vfs.c:129(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2010/04/27 16:57:51, 10, pid=12782] smbd/vfs.c:47(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #0 (type 0, layer 0) Making operation type 0 opaque [module /[Default VFS]/] Accepting operation type 0 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #1 (type 1, layer 0) Making operation type 1 opaque [module /[Default VFS]/] Accepting operation type 1 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #2 (type 2, layer 0) Making operation type 2 opaque [module /[Default VFS]/] Accepting operation type 2 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #3 (type 3, layer 0) Making operation type 3 opaque [module /[Default VFS]/] Accepting operation type 3 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #4 (type 4, layer 0) Making operation type 4 opaque [module /[Default VFS]/] Accepting operation type 4 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #5 (type 5, layer 0) Making operation type 5 opaque [module /[Default VFS]/] Accepting operation type 5 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #6 (type 6, layer 0) Making operation type 6 opaque [module /[Default VFS]/] Accepting operation type 6 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #7 (type 7, layer 0) Making operation type 7 opaque [module /[Default VFS]/] Accepting operation type 7 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #8 (type 8, layer 0) Making operation type 8 opaque [module /[Default VFS]/] Accepting operation type 8 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #9 (type 9, layer 0) Making operation type 9 opaque [module /[Default VFS]/] Accepting operation type 9 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #10 (type 10, layer 0) Making operation type 10 opaque [module /[Default VFS]/] Accepting operation type 10 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #11 (type 11, layer 0) Making operation type 11 opaque [module /[Default VFS]/] Accepting operation type 11 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #12 (type 12, layer 0) Making operation type 12 opaque [module /[Default VFS]/] Accepting operation type 12 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #13 (type 13, layer 0) Making operation type 13 opaque [module /[Default VFS]/] Accepting operation type 13 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #14 (type 14, layer 0) Making operation type 14 opaque [module /[Default VFS]/] Accepting operation type 14 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #15 (type 15, layer 0) Making operation type 15 opaque [module /[Default VFS]/] Accepting operation type 15 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #16 (type 16, layer 0) Making operation type 16 opaque [module /[Default VFS]/] Accepting operation type 16 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #17 (type 17, layer 0) Making operation type 17 opaque [module /[Default VFS]/] Accepting operation type 17 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #18 (type 18, layer 0) Making operation type 18 opaque [module /[Default VFS]/] Accepting operation type 18 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #19 (type 19, layer 0) Making operation type 19 opaque [module /[Default VFS]/] Accepting operation type 19 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #20 (type 20, layer 0) Making operation type 20 opaque [module /[Default VFS]/] Accepting operation type 20 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #21 (type 21, layer 0) Making operation type 21 opaque [module /[Default VFS]/] Accepting operation type 21 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #22 (type 22, layer 0) Making operation type 22 opaque [module /[Default VFS]/] Accepting operation type 22 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #23 (type 23, layer 0) Making operation type 23 opaque [module /[Default VFS]/] Accepting operation type 23 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #24 (type 24, layer 0) Making operation type 24 opaque [module /[Default VFS]/] Accepting operation type 24 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #25 (type 25, layer 0) Making operation type 25 opaque [module /[Default VFS]/] Accepting operation type 25 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #26 (type 26, layer 0) Making operation type 26 opaque [module /[Default VFS]/] Accepting operation type 26 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #27 (type 27, layer 0) Making operation type 27 opaque [module /[Default VFS]/] Accepting operation type 27 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #28 (type 28, layer 0) Making operation type 28 opaque [module /[Default VFS]/] Accepting operation type 28 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #29 (type 29, layer 0) Making operation type 29 opaque [module /[Default VFS]/] Accepting operation type 29 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #30 (type 30, layer 0) Making operation type 30 opaque [module /[Default VFS]/] Accepting operation type 30 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #31 (type 31, layer 0) Making operation type 31 opaque [module /[Default VFS]/] Accepting operation type 31 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #32 (type 32, layer 0) Making operation type 32 opaque [module /[Default VFS]/] Accepting operation type 32 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #33 (type 33, layer 0) Making operation type 33 opaque [module /[Default VFS]/] Accepting operation type 33 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #34 (type 34, layer 0) Making operation type 34 opaque [module /[Default VFS]/] Accepting operation type 34 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #35 (type 35, layer 0) Making operation type 35 opaque [module /[Default VFS]/] Accepting operation type 35 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #36 (type 36, layer 0) Making operation type 36 opaque [module /[Default VFS]/] Accepting operation type 36 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #37 (type 37, layer 0) Making operation type 37 opaque [module /[Default VFS]/] Accepting operation type 37 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #38 (type 38, layer 0) Making operation type 38 opaque [module /[Default VFS]/] Accepting operation type 38 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #39 (type 39, layer 0) Making operation type 39 opaque [module /[Default VFS]/] Accepting operation type 39 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #40 (type 40, layer 0) Making operation type 40 opaque [module /[Default VFS]/] Accepting operation type 40 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #41 (type 41, layer 0) Making operation type 41 opaque [module /[Default VFS]/] Accepting operation type 41 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #42 (type 42, layer 0) Making operation type 42 opaque [module /[Default VFS]/] Accepting operation type 42 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #43 (type 43, layer 0) Making operation type 43 opaque [module /[Default VFS]/] Accepting operation type 43 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #44 (type 44, layer 0) Making operation type 44 opaque [module /[Default VFS]/] Accepting operation type 44 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #45 (type 45, layer 0) Making operation type 45 opaque [module /[Default VFS]/] Accepting operation type 45 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #46 (type 46, layer 0) Making operation type 46 opaque [module /[Default VFS]/] Accepting operation type 46 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #47 (type 47, layer 0) Making operation type 47 opaque [module /[Default VFS]/] Accepting operation type 47 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #48 (type 48, layer 0) Making operation type 48 opaque [module /[Default VFS]/] Accepting operation type 48 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #49 (type 49, layer 0) Making operation type 49 opaque [module /[Default VFS]/] Accepting operation type 49 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #50 (type 50, layer 0) Making operation type 50 opaque [module /[Default VFS]/] Accepting operation type 50 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #51 (type 51, layer 0) Making operation type 51 opaque [module /[Default VFS]/] Accepting operation type 51 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #52 (type 52, layer 0) Making operation type 52 opaque [module /[Default VFS]/] Accepting operation type 52 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #53 (type 53, layer 0) Making operation type 53 opaque [module /[Default VFS]/] Accepting operation type 53 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #54 (type 54, layer 0) Making operation type 54 opaque [module /[Default VFS]/] Accepting operation type 54 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #55 (type 55, layer 0) Making operation type 55 opaque [module /[Default VFS]/] Accepting operation type 55 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #56 (type 56, layer 0) Making operation type 56 opaque [module /[Default VFS]/] Accepting operation type 56 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #57 (type 57, layer 0) Making operation type 57 opaque [module /[Default VFS]/] Accepting operation type 57 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #58 (type 58, layer 0) Making operation type 58 opaque [module /[Default VFS]/] Accepting operation type 58 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #59 (type 59, layer 0) Making operation type 59 opaque [module /[Default VFS]/] Accepting operation type 59 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #60 (type 60, layer 0) Making operation type 60 opaque [module /[Default VFS]/] Accepting operation type 60 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #61 (type 61, layer 0) Making operation type 61 opaque [module /[Default VFS]/] Accepting operation type 61 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #62 (type 62, layer 0) Making operation type 62 opaque [module /[Default VFS]/] Accepting operation type 62 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #63 (type 63, layer 0) Making operation type 63 opaque [module /[Default VFS]/] Accepting operation type 63 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #64 (type 64, layer 0) Making operation type 64 opaque [module /[Default VFS]/] Accepting operation type 64 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #65 (type 65, layer 0) Making operation type 65 opaque [module /[Default VFS]/] Accepting operation type 65 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #66 (type 66, layer 0) Making operation type 66 opaque [module /[Default VFS]/] Accepting operation type 66 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #67 (type 67, layer 0) Making operation type 67 opaque [module /[Default VFS]/] Accepting operation type 67 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #68 (type 68, layer 0) Making operation type 68 opaque [module /[Default VFS]/] Accepting operation type 68 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #69 (type 69, layer 0) Making operation type 69 opaque [module /[Default VFS]/] Accepting operation type 69 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #70 (type 70, layer 0) Making operation type 70 opaque [module /[Default VFS]/] Accepting operation type 70 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #71 (type 71, layer 0) Making operation type 71 opaque [module /[Default VFS]/] Accepting operation type 71 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #72 (type 72, layer 0) Making operation type 72 opaque [module /[Default VFS]/] Accepting operation type 72 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #73 (type 73, layer 0) Making operation type 73 opaque [module /[Default VFS]/] Accepting operation type 73 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #74 (type 74, layer 0) Making operation type 74 opaque [module /[Default VFS]/] Accepting operation type 74 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #75 (type 75, layer 0) Making operation type 75 opaque [module /[Default VFS]/] Accepting operation type 75 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #76 (type 76, layer 0) Making operation type 76 opaque [module /[Default VFS]/] Accepting operation type 76 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #77 (type 77, layer 0) Making operation type 77 opaque [module /[Default VFS]/] Accepting operation type 77 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #78 (type 78, layer 0) Making operation type 78 opaque [module /[Default VFS]/] Accepting operation type 78 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #79 (type 79, layer 0) Making operation type 79 opaque [module /[Default VFS]/] Accepting operation type 79 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #80 (type 80, layer 0) Making operation type 80 opaque [module /[Default VFS]/] Accepting operation type 80 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #81 (type 81, layer 0) Making operation type 81 opaque [module /[Default VFS]/] Accepting operation type 81 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #82 (type 82, layer 0) Making operation type 82 opaque [module /[Default VFS]/] Accepting operation type 82 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #83 (type 83, layer 0) Making operation type 83 opaque [module /[Default VFS]/] Accepting operation type 83 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #84 (type 84, layer 0) Making operation type 84 opaque [module /[Default VFS]/] Accepting operation type 84 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #85 (type 85, layer 0) Making operation type 85 opaque [module /[Default VFS]/] Accepting operation type 85 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #86 (type 86, layer 0) Making operation type 86 opaque [module /[Default VFS]/] Accepting operation type 86 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #87 (type 87, layer 0) Making operation type 87 opaque [module /[Default VFS]/] Accepting operation type 87 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #88 (type 88, layer 0) Making operation type 88 opaque [module /[Default VFS]/] Accepting operation type 88 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #89 (type 89, layer 0) Making operation type 89 opaque [module /[Default VFS]/] Accepting operation type 89 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #90 (type 90, layer 0) Making operation type 90 opaque [module /[Default VFS]/] Accepting operation type 90 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #91 (type 91, layer 0) Making operation type 91 opaque [module /[Default VFS]/] Accepting operation type 91 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #92 (type 92, layer 0) Making operation type 92 opaque [module /[Default VFS]/] Accepting operation type 92 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #93 (type 93, layer 0) Making operation type 93 opaque [module /[Default VFS]/] Accepting operation type 93 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #94 (type 94, layer 0) Making operation type 94 opaque [module /[Default VFS]/] Accepting operation type 94 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #95 (type 95, layer 0) Making operation type 95 opaque [module /[Default VFS]/] Accepting operation type 95 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #96 (type 96, layer 0) Making operation type 96 opaque [module /[Default VFS]/] Accepting operation type 96 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #97 (type 97, layer 0) Making operation type 97 opaque [module /[Default VFS]/] Accepting operation type 97 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #98 (type 98, layer 0) Making operation type 98 opaque [module /[Default VFS]/] Accepting operation type 98 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #99 (type 99, layer 0) Making operation type 99 opaque [module /[Default VFS]/] Accepting operation type 99 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #100 (type 100, layer 0) Making operation type 100 opaque [module /[Default VFS]/] Accepting operation type 100 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #101 (type 101, layer 0) Making operation type 101 opaque [module /[Default VFS]/] Accepting operation type 101 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #102 (type 102, layer 0) Making operation type 102 opaque [module /[Default VFS]/] Accepting operation type 102 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #103 (type 103, layer 0) Making operation type 103 opaque [module /[Default VFS]/] Accepting operation type 103 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #104 (type 104, layer 0) Making operation type 104 opaque [module /[Default VFS]/] Accepting operation type 104 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #105 (type 105, layer 0) Making operation type 105 opaque [module /[Default VFS]/] Accepting operation type 105 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #106 (type 106, layer 0) Making operation type 106 opaque [module /[Default VFS]/] Accepting operation type 106 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #107 (type 107, layer 0) Making operation type 107 opaque [module /[Default VFS]/] Accepting operation type 107 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #108 (type 108, layer 0) Making operation type 108 opaque [module /[Default VFS]/] Accepting operation type 108 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #109 (type 109, layer 0) Making operation type 109 opaque [module /[Default VFS]/] Accepting operation type 109 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) Checking operation #110 (type 110, layer 0) Making operation type 110 opaque [module /[Default VFS]/] Accepting operation type 110 from module /[Default VFS]/ [2010/04/27 16:57:51, 5, pid=12782] smbd/connection.c:142(claim_connection) claiming [IPC$] [2010/04/27 16:57:51, 10, pid=12782] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key EE310000FFFFFFFF0100 [2010/04/27 16:57:51, 10, pid=12782] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x98021d0 [2010/04/27 16:57:51, 10, pid=12782] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key EE310000FFFFFFFF0100 [2010/04/27 16:57:51, 10, pid=12782] smbd/service.c:163(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2010/04/27 16:57:51, 10, pid=12782] smbd/share_access.c:234(user_ok_token) user_ok_token: share IPC$ is ok for unix user zanchey [2010/04/27 16:57:51, 10, pid=12782] smbd/share_access.c:279(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user zanchey [2010/04/27 16:57:51, 10, pid=12782] lib/util_seaccess.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2010/04/27 16:57:51, 3, pid=12782] lib/util_sid.c:228(string_to_sid) string_to_sid: Sid root does not start with 'S-'. [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:69(lookup_name) lookup_name: UCCDOMAIN\root => UCCDOMAIN (domain), root (name) [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:70(lookup_name) lookup_name: flags = 0x073 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2010/04/27 16:57:51, 2, pid=12782] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: root [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username root, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username root, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:549(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1000 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1000 [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name Super-User, was [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\root, was [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute description does not exist [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2010/04/27 16:57:51, 7, pid=12782] passdb/login_cache.c:87(login_cache_read) Looking up login cache for user root [2010/04/27 16:57:51, 7, pid=12782] passdb/login_cache.c:103(login_cache_read) No cache entry found [2010/04/27 16:57:51, 9, pid=12782] passdb/pdb_ldap.c:1125(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] lib/username.c:133(Get_Pwnam_alloc) Finding user root [2010/04/27 16:57:51, 5, pid=12782] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2010/04/27 16:57:51, 5, pid=12782] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username root, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username root, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name Super-User, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\root, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1000 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1000 from rid 1000 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] lib/util_sid.c:228(string_to_sid) string_to_sid: Sid @wheel does not start with 'S-'. [2010/04/27 16:57:51, 5, pid=12782] smbd/password.c:403(user_in_netgroup) Unable to get default yp domain, let's try without specifying it [2010/04/27 16:57:51, 5, pid=12782] smbd/password.c:407(user_in_netgroup) looking for user zanchey of domain (ANY) in netgroup wheel [2010/04/27 16:57:51, 5, pid=12782] smbd/password.c:423(user_in_netgroup) looking for user zanchey of domain (ANY) in netgroup wheel [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:69(lookup_name) lookup_name: UCCDOMAIN\wheel => UCCDOMAIN (domain), wheel (name) [2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:70(lookup_name) lookup_name: flags = 0x077 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=wheel)(cn=wheel)))], scope => [2] [2010/04/27 16:57:51, 2, pid=12782] passdb/pdb_ldap.c:2434(init_group_from_ldap) init_group_from_ldap: Entry found for group: 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username zanchey, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username zanchey, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name David Adam, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\zanchey, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 [2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:51, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:51, 10, pid=12782] smbd/service.c:163(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2010/04/27 16:57:51, 3, pid=12782] smbd/service.c:1063(make_connection_snum) maaxen (::ffff:130.95.13.55) connect to service IPC$ initially as user zanchey (uid=0, gid=0) (pid 12782) [2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:51, 5, pid=12782] smbd/uid.c:368(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/27 16:57:51, 3, pid=12782] smbd/reply.c:759(reply_tcon_and_X) tconX service=IPC$ [2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 100 [2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x64 [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 4 of length 104 (0 toread) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=256 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] D6 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [0010] 00 . [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:53, 4, pid=12782] smbd/vfs.c:753(vfs_ChDir) vfs_ChDir to /tmp [2010/04/27 16:57:53, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc [2010/04/27 16:57:53, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) nt_open_pipe: Opening pipe \lsarpc. [2010/04/27 16:57:53, 5, pid=12782] smbd/files.c:103(file_new) allocated file structure 5887, fnum = 9983 (1 used) [2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) init_pipe_handles: created handle list for pipe \lsarpc [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) init_pipe_handles: pipe_handles ref count = 1 for pipe \lsarpc [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:53, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:53, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:53, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:53, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username zanchey, was [2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username zanchey, was [2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name David Adam, was [2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\zanchey, was [2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:53, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:53, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 [2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 [2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 [2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2010/04/27 16:57:53, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \lsarpc [2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 224 [2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xe0 [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 5 of length 228 (0 toread) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=320 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9983 (0x26FF) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [0030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 57 34 .+.H`... .....xW4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 57 34 12 34 12 CD 6....... .xW4.4.. [0080] AB EF 00 01 23 45 67 89 AB 00 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBwriteX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:53, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) reply_pipe_write_and_X: 26ff name: lsarpc len: 160 [2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 160 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 160 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a0 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 11, flags = 3 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 11 [2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) api_pipe_bind_req: decode request. 1558 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_rb [2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 03 000c context_id : 0000 000e num_transfer_syntaxes: 01 [2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00000f smb_io_rpc_iface [2010/04/27 16:57:53, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_uuid uuid 0010 data : 12345778 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 89 ab 0020 version: 00000000 [2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_rpc_iface [2010/04/27 16:57:53, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 0038 context_id : 0001 003a num_transfer_syntaxes: 01 [2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003b smb_io_rpc_iface [2010/04/27 16:57:53, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003c smb_io_uuid uuid 003c data : 12345778 0040 data : 1234 0042 data : abcd 0044 data : ef 00 0046 data : 01 23 45 67 89 ab 004c version: 00000000 [2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_rpc_iface [2010/04/27 16:57:53, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_uuid uuid 0050 data : 71710533 0054 data : beba 0056 data : 4937 0058 data : 83 19 005a data : b5 db ef 9c cc 36 0060 version: 00000001 0064 context_id : 0002 0066 num_transfer_syntaxes: 01 [2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000067 smb_io_rpc_iface [2010/04/27 16:57:53, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000068 smb_io_uuid uuid 0068 data : 12345778 006c data : 1234 006e data : abcd 0070 data : ef 00 0072 data : 01 23 45 67 89 ab 0078 version: 00000000 [2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_rpc_iface [2010/04/27 16:57:53, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_uuid uuid 007c data : 6cb71c2c 0080 data : 9812 0082 data : 4540 0084 data : 03 00 0086 data : 00 00 00 00 00 00 008c version: 00000001 [2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) api_pipe_bind_req: make response. 1628 [2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) check_bind_req for \lsarpc checking lsarpc [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_ba [2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 [2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\lsarpc. [2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 [2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000020 smb_io_rpc_iface [2010/04/27 16:57:53, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 144 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:53, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) writeX-IPC nwritten=160 [2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 59 [2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x3b [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 6 of length 63 (0 toread) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=384 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9983 (0x26FF) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBreadX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:53, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 164 [2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xa4 [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 7 of length 168 (0 toread) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=448 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9983 (0x26FF) smb_bcc=97 [2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 50 00 00 00 02 00 00 ........ .P...... [0020] 00 38 00 00 00 00 00 2C 00 00 00 02 00 06 00 00 .8....., ........ [0030] 00 00 00 00 00 06 00 00 00 4D 00 59 00 4C 00 41 ........ .M.Y.L.A [0040] 00 48 00 00 00 30 00 00 00 00 00 00 00 00 00 00 .H...0.. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 02 . [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=80 params=0 setup=2 [2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 26ff) [2010/04/27 16:57:53, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 80 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 80 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 64 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0050 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 64 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000038 0004 context_id: 0000 0006 opnum : 002c [2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 167 [2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\lsarpc [2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[44].fn == 0x822bf40 [2010/04/27 16:57:53, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : 'MYLAH' attr : * attr: struct lsa_ObjectAttribute len : 0x00000030 (48) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : NULL access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2010/04/27 16:57:53, 10, pid=12782] lib/util_seaccess.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4B 11 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:53, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d64b-11a7ee310000 result : NT_STATUS_OK [2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 1052 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 64 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016e0 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016e0 [2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd7d0 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97dd7d0 [2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=448 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0020] 00 00 00 00 00 D6 4B 11 A7 EE 31 00 00 00 00 00 ......K. ..1..... [0030] 00 . [2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 130 [2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x82 [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 8 of length 134 (0 toread) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=512 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9983 (0x26FF) smb_bcc=63 [2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ [0020] 00 16 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 11 A7 EE 31 00 00 0C 00 ......K. ..1.... [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=46 params=0 setup=2 [2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 26ff) [2010/04/27 16:57:53, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 46 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 46 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 30 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002e 000a auth_len : 0000 000c call_id : 00000003 [2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 30 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000016 0004 context_id: 0000 0006 opnum : 002e [2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\lsarpc [2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \lsarpc op 0x2e - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2 [2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[46].fn == 0x822b910 [2010/04/27 16:57:53, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d64b-11a7ee310000 level : LSA_POLICY_INFO_DNS (12) [2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_pipe.c:2345(api_rpcTNP) api_rpcTNP: rng fault return [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 23 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 00000003 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000000 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_OP_RNG_ERROR 001c reserved: 00000000 [2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 30 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) read_from_pipe: \lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97eaf30 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97eaf30 [2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..32] (align 0) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=512 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 03 23 10 00 00 00 20 00 00 00 03 00 00 ....#... . ...... [0010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [0020] 00 . [2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 130 [2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x82 [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 9 of length 134 (0 toread) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=576 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9983 (0x26FF) smb_bcc=63 [2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 04 00 00 ........ ........ [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 11 A7 EE 31 00 00 03 00 ......K. ..1.... [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=46 params=0 setup=2 [2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 26ff) [2010/04/27 16:57:53, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 46 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 46 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 30 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002e 000a auth_len : 0000 000c call_id : 00000004 [2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 30 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000016 0004 context_id: 0000 0006 opnum : 0007 [2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\lsarpc [2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[7].fn == 0x82330e0 [2010/04/27 16:57:53, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d64b-11a7ee310000 level : LSA_POLICY_INFO_DOMAIN (3) [2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4B 11 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:53, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 3) domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : * string : 'UCCDOMAIN' sid : * sid : S-1-5-352321536-3342141748-1574249315-1264630062 result : NT_STATUS_OK [2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 112 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 30 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 84. [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 00000004 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000054 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd560 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97dd560 [2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..108] (align 0) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=576 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=109 [2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 6C 00 00 00 04 00 00 ........ .l...... [0010] 00 54 00 00 00 00 00 00 00 00 00 02 00 03 00 00 .T...... ........ [0020] 00 12 00 14 00 04 00 02 00 08 00 02 00 0A 00 00 ........ ........ [0030] 00 00 00 00 00 09 00 00 00 55 00 43 00 43 00 44 ........ .U.C.C.D [0040] 00 4F 00 4D 00 41 00 49 00 4E 00 00 00 04 00 00 .O.M.A.I .N...... [0050] 00 01 04 00 00 00 00 00 05 00 00 00 15 34 09 35 ........ .....4.5 [0060] C7 63 23 D5 5D 2E B9 60 4B 00 00 00 00 .c#.]..` K.... [2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 128 [2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x80 [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 10 of length 132 (0 toread) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=640 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9983 (0x26FF) smb_bcc=61 [2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 11 A7 EE 31 00 00 ......K. ..1.. [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 26ff) [2010/04/27 16:57:53, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 44 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 44 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000005 [2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0000 [2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\lsarpc [2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[0].fn == 0x8234650 [2010/04/27 16:57:53, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-d64b-11a7ee310000 [2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4B 11 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4B 11 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) Closed policy [2010/04/27 16:57:53, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 28 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000005 [2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ed578 [2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ed578 [2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=640 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 41 [2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x29 [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 11 of length 45 (0 toread) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=704 smt_wct=3 smb_vwv[ 0]= 9983 (0x26FF) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBclose (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:53, 3, pid=12782] smbd/reply.c:4488(reply_close) close fd=-1 fnum=9983 (numopen=1) [2010/04/27 16:57:53, 6, pid=12782] smbd/close.c:454(set_close_write_time) close_write_time: Thu Jan 1 07:59:59 1970 [2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2010/04/27 16:57:53, 5, pid=12782] smbd/files.c:474(file_free) freed files structure 9983 (0 used) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=704 smt_wct=0 smb_bcc=0 [2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 100 [2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x64 [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 12 of length 104 (0 toread) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=768 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] D6 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [0010] 00 . [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:54, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc [2010/04/27 16:57:54, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) nt_open_pipe: Opening pipe \lsarpc. [2010/04/27 16:57:54, 5, pid=12782] smbd/files.c:103(file_new) allocated file structure 5888, fnum = 9984 (1 used) [2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) init_pipe_handles: created handle list for pipe \lsarpc [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) init_pipe_handles: pipe_handles ref count = 1 for pipe \lsarpc [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:54, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:54, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:54, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:54, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username zanchey, was [2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username zanchey, was [2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name David Adam, was [2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\zanchey, was [2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:54, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:54, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 [2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 [2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 [2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2010/04/27 16:57:54, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \lsarpc [2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 224 [2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xe0 [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 13 of length 228 (0 toread) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=832 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9984 (0x2700) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [0030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 57 34 .+.H`... .....xW4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 57 34 12 34 12 CD 6....... .xW4.4.. [0080] AB EF 00 01 23 45 67 89 AB 00 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBwriteX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:54, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) reply_pipe_write_and_X: 2700 name: lsarpc len: 160 [2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 160 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 160 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a0 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 11, flags = 3 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 11 [2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) api_pipe_bind_req: decode request. 1558 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_rb [2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 03 000c context_id : 0000 000e num_transfer_syntaxes: 01 [2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00000f smb_io_rpc_iface [2010/04/27 16:57:54, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_uuid uuid 0010 data : 12345778 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 89 ab 0020 version: 00000000 [2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_rpc_iface [2010/04/27 16:57:54, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 0038 context_id : 0001 003a num_transfer_syntaxes: 01 [2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003b smb_io_rpc_iface [2010/04/27 16:57:54, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003c smb_io_uuid uuid 003c data : 12345778 0040 data : 1234 0042 data : abcd 0044 data : ef 00 0046 data : 01 23 45 67 89 ab 004c version: 00000000 [2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_rpc_iface [2010/04/27 16:57:54, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_uuid uuid 0050 data : 71710533 0054 data : beba 0056 data : 4937 0058 data : 83 19 005a data : b5 db ef 9c cc 36 0060 version: 00000001 0064 context_id : 0002 0066 num_transfer_syntaxes: 01 [2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000067 smb_io_rpc_iface [2010/04/27 16:57:54, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000068 smb_io_uuid uuid 0068 data : 12345778 006c data : 1234 006e data : abcd 0070 data : ef 00 0072 data : 01 23 45 67 89 ab 0078 version: 00000000 [2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_rpc_iface [2010/04/27 16:57:54, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_uuid uuid 007c data : 6cb71c2c 0080 data : 9812 0082 data : 4540 0084 data : 03 00 0086 data : 00 00 00 00 00 00 008c version: 00000001 [2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) api_pipe_bind_req: make response. 1628 [2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) check_bind_req for \lsarpc checking lsarpc [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_ba [2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 [2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\lsarpc. [2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 [2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000020 smb_io_rpc_iface [2010/04/27 16:57:54, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 144 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:54, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) writeX-IPC nwritten=160 [2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 59 [2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x3b [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 14 of length 63 (0 toread) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=896 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9984 (0x2700) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBreadX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:54, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 164 [2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xa4 [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 15 of length 168 (0 toread) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=960 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9984 (0x2700) smb_bcc=97 [2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 50 00 00 00 02 00 00 ........ .P...... [0020] 00 38 00 00 00 00 00 2C 00 00 00 02 00 06 00 00 .8....., ........ [0030] 00 00 00 00 00 06 00 00 00 4D 00 59 00 4C 00 41 ........ .M.Y.L.A [0040] 00 48 00 00 00 30 00 00 00 00 00 00 00 00 00 00 .H...0.. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 02 . [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=80 params=0 setup=2 [2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 2700) [2010/04/27 16:57:54, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 80 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 80 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 64 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0050 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 64 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000038 0004 context_id: 0000 0006 opnum : 002c [2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 167 [2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\lsarpc [2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[44].fn == 0x822bf40 [2010/04/27 16:57:54, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : 'MYLAH' attr : * attr: struct lsa_ObjectAttribute len : 0x00000030 (48) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : NULL access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2010/04/27 16:57:54, 10, pid=12782] lib/util_seaccess.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff [2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) [2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) Opened policy hnd[1] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4B 12 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:54, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-d64b-12a7ee310000 result : NT_STATUS_OK [2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 1052 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 64 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016e0 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016e0 [2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd7d0 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97dd7d0 [2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=960 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [0020] 00 00 00 00 00 D6 4B 12 A7 EE 31 00 00 00 00 00 ......K. ..1..... [0030] 00 . [2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 130 [2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x82 [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 16 of length 134 (0 toread) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1024 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9984 (0x2700) smb_bcc=63 [2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ [0020] 00 16 00 00 00 00 00 2E 00 00 00 00 00 02 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 12 A7 EE 31 00 00 0C 00 ......K. ..1.... [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=46 params=0 setup=2 [2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 2700) [2010/04/27 16:57:54, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 46 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 46 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 30 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002e 000a auth_len : 0000 000c call_id : 00000003 [2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 30 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000016 0004 context_id: 0000 0006 opnum : 002e [2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\lsarpc [2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \lsarpc op 0x2e - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2 [2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[46].fn == 0x822b910 [2010/04/27 16:57:54, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-d64b-12a7ee310000 level : LSA_POLICY_INFO_DNS (12) [2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_pipe.c:2345(api_rpcTNP) api_rpcTNP: rng fault return [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 23 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 00000003 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000000 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_OP_RNG_ERROR 001c reserved: 00000000 [2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 30 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) read_from_pipe: \lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ed578 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ed578 [2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..32] (align 0) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1024 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 03 23 10 00 00 00 20 00 00 00 03 00 00 ....#... . ...... [0010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [0020] 00 . [2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 130 [2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x82 [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 17 of length 134 (0 toread) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1088 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9984 (0x2700) smb_bcc=63 [2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 04 00 00 ........ ........ [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 02 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 12 A7 EE 31 00 00 03 00 ......K. ..1.... [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=46 params=0 setup=2 [2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 2700) [2010/04/27 16:57:54, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 46 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 46 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 30 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002e 000a auth_len : 0000 000c call_id : 00000004 [2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 30 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000016 0004 context_id: 0000 0006 opnum : 0007 [2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\lsarpc [2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[7].fn == 0x82330e0 [2010/04/27 16:57:54, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-d64b-12a7ee310000 level : LSA_POLICY_INFO_DOMAIN (3) [2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4B 12 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:54, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 3) domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : * string : 'UCCDOMAIN' sid : * sid : S-1-5-352321536-3342141748-1574249315-1264630062 result : NT_STATUS_OK [2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 112 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 30 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 84. [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 00000004 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000054 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ec9e0 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ec9e0 [2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..108] (align 0) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1088 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=109 [2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 6C 00 00 00 04 00 00 ........ .l...... [0010] 00 54 00 00 00 00 00 00 00 00 00 02 00 03 00 00 .T...... ........ [0020] 00 12 00 14 00 04 00 02 00 08 00 02 00 0A 00 00 ........ ........ [0030] 00 00 00 00 00 09 00 00 00 55 00 43 00 43 00 44 ........ .U.C.C.D [0040] 00 4F 00 4D 00 41 00 49 00 4E 00 00 00 04 00 00 .O.M.A.I .N...... [0050] 00 01 04 00 00 00 00 00 05 00 00 00 15 34 09 35 ........ .....4.5 [0060] C7 63 23 D5 5D 2E B9 60 4B 00 00 00 00 .c#.]..` K.... [2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 128 [2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x80 [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 18 of length 132 (0 toread) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1152 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9984 (0x2700) smb_bcc=61 [2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 12 A7 EE 31 00 00 ......K. ..1.. [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 2700) [2010/04/27 16:57:54, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 44 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 44 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000005 [2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0000 [2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\lsarpc [2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[0].fn == 0x8234650 [2010/04/27 16:57:54, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-d64b-12a7ee310000 [2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4B 12 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4B 12 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) Closed policy [2010/04/27 16:57:54, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 28 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000005 [2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1152 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 41 [2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x29 [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 19 of length 45 (0 toread) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1216 smt_wct=3 smb_vwv[ 0]= 9984 (0x2700) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBclose (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:54, 3, pid=12782] smbd/reply.c:4488(reply_close) close fd=-1 fnum=9984 (numopen=1) [2010/04/27 16:57:54, 6, pid=12782] smbd/close.c:454(set_close_write_time) close_write_time: Thu Jan 1 07:59:59 1970 [2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2010/04/27 16:57:54, 5, pid=12782] smbd/files.c:474(file_free) freed files structure 9984 (0 used) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1216 smt_wct=0 smb_bcc=0 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 96 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x60 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 20 of length 100 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1280 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=13 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] FF 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = samr [2010/04/27 16:57:55, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) nt_open_pipe: Opening pipe \samr. [2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:103(file_new) allocated file structure 5889, fnum = 9985 (1 used) [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) Create pipe requested \samr [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) init_pipe_handles: created handle list for pipe \samr [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) init_pipe_handles: pipe_handles ref count = 1 for pipe \samr [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name David Adam, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) Created internal pipe \samr (pipes_open=0) [2010/04/27 16:57:55, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \samr [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 224 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xe0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 21 of length 228 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1344 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9985 (0x2701) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [0030] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 57 34 .+.H`... .....xW4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 57 34 12 34 12 CD 6....... .xW4.4.. [0080] AB EF 00 01 23 45 67 89 AC 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBwriteX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) reply_pipe_write_and_X: 2701 name: samr len: 160 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a0 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 11, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 11 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) api_pipe_bind_req: decode request. 1558 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_rb [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 03 000c context_id : 0000 000e num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00000f smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_uuid uuid 0010 data : 12345778 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 89 ac 0020 version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 0038 context_id : 0001 003a num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003b smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003c smb_io_uuid uuid 003c data : 12345778 0040 data : 1234 0042 data : abcd 0044 data : ef 00 0046 data : 01 23 45 67 89 ac 004c version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_uuid uuid 0050 data : 71710533 0054 data : beba 0056 data : 4937 0058 data : 83 19 005a data : b5 db ef 9c cc 36 0060 version: 00000001 0064 context_id : 0002 0066 num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000067 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000068 smb_io_uuid uuid 0068 data : 12345778 006c data : 1234 006e data : abcd 0070 data : ef 00 0072 data : 01 23 45 67 89 ac 0078 version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_uuid uuid 007c data : 6cb71c2c 0080 data : 9812 0082 data : 4540 0084 data : 03 00 0086 data : 00 00 00 00 00 00 008c version: 00000001 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) api_pipe_bind_req: \PIPE\samr -> \PIPE\samr [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) api_pipe_bind_req: make response. 1628 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) check_bind_req for \samr checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon checking netdfs checking srvsvc checking spoolss checking eventlog checking samr [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_ba [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000008 smb_io_rpc_addr_str 0008 len: 000b 000a str: \PIPE\samr. [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000015 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000020 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 144 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) writeX-IPC nwritten=160 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 59 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x3b [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 22 of length 63 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1408 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9985 (0x2701) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBreadX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) read_from_pipe: \samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 156 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x9c [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 23 of length 160 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1472 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9985 (0x2701) smb_bcc=89 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 48 00 00 00 02 00 00 ........ .H...... [0020] 00 30 00 00 00 00 00 40 00 00 00 02 00 06 00 00 .0.....@ ........ [0030] 00 00 00 00 00 06 00 00 00 4D 00 59 00 4C 00 41 ........ .M.Y.L.A [0040] 00 48 00 00 00 30 00 00 00 01 00 00 00 01 00 00 .H...0.. ........ [0050] 00 03 00 00 00 00 00 00 00 ........ . [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=72 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2701) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 72 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 72 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 56 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 56 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000030 0004 context_id: 0000 0006 opnum : 0040 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 165 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x40 - api_rpcTNP: rpc command: SAMR_CONNECT5 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[64].fn == 0x82cff10 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Connect5: struct samr_Connect5 in: struct samr_Connect5 system_name : * system_name : 'MYLAH' access_mask : 0x00000030 (48) 0: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 1: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN level_in : 0x00000001 (1) info_in : * info_in : union samr_ConnectInfo(case 1) info1: struct samr_ConnectInfo1 client_version : SAMR_CONNECT_AFTER_W2K (3) unknown2 : 0x00000000 (0) [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:3976(_samr_Connect2) _samr_Connect5: 3976 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) _samr_Connect5: access GRANTED (requested: 0x00000030, granted: 0x00000030) [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:395(get_samr_info_by_sid) get_samr_info_by_sid: created new info for sid (NULL) [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:400(get_samr_info_by_sid) get_samr_info_by_sid: created new info for NULL sid. [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) Opened policy hnd[1] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:4007(_samr_Connect2) _samr_Connect5: 4007 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Connect5: struct samr_Connect5 out: struct samr_Connect5 level_out : * level_out : 0x00000001 (1) info_out : * info_out : union samr_ConnectInfo(case 1) info1: struct samr_ConnectInfo1 client_version : SAMR_CONNECT_AFTER_W2K (3) unknown2 : 0x00000000 (0) connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-d64b-13a7ee310000 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 984 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 56 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016d0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016d0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 40. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0040 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000028 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd7d0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97dd7d0 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..64] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1472 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 64 (0x40) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=65 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 40 00 00 00 02 00 00 ........ .@...... [0010] 00 28 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .(...... ........ [0020] 00 03 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 00 00 ......K. ..1..... [0040] 00 . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 136 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x88 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 24 of length 140 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1536 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9985 (0x2701) smb_bcc=69 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 34 00 00 00 03 00 00 ........ .4...... [0020] 00 1C 00 00 00 00 00 06 00 00 00 00 00 03 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 00 00 ......K. ..1..... [0040] 00 00 20 00 00 .. .. [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=52 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2701) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 52 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 52 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 36 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0034 000a auth_len : 0000 000c call_id : 00000003 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 36 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000001c 0004 context_id: 0000 0006 opnum : 0006 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUMDOMAINS [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[6].fn == 0x82db760 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_EnumDomains: struct samr_EnumDomains in: struct samr_EnumDomains connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-d64b-13a7ee310000 resume_handle : * resume_handle : 0x00000000 (0) buf_size : 0x00002000 (8192) [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) _samr_EnumDomains: access check ((granted: 0x00000030; required: 0x00000010) [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_EnumDomains: struct samr_EnumDomains out: struct samr_EnumDomains resume_handle : * resume_handle : 0x00000000 (0) sam : * sam : * sam: struct samr_SamArray count : 0x00000002 (2) entries : * entries: ARRAY(2) entries: struct samr_SamEntry idx : 0x00000000 (0) name: struct lsa_String length : 0x0012 (18) size : 0x0012 (18) string : * string : 'UCCDOMAIN' entries: struct samr_SamEntry idx : 0x00000001 (1) name: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'Builtin' num_entries : * num_entries : 0x00000002 (2) result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 32 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 36 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016b0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016b0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 112. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0088 000a auth_len : 0000 000c call_id : 00000003 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000070 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..136] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=192 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1536 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 136 (0x88) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 136 (0x88) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=137 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 88 00 00 00 03 00 00 ........ ........ [0010] 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 02 .p...... ........ [0020] 00 02 00 00 00 04 00 02 00 02 00 00 00 00 00 00 ........ ........ [0030] 00 12 00 12 00 08 00 02 00 01 00 00 00 0E 00 0E ........ ........ [0040] 00 0C 00 02 00 09 00 00 00 00 00 00 00 09 00 00 ........ ........ [0050] 00 55 00 43 00 43 00 44 00 4F 00 4D 00 41 00 49 .U.C.C.D .O.M.A.I [0060] 00 4E 00 00 00 07 00 00 00 00 00 00 00 07 00 00 .N...... ........ [0070] 00 42 00 75 00 69 00 6C 00 74 00 69 00 6E 00 00 .B.u.i.l .t.i.n.. [0080] 00 02 00 00 00 00 00 00 00 ........ . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 166 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xa6 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 25 of length 170 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=166 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1600 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 82 (0x52) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 82 (0x52) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9985 (0x2701) smb_bcc=99 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 52 00 00 00 04 00 00 ........ .R...... [0020] 00 3A 00 00 00 00 00 05 00 00 00 00 00 03 00 00 .:...... ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 12 00 12 ......K. ..1..... [0040] 00 00 00 02 00 09 00 00 00 00 00 00 00 09 00 00 ........ ........ [0050] 00 55 00 43 00 43 00 44 00 4F 00 4D 00 41 00 49 .U.C.C.D .O.M.A.I [0060] 00 4E 00 .N. [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=82 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2701) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 82 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 82 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 82 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 82, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 66 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 66 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0052 000a auth_len : 0000 000c call_id : 00000004 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 66 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 66, incoming data = 66 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000003a 0004 context_id: 0000 0006 opnum : 0005 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUPDOMAIN [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[5].fn == 0x82dbaf0 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_LookupDomain: struct samr_LookupDomain in: struct samr_LookupDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-d64b-13a7ee310000 domain_name : * domain_name: struct lsa_String length : 0x0012 (18) size : 0x0012 (18) string : * string : 'UCCDOMAIN' [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) _samr_LookupDomain: access check ((granted: 0x00000030; required: 0x00000020) [2010/04/27 16:57:55, 2, pid=12782] rpc_server/srv_samr_nt.c:4118(_samr_LookupDomain) Returning domain sid for domain UCCDOMAIN -> S-1-5-352321536-3342141748-1574249315-1264630062 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_LookupDomain: struct samr_LookupDomain out: struct samr_LookupDomain sid : * sid : * sid : S-1-5-352321536-3342141748-1574249315-1264630062 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 68 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 66 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016f0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016f0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 003c 000a auth_len : 0000 000c call_id : 00000004 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000024 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd7d0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97dd7d0 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..60] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1600 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 04 00 00 ........ .<...... [0010] 00 24 00 00 00 00 00 00 00 00 00 02 00 04 00 00 .$...... ........ [0020] 00 01 04 00 00 00 00 00 05 00 00 00 15 34 09 35 ........ .....4.5 [0030] C7 63 23 D5 5D 2E B9 60 4B 00 00 00 00 .c#.]..` K.... [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 160 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xa0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 26 of length 164 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1664 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9985 (0x2701) smb_bcc=93 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 05 00 00 ........ .L...... [0020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 11 02 00 ......K. ..1..... [0040] 00 04 00 00 00 01 04 00 00 00 00 00 05 00 00 00 ........ ........ [0050] 15 34 09 35 C7 63 23 D5 5D 2E B9 60 4B .4.5.c#. ]..`K [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=76 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2701) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 76 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 76 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 60 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000005 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 60 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000034 0004 context_id: 0000 0006 opnum : 0007 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPENDOMAIN [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[7].fn == 0x82db430 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-d64b-13a7ee310000 access_mask : 0x00000211 (529) 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 1: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-352321536-3342141748-1574249315-1264630062 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:186(access_check_object) access_check_object: user rights access mask [0x3f0] [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) _samr_OpenDomain: access GRANTED (requested: 0x00000001, granted: 0x000003f1) [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:395(get_samr_info_by_sid) get_samr_info_by_sid: created new info for sid S-1-5-352321536-3342141748-1574249315-1264630062 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) Opened policy hnd[2] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:662(_samr_OpenDomain) _samr_OpenDomain: 662 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-d64b-13a7ee310000 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 984 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 60 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016e0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016e0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000005 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ec9e0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ec9e0 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1664 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 04 00 00 ........ ........ [0020] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 00 00 ......K. ..1..... [0030] 00 . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 172 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xac [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 27 of length 176 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=172 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1728 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 88 (0x58) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 88 (0x58) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9985 (0x2701) smb_bcc=105 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 58 00 00 00 06 00 00 ........ .X...... [0020] 00 40 00 00 00 00 00 32 00 00 00 00 00 04 00 00 .@.....2 ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 0E 00 10 ......K. ..1..... [0040] 00 00 00 02 00 08 00 00 00 00 00 00 00 07 00 00 ........ ........ [0050] 00 4D 00 41 00 41 00 58 00 45 00 4E 00 24 00 00 .M.A.A.X .E.N.$.. [0060] 00 80 00 00 00 B0 00 05 E0 ........ . [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=88 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2701) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 88 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 88 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 72 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0058 000a auth_len : 0000 000c call_id : 00000006 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 72 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 72, incoming data = 72 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000040 0004 context_id: 0000 0006 opnum : 0032 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x32 - api_rpcTNP: rpc command: SAMR_CREATEUSER2 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[50].fn == 0x82d2b60 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_CreateUser2: struct samr_CreateUser2 in: struct samr_CreateUser2 domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-d64b-13a7ee310000 account_name : * account_name: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'MAAXEN$' acct_flags : 0x00000080 (128) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 0: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 1: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_NO_AUTH_DATA_REQD access_mask : 0xe00500b0 (3758424240) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 1: SAMR_USER_ACCESS_GET_ATTRIBUTES 1: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 1: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) _samr_CreateUser2: access check ((granted: 0x000003f1; required: 0x00000010) [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:3709(can_create) Checking whether [MAAXEN$] can be created [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:69(lookup_name) lookup_name: MAAXEN$ => (domain), MAAXEN$ (name) [2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:70(lookup_name) lookup_name: flags = 0x071 [2010/04/27 16:57:55, 10, pid=12782] passdb/util_wellknown.c:151(lookup_wellknown_name) map_name_to_wellknown_sid: looking up MAAXEN$ [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(uid=MAAXEN$)(objectclass=sambaSamAccount))], scope => [2] [2010/04/27 16:57:55, 2, pid=12782] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: MAAXEN$ [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:549(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute displayName does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute cn does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\maaxen_, was [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute description does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLMPassword does not exist [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2010/04/27 16:57:55, 7, pid=12782] passdb/login_cache.c:87(login_cache_read) Looking up login cache for user MAAXEN$ [2010/04/27 16:57:55, 7, pid=12782] passdb/login_cache.c:103(login_cache_read) No cache entry found [2010/04/27 16:57:55, 9, pid=12782] passdb/pdb_ldap.c:1125(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] lib/username.c:133(Get_Pwnam_alloc) Finding user MAAXEN$ [2010/04/27 16:57:55, 5, pid=12782] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is maaxen$ [2010/04/27 16:57:55, 5, pid=12782] lib/username.c:85(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is MAAXEN$ [2010/04/27 16:57:55, 5, pid=12782] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [MAAXEN$]! [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = IDMAP/GID2SID/12004 couldn't be found [2010/04/27 16:57:55, 5, pid=12782] passdb/lookup_sid.c:1378(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 12004 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=12004))], scope => [2] [2010/04/27 16:57:55, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=12004)) [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:1173(legacy_gid_to_sid) LEGACY: gid 12004 -> sid S-1-22-2-12004 [2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=12004))], scope => [2] [2010/04/27 16:57:55, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=12004)) [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\maaxen_, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 from rid 1068 [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = IDMAP/SID2GID/S-1-5-352321536-3342141748-1574249315-1264630062-513 couldn't be found [2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) winbind failed to find a gid for sid S-1-5-352321536-3342141748-1574249315-1264630062-513 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 5, pid=12782] passdb/pdb_interface.c:1513(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 513. [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(sambaSID=S-1-5-352321536-3342141748-1574249315-1264630062-513)(objectclass=sambaSamAccount))], scope => [2] [2010/04/27 16:57:55, 4, pid=12782] passdb/pdb_ldap.c:1694(ldapsam_getsampwsid) ldapsam_getsampwsid: Unable to locate SID [S-1-5-352321536-3342141748-1574249315-1264630062-513] count=0 [2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-352321536-3342141748-1574249315-1264630062-513))], scope => [2] [2010/04/27 16:57:55, 2, pid=12782] passdb/pdb_ldap.c:2434(init_group_from_ldap) init_group_from_ldap: Entry found for group: 21 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:1279(legacy_sid_to_gid) LEGACY: sid S-1-5-352321536-3342141748-1574249315-1264630062-513 -> gid 21 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-513 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:3724(can_create) trying to create MAAXEN$, exists as User [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_CreateUser2: struct samr_CreateUser2 out: struct samr_CreateUser2 user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 access_granted : * access_granted : 0x00000000 (0) rid : * rid : 0x00000000 (0) result : NT_STATUS_USER_EXISTS [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 72 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016f0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016f0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 32. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0038 000a auth_len : 0000 000c call_id : 00000006 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000020 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ec9e0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ec9e0 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..56] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=112 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1728 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 56 (0x38) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=57 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 38 00 00 00 06 00 00 ........ .8...... [0010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 63 00 00 C0 .....c.. . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 128 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x80 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 28 of length 132 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1792 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9985 (0x2701) smb_bcc=61 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 07 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 04 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 ......K. ..1.. [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2701) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000007 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0001 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[1].fn == 0x82dc710 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-d64b-13a7ee310000 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) Closed policy [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:416(free_samr_cache) free_samr_cache: deleting cache for SID S-1-5-352321536-3342141748-1574249315-1264630062 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 28 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000007 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd560 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97dd560 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1792 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 128 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x80 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 29 of length 132 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1856 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9985 (0x2701) smb_bcc=61 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 08 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 03 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 ......K. ..1.. [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2701) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000008 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0001 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[1].fn == 0x82dc710 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-d64b-13a7ee310000 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) Closed policy [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 28 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000008 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd7d0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97dd7d0 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1856 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 08 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 41 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x29 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 30 of length 45 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1920 smt_wct=3 smb_vwv[ 0]= 9985 (0x2701) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBclose (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/reply.c:4488(reply_close) close fd=-1 fnum=9985 (numopen=1) [2010/04/27 16:57:55, 6, pid=12782] smbd/close.c:454(set_close_write_time) close_write_time: Thu Jan 1 07:59:59 1970 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \samr [2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:474(file_free) freed files structure 9985 (0 used) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=1920 smt_wct=0 smb_bcc=0 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 96 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x60 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 31 of length 100 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=96 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=1984 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 2560 (0xA00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=13 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = samr [2010/04/27 16:57:55, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) nt_open_pipe: Opening pipe \samr. [2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:103(file_new) allocated file structure 5890, fnum = 9986 (1 used) [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) Create pipe requested \samr [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) init_pipe_handles: created handle list for pipe \samr [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) init_pipe_handles: pipe_handles ref count = 1 for pipe \samr [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name David Adam, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) Created internal pipe \samr (pipes_open=0) [2010/04/27 16:57:55, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \samr [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 224 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xe0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 32 of length 228 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2048 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9986 (0x2702) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [0030] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 57 34 .+.H`... .....xW4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 57 34 12 34 12 CD 6....... .xW4.4.. [0080] AB EF 00 01 23 45 67 89 AC 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBwriteX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) reply_pipe_write_and_X: 2702 name: samr len: 160 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a0 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 11, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 11 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) api_pipe_bind_req: decode request. 1558 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_rb [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 03 000c context_id : 0000 000e num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00000f smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_uuid uuid 0010 data : 12345778 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 89 ac 0020 version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 0038 context_id : 0001 003a num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003b smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003c smb_io_uuid uuid 003c data : 12345778 0040 data : 1234 0042 data : abcd 0044 data : ef 00 0046 data : 01 23 45 67 89 ac 004c version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_uuid uuid 0050 data : 71710533 0054 data : beba 0056 data : 4937 0058 data : 83 19 005a data : b5 db ef 9c cc 36 0060 version: 00000001 0064 context_id : 0002 0066 num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000067 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000068 smb_io_uuid uuid 0068 data : 12345778 006c data : 1234 006e data : abcd 0070 data : ef 00 0072 data : 01 23 45 67 89 ac 0078 version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_uuid uuid 007c data : 6cb71c2c 0080 data : 9812 0082 data : 4540 0084 data : 03 00 0086 data : 00 00 00 00 00 00 008c version: 00000001 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) api_pipe_bind_req: \PIPE\samr -> \PIPE\samr [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) api_pipe_bind_req: make response. 1628 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) check_bind_req for \samr checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon checking netdfs checking srvsvc checking spoolss checking eventlog checking samr [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_ba [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000008 smb_io_rpc_addr_str 0008 len: 000b 000a str: \PIPE\samr. [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000015 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000020 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 144 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) writeX-IPC nwritten=160 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 59 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x3b [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 33 of length 63 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2112 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9986 (0x2702) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBreadX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) read_from_pipe: \samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 156 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x9c [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 34 of length 160 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=156 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2176 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 72 (0x48) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 72 (0x48) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9986 (0x2702) smb_bcc=89 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 48 00 00 00 02 00 00 ........ .H...... [0020] 00 30 00 00 00 00 00 40 00 00 00 02 00 06 00 00 .0.....@ ........ [0030] 00 00 00 00 00 06 00 00 00 4D 00 59 00 4C 00 41 ........ .M.Y.L.A [0040] 00 48 00 00 00 21 00 00 00 01 00 00 00 01 00 00 .H...!.. ........ [0050] 00 03 00 00 00 00 00 00 00 ........ . [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=72 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2702) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 72 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 72 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 56 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 56 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000030 0004 context_id: 0000 0006 opnum : 0040 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 165 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x40 - api_rpcTNP: rpc command: SAMR_CONNECT5 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[64].fn == 0x82cff10 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Connect5: struct samr_Connect5 in: struct samr_Connect5 system_name : * system_name : 'MYLAH' access_mask : 0x00000021 (33) 1: SAMR_ACCESS_CONNECT_TO_SERVER 0: SAMR_ACCESS_SHUTDOWN_SERVER 0: SAMR_ACCESS_INITIALIZE_SERVER 0: SAMR_ACCESS_CREATE_DOMAIN 0: SAMR_ACCESS_ENUM_DOMAINS 1: SAMR_ACCESS_LOOKUP_DOMAIN level_in : 0x00000001 (1) info_in : * info_in : union samr_ConnectInfo(case 1) info1: struct samr_ConnectInfo1 client_version : SAMR_CONNECT_AFTER_W2K (3) unknown2 : 0x00000000 (0) [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:3976(_samr_Connect2) _samr_Connect5: 3976 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) _samr_Connect5: access GRANTED (requested: 0x00000021, granted: 0x00000021) [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:395(get_samr_info_by_sid) get_samr_info_by_sid: created new info for sid (NULL) [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:400(get_samr_info_by_sid) get_samr_info_by_sid: created new info for NULL sid. [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) Opened policy hnd[1] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:4007(_samr_Connect2) _samr_Connect5: 4007 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Connect5: struct samr_Connect5 out: struct samr_Connect5 level_out : * level_out : 0x00000001 (1) info_out : * info_out : union samr_ConnectInfo(case 1) info1: struct samr_ConnectInfo1 client_version : SAMR_CONNECT_AFTER_W2K (3) unknown2 : 0x00000000 (0) connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-d64b-13a7ee310000 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 984 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 56 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016d0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016d0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 40. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0040 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000028 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ed578 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ed578 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..64] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=120 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2176 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 64 (0x40) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 64 (0x40) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=65 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 40 00 00 00 02 00 00 ........ .@...... [0010] 00 28 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .(...... ........ [0020] 00 03 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 00 00 ......K. ..1..... [0040] 00 . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 160 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xa0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 35 of length 164 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=160 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2240 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 76 (0x4C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 76 (0x4C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9986 (0x2702) smb_bcc=93 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 03 00 00 ........ .L...... [0020] 00 34 00 00 00 00 00 07 00 00 00 00 00 05 00 00 .4...... ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 02 00 ......K. ..1..... [0040] 00 04 00 00 00 01 04 00 00 00 00 00 05 00 00 00 ........ ........ [0050] 15 34 09 35 C7 63 23 D5 5D 2E B9 60 4B .4.5.c#. ]..`K [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=76 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2702) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 76 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 76 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 60 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 004c 000a auth_len : 0000 000c call_id : 00000003 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 60 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000034 0004 context_id: 0000 0006 opnum : 0007 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPENDOMAIN [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[7].fn == 0x82db430 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain in: struct samr_OpenDomain connect_handle : * connect_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-d64b-13a7ee310000 access_mask : 0x00000200 (512) 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 0: SAMR_DOMAIN_ACCESS_CREATE_USER 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 sid : * sid : S-1-5-352321536-3342141748-1574249315-1264630062 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:186(access_check_object) access_check_object: user rights access mask [0x3f0] [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) _samr_OpenDomain: access GRANTED (requested: 0x00000000, granted: 0x000003f0) [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:395(get_samr_info_by_sid) get_samr_info_by_sid: created new info for sid S-1-5-352321536-3342141748-1574249315-1264630062 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) Opened policy hnd[2] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:662(_samr_OpenDomain) _samr_OpenDomain: 662 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_OpenDomain: struct samr_OpenDomain out: struct samr_OpenDomain domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-d64b-13a7ee310000 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 984 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 60 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016e0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016e0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000003 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97eaf30 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97eaf30 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2240 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 06 00 00 ........ ........ [0020] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 00 00 ......K. ..1..... [0030] 00 . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 178 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xb2 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 36 of length 182 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=178 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2304 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 94 (0x5E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 94 (0x5E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9986 (0x2702) smb_bcc=111 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 5E 00 00 00 04 00 00 ........ .^...... [0020] 00 46 00 00 00 00 00 11 00 00 00 00 00 06 00 00 .F...... ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 01 00 00 ......K. ..1..... [0040] 00 E8 03 00 00 00 00 00 00 01 00 00 00 0E 00 10 ........ ........ [0050] 00 00 00 02 00 08 00 00 00 00 00 00 00 07 00 00 ........ ........ [0060] 00 4D 00 41 00 41 00 58 00 45 00 4E 00 24 00 .M.A.A.X .E.N.$. [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=94 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2702) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 94 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 94 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 94 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 94, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 78 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 78 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 005e 000a auth_len : 0000 000c call_id : 00000004 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 78 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 78, incoming data = 78 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000046 0004 context_id: 0000 0006 opnum : 0011 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUPNAMES [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[17].fn == 0x82d9240 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames in: struct samr_LookupNames domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-d64b-13a7ee310000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x000e (14) size : 0x000e (14) string : * string : 'MAAXEN$' [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:1816(_samr_LookupNames) _samr_LookupNames: 1816 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) _samr_LookupNames: access check ((granted: 0x000003f0; required: 0000000000) [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:1841(_samr_LookupNames) _samr_LookupNames: looking name on SID S-1-5-352321536-3342141748-1574249315-1264630062 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(uid=MAAXEN$)(objectclass=sambaSamAccount))], scope => [2] [2010/04/27 16:57:55, 2, pid=12782] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: MAAXEN$ [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:549(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute displayName does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute cn does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\maaxen_, was [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute description does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLMPassword does not exist [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2010/04/27 16:57:55, 7, pid=12782] passdb/login_cache.c:87(login_cache_read) Looking up login cache for user MAAXEN$ [2010/04/27 16:57:55, 7, pid=12782] passdb/login_cache.c:103(login_cache_read) No cache entry found [2010/04/27 16:57:55, 9, pid=12782] passdb/pdb_ldap.c:1125(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] lib/username.c:133(Get_Pwnam_alloc) Finding user MAAXEN$ [2010/04/27 16:57:55, 5, pid=12782] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is maaxen$ [2010/04/27 16:57:55, 5, pid=12782] lib/username.c:85(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is MAAXEN$ [2010/04/27 16:57:55, 5, pid=12782] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals did find user [MAAXEN$]! [2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=12004))], scope => [2] [2010/04/27 16:57:55, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=12004)) [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\maaxen_, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 from rid 1068 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-513 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:1883(_samr_LookupNames) _samr_LookupNames: 1883 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_LookupNames: struct samr_LookupNames out: struct samr_LookupNames rids : * rids: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x0000042c (1068) types : * types: struct samr_Ids count : 0x00000001 (1) ids : * ids: ARRAY(1) ids : 0x00000001 (1) result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 8 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 78 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x9801700 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x9801700 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 003c 000a auth_len : 0000 000c call_id : 00000004 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000024 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..60] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=116 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2304 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 60 (0x3C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=61 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 04 00 00 ........ .<...... [0010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ [0020] 00 01 00 00 00 2C 04 00 00 01 00 00 00 04 00 02 .....,.. ........ [0030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 136 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x88 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 37 of length 140 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=136 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2368 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 52 (0x34) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 52 (0x34) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9986 (0x2702) smb_bcc=69 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 34 00 00 00 05 00 00 ........ .4...... [0020] 00 1C 00 00 00 00 00 22 00 00 00 00 00 06 00 00 ......." ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 B0 00 00 ......K. ..1..... [0040] 00 2C 04 00 00 .,... [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=52 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2702) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 52 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 52 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 36 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0034 000a auth_len : 0000 000c call_id : 00000005 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 36 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000001c 0004 context_id: 0000 0006 opnum : 0022 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPENUSER [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[34].fn == 0x82d5e70 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_OpenUser: struct samr_OpenUser in: struct samr_OpenUser domain_handle : * domain_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-d64b-13a7ee310000 access_mask : 0x000000b0 (176) 0: SAMR_USER_ACCESS_GET_NAME_ETC 0: SAMR_USER_ACCESS_GET_LOCALE 0: SAMR_USER_ACCESS_SET_LOC_COM 0: SAMR_USER_ACCESS_GET_LOGONINFO 1: SAMR_USER_ACCESS_GET_ATTRIBUTES 1: SAMR_USER_ACCESS_SET_ATTRIBUTES 0: SAMR_USER_ACCESS_CHANGE_PASSWORD 1: SAMR_USER_ACCESS_SET_PASSWORD 0: SAMR_USER_ACCESS_GET_GROUPS 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP rid : 0x0000042c (1068) [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) _samr_OpenUser: access check ((granted: 0x000003f0; required: 0x00000200) [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\maaxen_, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 from rid 1068 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-513 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:2398(_samr_OpenUser) _samr_OpenUser: adding machine account rights to handle for user MAAXEN$ [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:186(access_check_object) access_check_object: user rights access mask [0xd04e4] [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) _samr_OpenUser: access GRANTED (requested: 0x00000010, granted: 0x000d04f4) [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:395(get_samr_info_by_sid) get_samr_info_by_sid: created new info for sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_OpenUser: struct samr_OpenUser out: struct samr_OpenUser user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-d64b-13a7ee310000 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 1216 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 36 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016b0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016b0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000005 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ed578 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ed578 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2368 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 07 00 00 ........ ........ [0020] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 00 00 ......K. ..1..... [0030] 00 . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 130 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x82 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 38 of length 134 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2432 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9986 (0x2702) smb_bcc=63 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 06 00 00 ........ ........ [0020] 00 16 00 00 00 00 00 24 00 00 00 00 00 07 00 00 .......$ ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 10 00 ......K. ..1.... [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=46 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2702) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 46 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 46 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 30 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002e 000a auth_len : 0000 000c call_id : 00000006 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 30 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000016 0004 context_id: 0000 0006 opnum : 0024 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x24 - api_rpcTNP: rpc command: SAMR_QUERYUSERINFO [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[36].fn == 0x82d5850 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_QueryUserInfo: struct samr_QueryUserInfo in: struct samr_QueryUserInfo user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-d64b-13a7ee310000 level : 0x0010 (16) [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) _samr_QueryUserInfo: access check ((granted: 0x000d04f4; required: 0x00000010) [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:3132(_samr_QueryUserInfo) _samr_QueryUserInfo: sid:S-1-5-352321536-3342141748-1574249315-1264630062-1068 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:3139(_samr_QueryUserInfo) _samr_QueryUserInfo: user info level: 16 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\maaxen_, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 from rid 1068 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-513 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_samr_nt.c:3155(_samr_QueryUserInfo) User:[MAAXEN$] [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:3232(_samr_QueryUserInfo) _samr_QueryUserInfo: 3232 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_QueryUserInfo: struct samr_QueryUserInfo out: struct samr_QueryUserInfo info : * info : * info : union samr_UserInfo(case 16) info16: struct samr_UserInfo16 acct_flags : 0x00000080 (128) 0: ACB_DISABLED 0: ACB_HOMDIRREQ 0: ACB_PWNOTREQ 0: ACB_TEMPDUP 0: ACB_NORMAL 0: ACB_MNS 0: ACB_DOMTRUST 1: ACB_WSTRUST 0: ACB_SVRTRUST 0: ACB_PWNOEXP 0: ACB_AUTOLOCK 0: ACB_ENC_TXT_PWD_ALLOWED 0: ACB_SMARTCARD_REQUIRED 0: ACB_TRUSTED_FOR_DELEGATION 0: ACB_NOT_DELEGATED 0: ACB_USE_DES_KEY_ONLY 0: ACB_DONT_REQUIRE_PREAUTH 0: ACB_PW_EXPIRED 0: ACB_NO_AUTH_DATA_REQD result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 728 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 30 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0028 000a auth_len : 0000 000c call_id : 00000006 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000010 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..40] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=96 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2432 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 40 (0x28) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 40 (0x28) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=41 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 28 00 00 00 06 00 00 ........ .(...... [0010] 00 10 00 00 00 00 00 00 00 00 00 02 00 10 00 00 ........ ........ [0020] 00 80 00 00 00 00 00 00 00 ........ . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 128 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x80 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 39 of length 132 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2496 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9986 (0x2702) smb_bcc=61 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 07 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 2C 00 00 00 00 00 07 00 00 ......., ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 ......K. ..1.. [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2702) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000007 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 002c [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x2c - api_rpcTNP: rpc command: SAMR_GETUSERPWINFO [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[44].fn == 0x82d3f70 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_GetUserPwInfo: struct samr_GetUserPwInfo in: struct samr_GetUserPwInfo user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-d64b-13a7ee310000 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:681(_samr_GetUserPwInfo) _samr_GetUserPwInfo: 681 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) _samr_GetUserPwInfo: access check ((granted: 0x000d04f4; required: 0x00000010) [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:953(lookup_sid) lookup_sid called for SID 'S-1-5-352321536-3342141748-1574249315-1264630062-1068' [2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:708(check_dom_sid_to_level) Accepting SID S-1-5-352321536-3342141748-1574249315-1264630062 in level 1 [2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:468(lookup_rids) lookup_rids called for domain sid 'S-1-5-352321536-3342141748-1574249315-1264630062' [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 5, pid=12782] passdb/pdb_interface.c:1513(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 1068. [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\maaxen_, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 from rid 1068 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-513 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] passdb/pdb_interface.c:1635(pdb_default_lookup_rids) lookup_rids: MAAXEN$:1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:988(lookup_sid) Sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 -> UCCDOMAIN\MAAXEN$(1) [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = ACCT_POL/min password length couldn't be found [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_ldap.c:3963(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=UCCDOMAIN,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(objectClass=sambaDomain)], scope => [0] [2010/04/27 16:57:55, 10, pid=12782] lib/account_pol.c:396(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:131(gencache_set) Adding cache entry with key = ACCT_POL/min password length; value = 5 and timeout = Tue Apr 27 16:58:55 2010 (60 seconds ahead) [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:194(gencache_get) Cache entry with key = ACCT_POL/user must logon to change password couldn't be found [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_ldap.c:3963(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=UCCDOMAIN,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(objectClass=sambaDomain)], scope => [0] [2010/04/27 16:57:55, 10, pid=12782] lib/account_pol.c:396(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:131(gencache_set) Adding cache entry with key = ACCT_POL/user must logon to change password; value = 0 and timeout = Tue Apr 27 16:58:55 2010 (60 seconds ahead) [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:727(_samr_GetUserPwInfo) _samr_GetUserPwInfo: 727 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_GetUserPwInfo: struct samr_GetUserPwInfo out: struct samr_GetUserPwInfo info : * info: struct samr_PwInfo min_password_length : 0x0005 (5) password_properties : 0x00000000 (0) 0: DOMAIN_PASSWORD_COMPLEX 0: DOMAIN_PASSWORD_NO_ANON_CHANGE 0: DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0: DOMAIN_PASSWORD_LOCKOUT_ADMINS 0: DOMAIN_PASSWORD_STORE_CLEARTEXT 0: DOMAIN_REFUSE_PASSWORD_CHANGE result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 28 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0024 000a auth_len : 0000 000c call_id : 00000007 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 0000000c 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ed578 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ed578 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2496 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... [0010] 00 0C 00 00 00 00 00 00 00 05 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 ..... [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 665 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x299 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 40 of length 669 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=665 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2560 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 581 (0x245) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 581 (0x245) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9986 (0x2702) smb_bcc=598 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 45 02 00 00 08 00 00 ........ .E...... [0020] 00 2D 02 00 00 00 00 3A 00 00 00 00 00 07 00 00 .-.....: ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 1A 00 1A ......K. ..1..... [0040] 00 AF 6D FD 87 67 22 C5 ED F8 01 D7 95 6C D2 F7 ..m..g". .....l.. [0050] 92 21 4B 5D E1 B7 2C F3 0B 35 49 1F 8E 6D 6D BE .!K]..,. .5I..mm. [0060] CA F2 F1 20 23 E3 D2 2B 8C 11 CD 17 AD CB 87 AF ... #..+ ........ [0070] 26 AF B1 E6 1E 18 75 F2 C0 58 B4 B0 7A F7 38 98 &.....u. .X..z.8. [0080] 57 08 AA 9D 7A 59 6B 86 47 6E 22 52 AC C2 1F B1 W...zYk. Gn"R.... [0090] 25 C7 AE 78 97 E3 BA 8B B6 D5 3B BD DC 56 98 43 %..x.... ..;..V.C [00A0] 9C F4 44 37 B3 21 27 F2 B0 0F C9 A8 F9 A8 39 26 ..D7.!'. ......9& [00B0] 1F 60 A9 ED AF 11 80 E0 FC 96 55 80 AC 0B 5B B7 .`...... ..U...[. [00C0] CC 42 C7 E3 52 78 8A 4B 70 AA A1 7F BC 0A 5D BF .B..Rx.K p.....]. [00D0] 0E 6B 56 B6 32 EE 5F 8B 5C BF 95 BA E0 08 7C 48 .kV.2._. \.....|H [00E0] D4 05 55 16 F2 28 97 03 E1 B4 A8 F9 88 27 5A A4 ..U..(.. .....'Z. [00F0] C7 0C BE 21 51 1B 56 20 32 6B E4 9D 7A 3C 4B BD ...!Q.V 2k..zk.....m [0150] FC 0C 63 19 55 6E 21 7C D6 6B 8C 2F 53 DF 2B BE ..c.Un!| .k./S.+. [0160] 3B 7A A6 D9 82 05 A0 48 3E F7 17 8F 7D 62 86 7D ;z.....H >...}b.} [0170] E5 F4 C4 46 02 06 36 2B B1 73 FC 2E 34 40 7B 3B ...F..6+ .s..4@{; [0180] C4 6B 3B C0 99 61 AF BD 43 E4 9F A9 C3 5A DB 64 .k;..a.. C....Z.d [0190] C9 E7 53 A9 0A 8F 07 E8 71 BE 97 03 A1 5E 13 78 ..S..... q....^.x [01A0] 19 81 EE B7 06 98 B7 8B BD D3 BA 2C 81 0D B9 75 ........ ...,...u [01B0] 87 07 B1 A0 91 A2 8A 20 F2 C8 2E 01 5A 31 6B 2F ....... ....Z1k/ [01C0] 42 3D BF 30 EE FA BB 08 3E 5D 20 34 75 F2 86 45 B=.0.... >] 4u..E [01D0] CB C1 EA AD BD 48 3F AC 8D B1 81 C3 6A 58 07 CD .....H?. ....jX.. [01E0] 0B AC B2 35 7F 98 17 B8 CE 44 9E 61 71 82 3E FD ...5.... .D.aq.>. [01F0] BA 71 A1 21 02 36 54 F4 53 68 EE 60 BC 6A 03 0E .q.!.6T. Sh.`.j.. [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=581 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2702) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 581 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 581 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 581 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 581, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 565 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 565 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0245 000a auth_len : 0000 000c call_id : 00000008 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 565 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 565, incoming data = 565 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 0000022d 0004 context_id: 0000 0006 opnum : 003a [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x3a - api_rpcTNP: rpc command: SAMR_SETUSERINFO2 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[58].fn == 0x82d12d0 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_SetUserInfo2: struct samr_SetUserInfo2 in: struct samr_SetUserInfo2 user_handle : * user_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-d64b-13a7ee310000 level : 0x001a (26) info : * info : union samr_UserInfo(case 26) info26: struct samr_UserInfo26 password: struct samr_CryptPasswordEx data : af6dfd876722c5edf801d7956cd2f792214b5de1b72cf30b35491f8e6d6dbecaf2f12023e3d22b8c11cd17adcb87af26afb1e61e1875f2c058b4b07af738985708aa9d7a596b86476e2252acc21fb125c7ae7897e3ba8bb6d53bbddc5698439cf44437b32127f2b00fc9a8f9a839261f60a9edaf1180e0fc965580ac0b5bb7cc42c7e352788a4b70aaa17fbc0a5dbf0e6b56b632ee5f8b5cbf95bae0087c48d4055516f2289703e1b4a8f988275aa4c70cbe21511b5620326be49d7a3c4bbd6a0c94c7f3891fb9c519fccad6658b7d9142a67f4d444187a64df0a7789f79d700c42445cb0ad62006f4fdd69e38f9fed7c52d8a45412e3cb870092595307ae329ba6f062f268d823e6bc1ccdae8de6dfc0c6319556e217cd66b8c2f53df2bbe3b7aa6d98205a0483ef7178f7d62867de5f4c4460206362bb173fc2e34407b3bc46b3bc09961afbd43e49fa9c35adb64c9e753a90a8f07e871be9703a15e13781981eeb70698b78bbdd3ba2c810db9758707b1a091a28a20f2c82e015a316b2f423dbf30eefabb083e5d203475f28645cbc1eaadbd483fac8db181c36a5807cd0bacb2357f9817b8ce449e6171823efdba71a121023654f45368ee60bc6a030ed60ee70277278e6194fa6f4c51c317839bd417049aedb758832bba6cb23d7a417f2bf385e2bc +> 74d93aa139671b5d60c107c966022856788f76c7f52fa4129e49f67b86138aa744f87fd699544335540e70416fed7a password_expired : 0x00 (0) [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:5061(_samr_SetUserInfo) _samr_SetUserInfo: 5061 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) _samr_SetUserInfo: access check ((granted: 0x000d04f4; required: 0x00000080) [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:5128(_samr_SetUserInfo) _samr_SetUserInfo: sid:S-1-5-352321536-3342141748-1574249315-1264630062-1068, level:26 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username MAAXEN$, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\maaxen_, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 from rid 1068 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-513 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:4812(set_user_info_pw) Attempting administrator password change for user MAAXEN$ [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:4832(set_user_info_pw) Changing trust account or non-unix-user password, not updating /etc/passwd [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:4857(set_user_info_pw) set_user_info_pw: pdb_update_pwd() [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_util.c:608(copy_id21_to_sam_passwd) INFO_26 SAMR_FIELD_EXPIRED_FLAG: 00 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(uid=MAAXEN$)(objectclass=sambaSamAccount))], scope => [2] [2010/04/27 16:57:55, 4, pid=12782] passdb/pdb_ldap.c:2015(ldapsam_update_sam_account) ldapsam_update_sam_account: user MAAXEN$ to be modified has dn: uid=MAAXEN$,ou=Computers,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au [2010/04/27 16:57:55, 2, pid=12782] passdb/pdb_ldap.c:1199(init_ldap_from_sam) init_ldap_from_sam: Setting entry for user: MAAXEN$ [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:276(smbldap_get_single_attribute) smbldap_get_single_attribute: [sambaLMPassword] = [] [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:597(smbldap_make_mod) smbldap_make_mod: deleting attribute |sambaNTPassword| values |2143C883513FA5AAF69DEA0ABDDA1444| [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:606(smbldap_make_mod) smbldap_make_mod: adding attribute |sambaNTPassword| value |003D857DCA3CBD25EF38653931BE46A5| [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:597(smbldap_make_mod) smbldap_make_mod: deleting attribute |sambaPwdLastSet| values |1272357882| [2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:606(smbldap_make_mod) smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1272358675| [2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1491(smbldap_modify) smbldap_modify: dn => [uid=MAAXEN$,ou=Computers,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au] [2010/04/27 16:57:55, 2, pid=12782] passdb/pdb_ldap.c:2060(ldapsam_update_sam_account) ldapsam_update_sam_account: successfully modified uid = MAAXEN$ in the LDAP database [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_SetUserInfo2: struct samr_SetUserInfo2 out: struct samr_SetUserInfo2 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 565 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x9801ad0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x9801ad0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 001c 000a auth_len : 0000 000c call_id : 00000008 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000004 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..28] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=84 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2560 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 28 (0x1C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 28 (0x1C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 08 00 00 ........ ........ [0010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 128 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x80 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 41 of length 132 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2624 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9986 (0x2702) smb_bcc=61 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 09 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 07 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 ......K. ..1.. [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2702) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000009 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0001 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[1].fn == 0x82dc710 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-d64b-13a7ee310000 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) Closed policy [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:416(free_samr_cache) free_samr_cache: deleting cache for SID S-1-5-352321536-3342141748-1574249315-1264630062 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 28 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000009 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x9810660 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x9810660 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2624 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 128 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x80 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 42 of length 132 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2688 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9986 (0x2702) smb_bcc=61 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0A 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 06 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 ......K. ..1.. [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2702) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 0000000a [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0001 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[1].fn == 0x82dc710 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-d64b-13a7ee310000 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) Closed policy [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:416(free_samr_cache) free_samr_cache: deleting cache for SID S-1-5-352321536-3342141748-1574249315-1264630062 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 28 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 0000000a [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd7d0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97dd7d0 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2688 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 128 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x80 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 43 of length 132 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2752 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9986 (0x2702) smb_bcc=61 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0B 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 05 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 ......K. ..1.. [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 2702) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 0000000b [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0001 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\samr [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[1].fn == 0x82dc710 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close in: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-d64b-13a7ee310000 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) Closed policy [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) samr_Close: struct samr_Close out: struct samr_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \samr successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 28 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \samr len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 0000000b [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2752 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 41 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x29 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 44 of length 45 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2816 smt_wct=3 smb_vwv[ 0]= 9986 (0x2702) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBclose (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/reply.c:4488(reply_close) close fd=-1 fnum=9986 (numopen=1) [2010/04/27 16:57:55, 6, pid=12782] smbd/close.c:454(set_close_write_time) close_write_time: Thu Jan 1 07:59:59 1970 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \samr [2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:474(file_free) freed files structure 9986 (0 used) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2816 smt_wct=0 smb_bcc=0 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 104 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x68 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 45 of length 108 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=2880 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [0010] 00 4E 00 00 00 .N... [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = NETLOGON [2010/04/27 16:57:55, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) nt_open_pipe: Opening pipe \NETLOGON. [2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:103(file_new) allocated file structure 5891, fnum = 9987 (1 used) [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) Create pipe requested \NETLOGON [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) init_pipe_handles: created handle list for pipe \NETLOGON [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) init_pipe_handles: pipe_handles ref count = 1 for pipe \NETLOGON [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name David Adam, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) Created internal pipe \NETLOGON (pipes_open=0) [2010/04/27 16:57:55, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \NETLOGON [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 224 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xe0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 46 of length 228 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=2944 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9987 (0x2703) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 CF FB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBwriteX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) reply_pipe_write_and_X: 2703 name: NETLOGON len: 160 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a0 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 11, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 11 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) api_pipe_bind_req: decode request. 1558 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_rb [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 03 000c context_id : 0000 000e num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00000f smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_uuid uuid 0010 data : 12345678 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 cf fb 0020 version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 0038 context_id : 0001 003a num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003b smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003c smb_io_uuid uuid 003c data : 12345678 0040 data : 1234 0042 data : abcd 0044 data : ef 00 0046 data : 01 23 45 67 cf fb 004c version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_uuid uuid 0050 data : 71710533 0054 data : beba 0056 data : 4937 0058 data : 83 19 005a data : b5 db ef 9c cc 36 0060 version: 00000001 0064 context_id : 0002 0066 num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000067 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000068 smb_io_uuid uuid 0068 data : 12345678 006c data : 1234 006e data : abcd 0070 data : ef 00 0072 data : 01 23 45 67 cf fb 0078 version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_uuid uuid 007c data : 6cb71c2c 0080 data : 9812 0082 data : 4540 0084 data : 03 00 0086 data : 00 00 00 00 00 00 008c version: 00000001 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) api_pipe_bind_req: make response. 1628 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) check_bind_req for \NETLOGON checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_ba [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000008 smb_io_rpc_addr_str 0008 len: 000f 000a str: \PIPE\netlogon. [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000019 smb_io_rpc_results 001c num_results: 01 0020 result : 0000 0022 reason : 0000 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 144 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) writeX-IPC nwritten=160 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 59 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x3b [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 47 of length 63 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3008 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9987 (0x2703) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBreadX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \NETLOGON len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) read_from_pipe: \NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=72 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 144 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x90 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 48 of length 148 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=3072 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9987 (0x2703) smb_bcc=77 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 ........ .<...... [0020] 00 24 00 00 00 00 00 28 00 00 00 02 00 08 00 00 .$.....( ........ [0030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 4D 00 59 ........ .\.\.M.Y [0040] 00 4C 00 41 00 48 00 00 00 3F 00 00 00 .L.A.H.. .?... [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=60 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "NETLOGON" (pnum 2703) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97e18f8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 60 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 60 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 003c 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000024 0004 context_id: 0000 0006 opnum : 0028 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 169 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\NETLOGON [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \NETLOGON op 0x28 - api_rpcTNP: rpc command: NETR_DSRENUMERATEDOMAINTRUSTS [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[40].fn == 0x82696a0 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts in: struct netr_DsrEnumerateDomainTrusts server_name : * server_name : '\\MYLAH' trust_flags : 0x0000003f (63) 1: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 1: NETR_TRUST_FLAG_TREEROOT 1: NETR_TRUST_FLAG_PRIMARY 1: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2345(api_rpcTNP) api_rpcTNP: rng fault return [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 23 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000000 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_OP_RNG_ERROR 001c reserved: 00000000 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 44 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016c0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016c0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \NETLOGON len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) read_from_pipe: \NETLOGON: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd560 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97dd560 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..32] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=3072 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... [0010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [0020] 00 . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 41 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x29 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 49 of length 45 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3136 smt_wct=3 smb_vwv[ 0]= 9987 (0x2703) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBclose (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/reply.c:4488(reply_close) close fd=-1 fnum=9987 (numopen=1) [2010/04/27 16:57:55, 6, pid=12782] smbd/close.c:454(set_close_write_time) close_write_time: Thu Jan 1 07:59:59 1970 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \NETLOGON [2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:474(file_free) freed files structure 9987 (0 used) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3136 smt_wct=0 smb_bcc=0 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 104 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x68 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 50 of length 108 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=3200 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [0010] 00 4E 00 00 00 .N... [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = NETLOGON [2010/04/27 16:57:55, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) nt_open_pipe: Opening pipe \NETLOGON. [2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:103(file_new) allocated file structure 5892, fnum = 9988 (1 used) [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) Create pipe requested \NETLOGON [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) init_pipe_handles: created handle list for pipe \NETLOGON [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) init_pipe_handles: pipe_handles ref count = 1 for pipe \NETLOGON [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name David Adam, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) Created internal pipe \NETLOGON (pipes_open=0) [2010/04/27 16:57:55, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \NETLOGON [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 224 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xe0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 51 of length 228 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3264 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9988 (0x2704) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 CF FB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBwriteX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) reply_pipe_write_and_X: 2704 name: NETLOGON len: 160 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a0 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 11, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 11 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) api_pipe_bind_req: decode request. 1558 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_rb [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 03 000c context_id : 0000 000e num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00000f smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_uuid uuid 0010 data : 12345678 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 cf fb 0020 version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 0038 context_id : 0001 003a num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003b smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003c smb_io_uuid uuid 003c data : 12345678 0040 data : 1234 0042 data : abcd 0044 data : ef 00 0046 data : 01 23 45 67 cf fb 004c version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_uuid uuid 0050 data : 71710533 0054 data : beba 0056 data : 4937 0058 data : 83 19 005a data : b5 db ef 9c cc 36 0060 version: 00000001 0064 context_id : 0002 0066 num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000067 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000068 smb_io_uuid uuid 0068 data : 12345678 006c data : 1234 006e data : abcd 0070 data : ef 00 0072 data : 01 23 45 67 cf fb 0078 version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_uuid uuid 007c data : 6cb71c2c 0080 data : 9812 0082 data : 4540 0084 data : 03 00 0086 data : 00 00 00 00 00 00 008c version: 00000001 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) api_pipe_bind_req: make response. 1628 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) check_bind_req for \NETLOGON checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_ba [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000008 smb_io_rpc_addr_str 0008 len: 000f 000a str: \PIPE\netlogon. [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000019 smb_io_rpc_results 001c num_results: 01 0020 result : 0000 0022 reason : 0000 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 144 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) writeX-IPC nwritten=160 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 59 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x3b [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 52 of length 63 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3328 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9988 (0x2704) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBreadX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \NETLOGON len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) read_from_pipe: \NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=72 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 144 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x90 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 53 of length 148 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=144 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=3392 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 60 (0x3C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 60 (0x3C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9988 (0x2704) smb_bcc=77 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 ........ .<...... [0020] 00 24 00 00 00 00 00 28 00 00 00 02 00 08 00 00 .$.....( ........ [0030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 4D 00 59 ........ .\.\.M.Y [0040] 00 4C 00 41 00 48 00 00 00 0A 00 00 00 .L.A.H.. ..... [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=60 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "NETLOGON" (pnum 2704) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97e18f8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 60 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 60 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 003c 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000024 0004 context_id: 0000 0006 opnum : 0028 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 169 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\NETLOGON [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \NETLOGON op 0x28 - api_rpcTNP: rpc command: NETR_DSRENUMERATEDOMAINTRUSTS [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[40].fn == 0x82696a0 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts in: struct netr_DsrEnumerateDomainTrusts server_name : * server_name : '\\MYLAH' trust_flags : 0x0000000a (10) 0: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 1: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 0: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2345(api_rpcTNP) api_rpcTNP: rng fault return [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 03 0003 flags : 23 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0020 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000000 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000018 smb_io_rpc_hdr_fault fault 0018 status : DCERPC_FAULT_OP_RNG_ERROR 001c reserved: 00000000 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 44 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016c0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016c0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \NETLOGON len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) read_from_pipe: \NETLOGON: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd7d0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97dd7d0 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..32] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=88 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=3392 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 32 (0x20) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 32 (0x20) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=33 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... [0010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ [0020] 00 . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 41 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x29 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 54 of length 45 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3456 smt_wct=3 smb_vwv[ 0]= 9988 (0x2704) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBclose (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/reply.c:4488(reply_close) close fd=-1 fnum=9988 (numopen=1) [2010/04/27 16:57:55, 6, pid=12782] smbd/close.c:454(set_close_write_time) close_write_time: Thu Jan 1 07:59:59 1970 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \NETLOGON [2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:474(file_free) freed files structure 9988 (0 used) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3456 smt_wct=0 smb_bcc=0 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 104 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x68 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 55 of length 108 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=3520 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4608 (0x1200) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 256 (0x100) smb_bcc=21 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O [0010] 00 4E 00 00 00 .N... [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = NETLOGON [2010/04/27 16:57:55, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) nt_open_pipe: Opening pipe \NETLOGON. [2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:103(file_new) allocated file structure 5893, fnum = 9989 (1 used) [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) Create pipe requested \NETLOGON [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) init_pipe_handles: created handle list for pipe \NETLOGON [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) init_pipe_handles: pipe_handles ref count = 1 for pipe \NETLOGON [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name David Adam, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) Created internal pipe \NETLOGON (pipes_open=0) [2010/04/27 16:57:55, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \NETLOGON [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 224 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xe0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 56 of length 228 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3584 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9989 (0x2705) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 CF FB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBwriteX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) reply_pipe_write_and_X: 2705 name: NETLOGON len: 160 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a0 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 11, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 11 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) api_pipe_bind_req: decode request. 1558 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_rb [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 03 000c context_id : 0000 000e num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00000f smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_uuid uuid 0010 data : 12345678 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 cf fb 0020 version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 0038 context_id : 0001 003a num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003b smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003c smb_io_uuid uuid 003c data : 12345678 0040 data : 1234 0042 data : abcd 0044 data : ef 00 0046 data : 01 23 45 67 cf fb 004c version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_uuid uuid 0050 data : 71710533 0054 data : beba 0056 data : 4937 0058 data : 83 19 005a data : b5 db ef 9c cc 36 0060 version: 00000001 0064 context_id : 0002 0066 num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000067 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000068 smb_io_uuid uuid 0068 data : 12345678 006c data : 1234 006e data : abcd 0070 data : ef 00 0072 data : 01 23 45 67 cf fb 0078 version: 00000001 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_uuid uuid 007c data : 6cb71c2c 0080 data : 9812 0082 data : 4540 0084 data : 03 00 0086 data : 00 00 00 00 00 00 008c version: 00000001 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) api_pipe_bind_req: make response. 1628 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) check_bind_req for \NETLOGON checking lsarpc checking winreg checking initshutdown checking dssetup checking wkssvc checking svcctl checking ntsvcs checking netlogon [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_ba [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000008 smb_io_rpc_addr_str 0008 len: 000f 000a str: \PIPE\netlogon. [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000019 smb_io_rpc_results 001c num_results: 01 0020 result : 0000 0022 reason : 0000 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0048 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 144 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) writeX-IPC nwritten=160 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 59 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x3b [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 57 of length 63 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3648 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9989 (0x2705) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBreadX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \NETLOGON len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) read_from_pipe: \NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=72 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 140 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x8c [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 58 of length 144 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=140 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=3712 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 56 (0x38) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9989 (0x2705) smb_bcc=73 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 38 00 00 00 02 00 00 ........ .8...... [0020] 00 20 00 00 00 00 00 13 00 00 00 02 00 08 00 00 . ...... ........ [0030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 4D 00 59 ........ .\.\.M.Y [0040] 00 4C 00 41 00 48 00 00 00 .L.A.H.. . [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=56 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "NETLOGON" (pnum 2705) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97e18f8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 56 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 56 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 56 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 56, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 40 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 40 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0038 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 40 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 40, incoming data = 40 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000020 0004 context_id: 0000 0006 opnum : 0013 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 169 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\NETLOGON [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \NETLOGON op 0x13 - api_rpcTNP: rpc command: NETR_NETRENUMERATETRUSTEDDOMAINS [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[19].fn == 0x826d930 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_NetrEnumerateTrustedDomains: struct netr_NetrEnumerateTrustedDomains in: struct netr_NetrEnumerateTrustedDomains server_name : * server_name : '\\MYLAH' [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_netlog_nt.c:279(_netr_NetrEnumerateTrustedDomains) _netr_NetrEnumerateTrustedDomains: 279 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_netlog_nt.c:287(_netr_NetrEnumerateTrustedDomains) _netr_NetrEnumerateTrustedDomains: 287 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) netr_NetrEnumerateTrustedDomains: struct netr_NetrEnumerateTrustedDomains out: struct netr_NetrEnumerateTrustedDomains trusted_domains_blob : * trusted_domains_blob: struct netr_Blob length : 0x00000002 (2) data : * data: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) result : WERR_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \NETLOGON successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 2 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 40 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016b0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016b0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \NETLOGON len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 20. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000014 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..44] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=100 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=3712 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 44 (0x2C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=45 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 2C 00 00 00 02 00 00 ........ .,...... [0010] 00 14 00 00 00 00 00 00 00 02 00 00 00 00 00 02 ........ ........ [0020] 00 02 00 00 00 00 00 00 00 00 00 00 00 ........ ..... [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 41 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x29 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 59 of length 45 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3776 smt_wct=3 smb_vwv[ 0]= 9989 (0x2705) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBclose (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/reply.c:4488(reply_close) close fd=-1 fnum=9989 (numopen=1) [2010/04/27 16:57:55, 6, pid=12782] smbd/close.c:454(set_close_write_time) close_write_time: Thu Jan 1 07:59:59 1970 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \NETLOGON [2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:474(file_free) freed files structure 9989 (0 used) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3776 smt_wct=0 smb_bcc=0 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 100 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x64 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 60 of length 104 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=100 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=3840 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 3584 (0xE00) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]= 0 (0x0) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=17 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. [0010] 00 . [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc [2010/04/27 16:57:55, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) nt_open_pipe: Opening pipe \lsarpc. [2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:103(file_new) allocated file structure 5894, fnum = 9990 (1 used) [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) Create pipe requested \lsarpc [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) init_pipe_handles: created handle list for pipe \lsarpc [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) init_pipe_handles: pipe_handles ref count = 1 for pipe \lsarpc [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) pdb_set_username: setting username zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) pdb_set_domain: setting domain UCCDOMAIN, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) pdb_set_nt_username: setting nt username zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) pdb_set_full_name: setting full name David Adam, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) pdb_set_homedir: setting home dir \\mylah\zanchey, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive H:, was NULL [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\mylah\profiles, was [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Tue Apr 27 16:58:51 2010 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 [2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) Created internal pipe \lsarpc (pipes_open=0) [2010/04/27 16:57:55, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \lsarpc [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 224 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xe0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 61 of length 228 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3904 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9990 (0x2706) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. [0030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 57 34 .+.H`... .....xW4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 57 34 12 34 12 CD 6....... .xW4.4.. [0080] AB EF 00 01 23 45 67 89 AB 00 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBwriteX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) reply_pipe_write_and_X: 2706 name: lsarpc len: 160 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0b 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 00a0 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 11, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 11 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) api_pipe_bind_req: decode request. 1558 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_rb [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 00000000 0008 num_contexts: 03 000c context_id : 0000 000e num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00000f smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_uuid uuid 0010 data : 12345778 0014 data : 1234 0016 data : abcd 0018 data : ef 00 001a data : 01 23 45 67 89 ab 0020 version: 00000000 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000024 smb_io_uuid uuid 0024 data : 8a885d04 0028 data : 1ceb 002a data : 11c9 002c data : 9f e8 002e data : 08 00 2b 10 48 60 0034 version: 00000002 0038 context_id : 0001 003a num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003b smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00003c smb_io_uuid uuid 003c data : 12345778 0040 data : 1234 0042 data : abcd 0044 data : ef 00 0046 data : 01 23 45 67 89 ab 004c version: 00000000 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000050 smb_io_uuid uuid 0050 data : 71710533 0054 data : beba 0056 data : 4937 0058 data : 83 19 005a data : b5 db ef 9c cc 36 0060 version: 00000001 0064 context_id : 0002 0066 num_transfer_syntaxes: 01 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000067 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000068 smb_io_uuid uuid 0068 data : 12345778 006c data : 1234 006e data : abcd 0070 data : ef 00 0072 data : 01 23 45 67 89 ab 0078 version: 00000000 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 00007c smb_io_uuid uuid 007c data : 6cb71c2c 0080 data : 9812 0082 data : 4540 0084 data : 03 00 0086 data : 00 00 00 00 00 00 008c version: 00000001 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) api_pipe_bind_req: make response. 1628 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) check_bind_req for \lsarpc checking lsarpc [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_ba [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_bba 0000 max_tsize: 10b8 0002 max_rsize: 10b8 0004 assoc_gid: 000053f0 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000008 smb_io_rpc_addr_str 0008 len: 000d 000a str: \PIPE\lsarpc. [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000017 smb_io_rpc_results 0018 num_results: 01 001c result : 0000 001e reason : 0000 [2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000020 smb_io_rpc_iface [2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000020 smb_io_uuid uuid 0020 data : 8a885d04 0024 data : 1ceb 0026 data : 11c9 0028 data : 9f e8 002a data : 08 00 2b 10 48 60 0030 version: 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 0c 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0044 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 144 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) writeX-IPC nwritten=160 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 59 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x3b [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 62 of length 63 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=3968 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 9990 (0x2706) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBreadX (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 [2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 164 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xa4 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 63 of length 168 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=4032 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9990 (0x2706) smb_bcc=97 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 50 00 00 00 02 00 00 ........ .P...... [0020] 00 38 00 00 00 00 00 2C 00 00 00 02 00 06 00 00 .8....., ........ [0030] 00 00 00 00 00 06 00 00 00 4D 00 59 00 4C 00 41 ........ .M.Y.L.A [0040] 00 48 00 00 00 30 00 00 00 00 00 00 00 00 00 00 .H...0.. ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0060] 00 . [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=80 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 2706) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97e18f8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 80 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 80 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 64 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0050 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 64 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000038 0004 context_id: 0000 0006 opnum : 002c [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 167 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\lsarpc [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[44].fn == 0x822bf40 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_OpenPolicy2: struct lsa_OpenPolicy2 in: struct lsa_OpenPolicy2 system_name : * system_name : 'MYLAH' attr : * attr: struct lsa_ObjectAttribute len : 0x00000030 (48) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : NULL access_mask : 0x00000001 (1) 1: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) _lsa_OpenPolicy2: access GRANTED (requested: 0x00000001, granted: 0x00000001) [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) Opened policy hnd[1] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_OpenPolicy2: struct lsa_OpenPolicy2 out: struct lsa_OpenPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-d64b-13a7ee310000 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 1052 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 64 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016e0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016e0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000002 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=4032 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 08 00 00 ........ ........ [0020] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 00 00 ......K. ..1..... [0030] 00 . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 130 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x82 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 64 of length 134 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=130 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=4096 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 46 (0x2E) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 46 (0x2E) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9990 (0x2706) smb_bcc=63 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 08 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 03 00 ......K. ..1.... [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=46 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 2706) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97e18f8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 46 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 46 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 30 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002e 000a auth_len : 0000 000c call_id : 00000003 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 30 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000016 0004 context_id: 0000 0006 opnum : 0007 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\lsarpc [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[7].fn == 0x82330e0 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy in: struct lsa_QueryInfoPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-d64b-13a7ee310000 level : LSA_POLICY_INFO_DOMAIN (3) [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy out: struct lsa_QueryInfoPolicy info : * info : * info : union lsa_PolicyInformation(case 3) domain: struct lsa_DomainInfo name: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : * string : 'UCCDOMAIN' sid : * sid : S-1-5-352321536-3342141748-1574249315-1264630062 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 112 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 30 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 84. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 006c 000a auth_len : 0000 000c call_id : 00000003 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000054 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..108] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=4096 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 108 (0x6C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 108 (0x6C) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=109 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 6C 00 00 00 03 00 00 ........ .l...... [0010] 00 54 00 00 00 00 00 00 00 00 00 02 00 03 00 00 .T...... ........ [0020] 00 12 00 14 00 04 00 02 00 08 00 02 00 0A 00 00 ........ ........ [0030] 00 00 00 00 00 09 00 00 00 55 00 43 00 43 00 44 ........ .U.C.C.D [0040] 00 4F 00 4D 00 41 00 49 00 4E 00 00 00 04 00 00 .O.M.A.I .N...... [0050] 00 01 04 00 00 00 00 00 05 00 00 00 15 34 09 35 ........ .....4.5 [0060] C7 63 23 D5 5D 2E B9 60 4B 00 00 00 00 .c#.]..` K.... [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 128 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x80 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 65 of length 132 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=4160 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]= 9990 (0x2706) smb_bcc=61 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 08 00 00 ........ ........ [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 ......K. ..1.. [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtrans (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) calling named_pipe [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) named pipe command on <> name [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) api_fd_reply [2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 2706) [2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) api_fd_reply: p:0x97e18f8 max_trans_reply: 1024 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) np_write_send: len: 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 16 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 00 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 002c 000a auth_len : 0000 000c call_id : 00000004 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) unmarshall_rpc_header: using little-endian RPC [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) unmarshall_rpc_header: type = 0, flags = 3 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) write_to_pipe: data_left = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) process_complete_pdu: processing packet type 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr_req req 0000 alloc_hint: 00000014 0004 context_id: 0000 0006 opnum : 0000 [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) Requested \PIPE\\lsarpc [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) api_rpc_cmds[0].fn == 0x8234650 [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-d64b-13a7ee310000 [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. [0010] EE 31 00 00 .1.. [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) Closed policy [2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK [2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) api_rpcTNP: called \lsarpc successfully [2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) write_to_pipe: data_used = 28 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 [2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) name: \lsarpc len: 1024 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0030 000a auth_len : 0000 000c call_id : 00000004 [2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000018 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Schedule immediate event "tevent_req_trigger": 0x97e2000 [2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) s3_event: Run immediate event "tevent_req_trigger": 0x97e2000 [2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=992 smb_uid=100 smb_mid=4160 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 41 [2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x29 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 66 of length 45 (0 toread) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=4224 smt_wct=3 smb_vwv[ 0]= 9990 (0x2706) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBclose (pid 12782) conn 0x97e9be8 [2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 contains 11 SIDs SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-69 SID[ 6]: S-1-22-2-101 SID[ 7]: S-1-22-2-20042 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-11251 SID[ 10]: S-1-22-2-0 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 69 Group[ 2]: 101 Group[ 3]: 20042 [2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) change_to_user uid=(0,0) gid=(0,0) [2010/04/27 16:57:55, 3, pid=12782] smbd/reply.c:4488(reply_close) close fd=-1 fnum=9990 (numopen=1) [2010/04/27 16:57:55, 6, pid=12782] smbd/close.c:454(set_close_write_time) close_write_time: Thu Jan 1 07:59:59 1970 [2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \lsarpc [2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:474(file_free) freed files structure 9990 (0 used) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=4224 smt_wct=0 smb_bcc=0 [2010/04/27 16:58:06, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 35 [2010/04/27 16:58:06, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x23 [2010/04/27 16:58:06, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 67 of length 39 (0 toread) [2010/04/27 16:58:06, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:58:06, 5, pid=12782] lib/util.c:642(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=4288 smt_wct=0 smb_bcc=0 [2010/04/27 16:58:06, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBtdis (pid 12782) conn 0x97e9be8 [2010/04/27 16:58:06, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:58:06, 5, pid=12782] smbd/uid.c:368(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/27 16:58:06, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:58:06, 5, pid=12782] smbd/uid.c:368(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/27 16:58:06, 3, pid=12782] smbd/service.c:1240(close_cnum) maaxen (::ffff:130.95.13.55) closed connection to service IPC$ [2010/04/27 16:58:06, 3, pid=12782] smbd/connection.c:31(yield_connection) Yielding connection to IPC$ [2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key EE310000FFFFFFFF0100 [2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x97af968 [2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key EE310000FFFFFFFF0100 [2010/04/27 16:58:06, 4, pid=12782] smbd/vfs.c:753(vfs_ChDir) vfs_ChDir to / [2010/04/27 16:58:06, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:58:06, 5, pid=12782] smbd/uid.c:368(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/27 16:58:06, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:58:06, 5, pid=12782] lib/util.c:642(show_msg) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=4288 smt_wct=0 smb_bcc=0 [2010/04/27 16:58:06, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 39 [2010/04/27 16:58:06, 6, pid=12782] smbd/process.c:1456(process_smb) got message type 0x0 of len 0x27 [2010/04/27 16:58:06, 3, pid=12782] smbd/process.c:1459(process_smb) Transaction 68 of length 43 (0 toread) [2010/04/27 16:58:06, 5, pid=12782] lib/util.c:632(show_msg) [2010/04/27 16:58:06, 5, pid=12782] lib/util.c:642(show_msg) size=39 smb_com=0x74 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=60160 smb_pid=65279 smb_uid=100 smb_mid=4352 smt_wct=2 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_bcc=0 [2010/04/27 16:58:06, 3, pid=12782] smbd/process.c:1273(switch_message) switch message SMBulogoffX (pid 12782) conn 0x0 [2010/04/27 16:58:06, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:58:06, 5, pid=12782] smbd/uid.c:368(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 49442F31323738322F31 [2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x97af6b8 [2010/04/27 16:58:06, 4, pid=12782] auth/pampass.c:472(smb_pam_start) smb_pam_start: PAM: Init user: zanchey [2010/04/27 16:58:06, 4, pid=12782] auth/pampass.c:489(smb_pam_start) smb_pam_start: PAM: setting rhost to: ::ffff:130.95.13.55 [2010/04/27 16:58:06, 4, pid=12782] auth/pampass.c:498(smb_pam_start) smb_pam_start: PAM: setting tty [2010/04/27 16:58:06, 4, pid=12782] auth/pampass.c:506(smb_pam_start) smb_pam_start: PAM: Init passed for user: zanchey [2010/04/27 16:58:06, 4, pid=12782] auth/pampass.c:643(smb_internal_pam_session) smb_internal_pam_session: PAM: tty set to: smb/12782/100 [2010/04/27 16:58:06, 4, pid=12782] auth/pampass.c:450(smb_pam_end) smb_pam_end: PAM: PAM_END OK. [2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 49442F31323738322F31 [2010/04/27 16:58:06, 3, pid=12782] smbd/reply.c:1948(reply_ulogoffX) ulogoffX vuid=100 [2010/04/27 16:58:06, 0, pid=12782] lib/util_sock.c:539(read_fd_with_timeout) [2010/04/27 16:58:06, 0, pid=12782] lib/util_sock.c:1491(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2010/04/27 16:58:06, 10, pid=12782] smbd/process.c:271(receive_smb_raw_talloc) receive_smb_raw: NT_STATUS_ACCESS_DENIED [2010/04/27 16:58:06, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/04/27 16:58:06, 5, pid=12782] smbd/uid.c:368(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2010/04/27 16:58:06, 3, pid=12782] smbd/connection.c:31(yield_connection) Yielding connection to [2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key EE310000FFFFFFFFFFFF [2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x97ed170 [2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key EE310000FFFFFFFFFFFF [2010/04/27 16:58:06, 3, pid=12782] smbd/server.c:849(exit_server_common) Server exit (failed to receive smb request)