The Samba-Bugzilla – Attachment 5662 Details for
Bug 7395
Windows 7 and Server 2008 R2 cannot join domain: "The parameter is incorrect"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Level 10 log for client machine (machine name)
log.maaxen (text/plain), 698.72 KB, created by
David Adam
on 2010-04-27 04:21:38 UTC
(
hide
)
Description:
Level 10 log for client machine (machine name)
Filename:
MIME Type:
Creator:
David Adam
Created:
2010-04-27 04:21:38 UTC
Size:
698.72 KB
patch
obsolete
>[2010/04/27 16:57:51, 6, pid=12782] param/loadparm.c:7017(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Apr 27 16:56:37 2010 > >[2010/04/27 16:57:51, 5, pid=12782] auth/auth_util.c:208(make_user_info_map) > Mapping user [UCCDOMAIN]\[zanchey] from workstation [MAAXEN] >[2010/04/27 16:57:51, 5, pid=12782] auth/auth_util.c:120(make_user_info) > attempting to make a user_info for zanchey (zanchey) >[2010/04/27 16:57:51, 5, pid=12782] auth/auth_util.c:130(make_user_info) > making strings for zanchey's user_info struct >[2010/04/27 16:57:51, 5, pid=12782] auth/auth_util.c:162(make_user_info) > making blobs for zanchey's user_info struct >[2010/04/27 16:57:51, 10, pid=12782] auth/auth_util.c:180(make_user_info) > made an encrypted user_info for zanchey (zanchey) >[2010/04/27 16:57:51, 3, pid=12782] auth/auth.c:222(check_ntlm_password) > check_ntlm_password: Checking password for unmapped user [UCCDOMAIN]\[zanchey]@[MAAXEN] with the new password interface >[2010/04/27 16:57:51, 3, pid=12782] auth/auth.c:225(check_ntlm_password) > check_ntlm_password: mapped user is: [UCCDOMAIN]\[zanchey]@[MAAXEN] >[2010/04/27 16:57:51, 10, pid=12782] auth/auth.c:234(check_ntlm_password) > check_ntlm_password: auth_context challenge created by random >[2010/04/27 16:57:51, 10, pid=12782] auth/auth.c:236(check_ntlm_password) > challenge is: >[2010/04/27 16:57:51, 5, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 4B AE 83 7D 08 F4 65 5C K..}..e\ >[2010/04/27 16:57:51, 10, pid=12782] auth/auth.c:262(check_ntlm_password) > check_ntlm_password: guest had nothing to say >[2010/04/27 16:57:51, 8, pid=12782] lib/util.c:1879(is_myname) > is_myname("UCCDOMAIN") returns 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(uid=zanchey)(objectclass=sambaSamAccount))], scope => [2] >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1197(smbldap_close) > The connection to the LDAP server was closed >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:710(smb_ldap_setup_conn) > smb_ldap_setup_connection: ldaps://mussel.ucc.gu.uwa.edu.au ldaps://martello.ucc.gu.uwa.edu.au/ >[2010/04/27 16:57:51, 2, pid=12782] lib/smbldap.c:890(smbldap_open_connection) > smbldap_open_connection: connection opened >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:1055(smbldap_connect_system) > ldap_connect_system: Binding to ldap server ldaps://mussel.ucc.gu.uwa.edu.au ldaps://martello.ucc.gu.uwa.edu.au/ as "cn=admin,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au" >[2010/04/27 16:57:51, 3, pid=12782] lib/smbldap.c:1101(smbldap_connect_system) > ldap_connect_system: successful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2010/04/27 16:57:51, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Added timed event "smbldap_idle_fn": 0x97efdf0 >[2010/04/27 16:57:51, 4, pid=12782] lib/smbldap.c:1177(smbldap_open) > The LDAP server is successfully connected >[2010/04/27 16:57:51, 2, pid=12782] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: zanchey >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username zanchey, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username zanchey, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:549(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name David Adam, was >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\zanchey, was >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaMungedDial does not exist >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning expired cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:57:46 2010 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_ldap.c:3963(ldapsam_get_account_policy_from_ldap) > ldapsam_get_account_policy_from_ldap >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [sambaDomainName=UCCDOMAIN,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(objectClass=sambaDomain)], scope => [0] >[2010/04/27 16:57:51, 10, pid=12782] lib/account_pol.c:396(cache_account_policy_set) > cache_account_policy_set: updating account pol cache >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:131(gencache_set) > Adding cache entry with key = ACCT_POL/password history; value = 0 > and timeout = Tue Apr 27 16:58:51 2010 > (60 seconds ahead) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2010/04/27 16:57:51, 7, pid=12782] passdb/login_cache.c:87(login_cache_read) > Looking up login cache for user zanchey >[2010/04/27 16:57:51, 7, pid=12782] passdb/login_cache.c:103(login_cache_read) > No cache entry found >[2010/04/27 16:57:51, 9, pid=12782] passdb/pdb_ldap.c:1125(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning expired cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:09:36 2010 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_ldap.c:3963(ldapsam_get_account_policy_from_ldap) > ldapsam_get_account_policy_from_ldap >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [sambaDomainName=UCCDOMAIN,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(objectClass=sambaDomain)], scope => [0] >[2010/04/27 16:57:51, 10, pid=12782] lib/account_pol.c:396(cache_account_policy_set) > cache_account_policy_set: updating account pol cache >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:131(gencache_set) > Adding cache entry with key = ACCT_POL/maximum password age; value = 4294967295 > and timeout = Tue Apr 27 16:58:51 2010 > (60 seconds ahead) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] lib/username.c:133(Get_Pwnam_alloc) > Finding user zanchey >[2010/04/27 16:57:51, 5, pid=12782] lib/username.c:77(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is zanchey >[2010/04/27 16:57:51, 5, pid=12782] lib/username.c:110(Get_Pwnam_internals) > Get_Pwnam_internals did find user [zanchey]! >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username zanchey, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username zanchey, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name David Adam, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\zanchey, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 9, pid=12782] passdb/passdb.c:2146(pdb_update_autolock_flag) > pdb_update_autolock_flag: Account zanchey not autolocked, no check needed >[2010/04/27 16:57:51, 4, pid=12782] libsmb/ntlm_check.c:291(ntlm_password_check) > ntlm_password_check: Checking NTLMv2 password with domain [UCCDOMAIN] >[2010/04/27 16:57:51, 4, pid=12782] auth/auth_sam.c:137(sam_account_ok) > sam_account_ok: Checking SMB password for user zanchey >[2010/04/27 16:57:51, 5, pid=12782] auth/auth_sam.c:119(logon_hours_ok) > logon_hours_ok: user zanchey allowed to logon at this time (Tue Apr 27 08:57:51 2010 > ) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/system_smbd.c:122(sys_getgrouplist) > sys_getgrouplist: user [zanchey] >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = IDMAP/GID2SID/69 couldn't be found >[2010/04/27 16:57:51, 5, pid=12782] passdb/lookup_sid.c:1378(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 69 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=69))], scope => [2] >[2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=69)) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1173(legacy_gid_to_sid) > LEGACY: gid 69 -> sid S-1-22-2-69 >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = IDMAP/GID2SID/101 couldn't be found >[2010/04/27 16:57:51, 5, pid=12782] passdb/lookup_sid.c:1378(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 101 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=101))], scope => [2] >[2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=101)) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1173(legacy_gid_to_sid) > LEGACY: gid 101 -> sid S-1-22-2-101 >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = IDMAP/GID2SID/20042 couldn't be found >[2010/04/27 16:57:51, 5, pid=12782] passdb/lookup_sid.c:1378(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 20042 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=20042))], scope => [2] >[2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=20042)) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1173(legacy_gid_to_sid) > LEGACY: gid 20042 -> sid S-1-22-2-20042 >[2010/04/27 16:57:51, 5, pid=12782] auth/auth_util.c:646(make_server_info_sam) > make_server_info_sam: made server info for user zanchey -> zanchey >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] auth/auth.c:271(check_ntlm_password) > check_ntlm_password: sam authentication for user [zanchey] succeeded >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:472(smb_pam_start) > smb_pam_start: PAM: Init user: zanchey >[2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:489(smb_pam_start) > smb_pam_start: PAM: setting rhost to: ::ffff:130.95.13.55 >[2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:498(smb_pam_start) > smb_pam_start: PAM: setting tty >[2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:506(smb_pam_start) > smb_pam_start: PAM: Init passed for user: zanchey >[2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:564(smb_pam_account) > smb_pam_account: PAM: Account Management for User: zanchey >[2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:583(smb_pam_account) > smb_pam_account: PAM: Account OK for User: zanchey >[2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:450(smb_pam_end) > smb_pam_end: PAM: PAM_END OK. >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 5, pid=12782] auth/auth.c:297(check_ntlm_password) > check_ntlm_password: PAM Account for user [zanchey] succeeded >[2010/04/27 16:57:51, 2, pid=12782] auth/auth.c:310(check_ntlm_password) > check_ntlm_password: authentication for user [zanchey] -> [zanchey] -> [zanchey] succeeded >[2010/04/27 16:57:51, 5, pid=12782] auth/auth_util.c:2114(free_user_info) > attempting to free (and zero) a user_info structure >[2010/04/27 16:57:51, 10, pid=12782] auth/auth_util.c:2118(free_user_info) > structure was created for zanchey >[2010/04/27 16:57:51, 10, pid=12782] auth/token_util.c:353(create_local_nt_token) > Create local NT token for S-1-5-352321536-3342141748-1574249315-1264630062-23502 >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-544 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] >[2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-544 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-544 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] >[2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-544 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:303(create_builtin_administrators) > create_builtin_administrators: Failed to create Administrators >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-545 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] >[2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-545 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = IDMAP/SID2GID/S-1-5-32-545 couldn't be found >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-545 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] >[2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-545 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:274(create_builtin_users) > create_builtin_users: Failed to create Users >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(|(objectclass=sambaGroupMapping)(sambaGroupType=4))(|(sambaSIDList=S-1-5-352321536-3342141748-1574249315-1264630062-23502)(sambaSIDList=S-1-5-352321536-3342141748-1574249315-1264630062-512)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-22-2-69)(sambaSIDList=S-1-22-2-101)(sambaSIDList=S-1-22-2-20042)(sambaSIDList=S-1-5-32-544)))], scope => [2] >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] lib/privileges.c:63(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-352321536-3342141748-1574249315-1264630062-23502] >[2010/04/27 16:57:51, 3, pid=12782] lib/privileges.c:63(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-352321536-3342141748-1574249315-1264630062-512] >[2010/04/27 16:57:51, 5, pid=12782] lib/privileges.c:128(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2010/04/27 16:57:51, 3, pid=12782] lib/privileges.c:63(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2010/04/27 16:57:51, 3, pid=12782] lib/privileges.c:63(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2010/04/27 16:57:51, 3, pid=12782] lib/privileges.c:63(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-69] >[2010/04/27 16:57:51, 3, pid=12782] lib/privileges.c:63(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-101] >[2010/04/27 16:57:51, 3, pid=12782] lib/privileges.c:63(get_privileges) > get_privileges: No privileges assigned to SID [S-1-22-2-20042] >[2010/04/27 16:57:51, 5, pid=12782] lib/privileges.c:128(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-5-32-544 > Privilege set: > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = IDMAP/SID2GID/S-1-1-0 couldn't be found >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) > winbind failed to find a gid for sid S-1-1-0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] >[2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-1-0 >[2010/04/27 16:57:51, 10, pid=12782] auth/auth_util.c:750(create_local_token) > Could not convert SID S-1-1-0 to gid, ignoring it >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = IDMAP/SID2GID/S-1-5-2 couldn't be found >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) > winbind failed to find a gid for sid S-1-5-2 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] >[2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-2 >[2010/04/27 16:57:51, 10, pid=12782] auth/auth_util.c:750(create_local_token) > Could not convert SID S-1-5-2 to gid, ignoring it >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = IDMAP/SID2GID/S-1-5-11 couldn't be found >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) > winbind failed to find a gid for sid S-1-5-11 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))], scope => [2] >[2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11)) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-11 >[2010/04/27 16:57:51, 10, pid=12782] auth/auth_util.c:750(create_local_token) > Could not convert SID S-1-5-11 to gid, ignoring it >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = IDMAP/SID2GID/S-1-5-32-544 couldn't be found >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-544 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] >[2010/04/27 16:57:51, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:1247(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-544 >[2010/04/27 16:57:51, 10, pid=12782] auth/auth_util.c:750(create_local_token) > Could not convert SID S-1-5-32-544 to gid, ignoring it >[2010/04/27 16:57:51, 10, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:51, 10, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 11251 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:51, 10, pid=12782] auth/auth_ntlmssp.c:139(auth_ntlmssp_check_password) > Got NT session key of length 16 >[2010/04/27 16:57:51, 10, pid=12782] libsmb/ntlmssp.c:851(ntlmssp_server_auth) > ntlmssp_server_auth: Using unmodified nt session key. >[2010/04/27 16:57:51, 3, pid=12782] libsmb/ntlmssp_sign.c:342(ntlmssp_sign_init) > NTLMSSP Sign/Seal - Initialising with flags: >[2010/04/27 16:57:51, 3, pid=12782] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0xe2088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >[2010/04/27 16:57:51, 10, pid=12782] smbd/password.c:265(register_existing_vuid) > register_existing_vuid: (11251,0) zanchey zanchey UCCDOMAIN guest=0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/password.c:269(register_existing_vuid) > register_existing_vuid: User name: zanchey Real name: David Adam >[2010/04/27 16:57:51, 3, pid=12782] smbd/password.c:279(register_existing_vuid) > register_existing_vuid: UNIX uid 11251 is UNIX user zanchey, and will be vuid 100 >[2010/04/27 16:57:51, 10, pid=12782] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) > Locking key 49442F31323738322F31 >[2010/04/27 16:57:51, 10, pid=12782] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) > Allocated locked data 0x0x97ed578 >[2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:472(smb_pam_start) > smb_pam_start: PAM: Init user: zanchey >[2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:489(smb_pam_start) > smb_pam_start: PAM: setting rhost to: ::ffff:130.95.13.55 >[2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:498(smb_pam_start) > smb_pam_start: PAM: setting tty >[2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:506(smb_pam_start) > smb_pam_start: PAM: Init passed for user: zanchey >[2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:643(smb_internal_pam_session) > smb_internal_pam_session: PAM: tty set to: smb/12782/100 >[2010/04/27 16:57:51, 4, pid=12782] auth/pampass.c:450(smb_pam_end) > smb_pam_end: PAM: PAM_END OK. >[2010/04/27 16:57:51, 10, pid=12782] lib/dbwrap_tdb.c:42(db_tdb_record_destr) > Unlocking key 49442F31323738322F31 >[2010/04/27 16:57:51, 7, pid=12782] param/loadparm.c:9279(lp_servicenumber) > lp_servicenumber: couldn't find zanchey >[2010/04/27 16:57:51, 3, pid=12782] smbd/password.c:211(register_homes_share) > Adding homes service for user 'zanchey' using home directory: '/home/wheel/zanchey' >[2010/04/27 16:57:51, 8, pid=12782] param/loadparm.c:6047(add_a_service) > add_a_service: Creating snum = 8 for zanchey >[2010/04/27 16:57:51, 10, pid=12782] param/loadparm.c:6094(hash_a_service) > hash_a_service: hashing index 8 for service name zanchey >[2010/04/27 16:57:51, 3, pid=12782] param/loadparm.c:6149(lp_add_home) > adding home's share [zanchey] for user 'zanchey' at '/space/away/%H' >[2010/04/27 16:57:51, 6, pid=12782] param/loadparm.c:7017(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Tue Apr 27 16:56:37 2010 > >[2010/04/27 16:57:51, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:51, 5, pid=12782] lib/util.c:642(show_msg) > size=106 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=65535 > smb_pid=65279 > smb_uid=100 > smb_mid=128 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=63 >[2010/04/27 16:57:51, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [0020] 00 2E 00 34 00 2E 00 37 00 00 00 55 00 43 00 43 ...4...7 ...U.C.C > [0030] 00 44 00 4F 00 4D 00 41 00 49 00 4E 00 00 00 .D.O.M.A .I.N... >[2010/04/27 16:57:51, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 76 >[2010/04/27 16:57:51, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x4c >[2010/04/27 16:57:51, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 3 of length 80 (0 toread) >[2010/04/27 16:57:51, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:51, 5, pid=12782] lib/util.c:642(show_msg) > size=76 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=192 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=33 >[2010/04/27 16:57:51, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 5C 00 4D 00 59 00 4C 00 41 00 48 00 5C .\.\.M.Y .L.A.H.\ > [0010] 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F 3F 3F .I.P.C.$ ...????? > [0020] 00 . >[2010/04/27 16:57:51, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtconX (pid 12782) conn 0x0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] smbd/uid.c:368(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2010/04/27 16:57:51, 4, pid=12782] smbd/reply.c:680(reply_tcon_and_X) > Client requested device type [?????] for share [IPC$] >[2010/04/27 16:57:51, 5, pid=12782] smbd/service.c:1216(make_connection) > making a connection to 'normal' service ipc$ >[2010/04/27 16:57:51, 10, pid=12782] smbd/share_access.c:234(user_ok_token) > user_ok_token: share IPC$ is ok for unix user zanchey >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username zanchey, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username zanchey, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name David Adam, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\zanchey, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 >[2010/04/27 16:57:51, 5, pid=12782] lib/username.c:133(Get_Pwnam_alloc) > Finding user zanchey >[2010/04/27 16:57:51, 5, pid=12782] lib/username.c:77(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is zanchey >[2010/04/27 16:57:51, 5, pid=12782] lib/username.c:110(Get_Pwnam_internals) > Get_Pwnam_internals did find user [zanchey]! >[2010/04/27 16:57:51, 10, pid=12782] smbd/service.c:163(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2010/04/27 16:57:51, 3, pid=12782] smbd/service.c:807(make_connection_snum) > Connect path is '/tmp' for service [IPC$] >[2010/04/27 16:57:51, 10, pid=12782] lib/util_seaccess.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2010/04/27 16:57:51, 3, pid=12782] smbd/vfs.c:95(vfs_init_default) > Initialising default vfs hooks >[2010/04/27 16:57:51, 10, pid=12782] smbd/vfs.c:47(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:85(smb_register_vfs) > Successfully added vfs backend '/[Default VFS]/' >[2010/04/27 16:57:51, 10, pid=12782] smbd/vfs.c:47(vfs_find_backend_entry) > vfs_find_backend_entry called for posixacl >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:85(smb_register_vfs) > Successfully added vfs backend 'posixacl' >[2010/04/27 16:57:51, 3, pid=12782] smbd/vfs.c:129(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] >[2010/04/27 16:57:51, 10, pid=12782] smbd/vfs.c:47(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #0 (type 0, layer 0) > Making operation type 0 opaque [module /[Default VFS]/] > Accepting operation type 0 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #1 (type 1, layer 0) > Making operation type 1 opaque [module /[Default VFS]/] > Accepting operation type 1 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #2 (type 2, layer 0) > Making operation type 2 opaque [module /[Default VFS]/] > Accepting operation type 2 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #3 (type 3, layer 0) > Making operation type 3 opaque [module /[Default VFS]/] > Accepting operation type 3 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #4 (type 4, layer 0) > Making operation type 4 opaque [module /[Default VFS]/] > Accepting operation type 4 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #5 (type 5, layer 0) > Making operation type 5 opaque [module /[Default VFS]/] > Accepting operation type 5 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #6 (type 6, layer 0) > Making operation type 6 opaque [module /[Default VFS]/] > Accepting operation type 6 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #7 (type 7, layer 0) > Making operation type 7 opaque [module /[Default VFS]/] > Accepting operation type 7 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #8 (type 8, layer 0) > Making operation type 8 opaque [module /[Default VFS]/] > Accepting operation type 8 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #9 (type 9, layer 0) > Making operation type 9 opaque [module /[Default VFS]/] > Accepting operation type 9 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #10 (type 10, layer 0) > Making operation type 10 opaque [module /[Default VFS]/] > Accepting operation type 10 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #11 (type 11, layer 0) > Making operation type 11 opaque [module /[Default VFS]/] > Accepting operation type 11 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #12 (type 12, layer 0) > Making operation type 12 opaque [module /[Default VFS]/] > Accepting operation type 12 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #13 (type 13, layer 0) > Making operation type 13 opaque [module /[Default VFS]/] > Accepting operation type 13 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #14 (type 14, layer 0) > Making operation type 14 opaque [module /[Default VFS]/] > Accepting operation type 14 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #15 (type 15, layer 0) > Making operation type 15 opaque [module /[Default VFS]/] > Accepting operation type 15 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #16 (type 16, layer 0) > Making operation type 16 opaque [module /[Default VFS]/] > Accepting operation type 16 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #17 (type 17, layer 0) > Making operation type 17 opaque [module /[Default VFS]/] > Accepting operation type 17 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #18 (type 18, layer 0) > Making operation type 18 opaque [module /[Default VFS]/] > Accepting operation type 18 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #19 (type 19, layer 0) > Making operation type 19 opaque [module /[Default VFS]/] > Accepting operation type 19 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #20 (type 20, layer 0) > Making operation type 20 opaque [module /[Default VFS]/] > Accepting operation type 20 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #21 (type 21, layer 0) > Making operation type 21 opaque [module /[Default VFS]/] > Accepting operation type 21 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #22 (type 22, layer 0) > Making operation type 22 opaque [module /[Default VFS]/] > Accepting operation type 22 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #23 (type 23, layer 0) > Making operation type 23 opaque [module /[Default VFS]/] > Accepting operation type 23 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #24 (type 24, layer 0) > Making operation type 24 opaque [module /[Default VFS]/] > Accepting operation type 24 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #25 (type 25, layer 0) > Making operation type 25 opaque [module /[Default VFS]/] > Accepting operation type 25 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #26 (type 26, layer 0) > Making operation type 26 opaque [module /[Default VFS]/] > Accepting operation type 26 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #27 (type 27, layer 0) > Making operation type 27 opaque [module /[Default VFS]/] > Accepting operation type 27 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #28 (type 28, layer 0) > Making operation type 28 opaque [module /[Default VFS]/] > Accepting operation type 28 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #29 (type 29, layer 0) > Making operation type 29 opaque [module /[Default VFS]/] > Accepting operation type 29 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #30 (type 30, layer 0) > Making operation type 30 opaque [module /[Default VFS]/] > Accepting operation type 30 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #31 (type 31, layer 0) > Making operation type 31 opaque [module /[Default VFS]/] > Accepting operation type 31 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #32 (type 32, layer 0) > Making operation type 32 opaque [module /[Default VFS]/] > Accepting operation type 32 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #33 (type 33, layer 0) > Making operation type 33 opaque [module /[Default VFS]/] > Accepting operation type 33 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #34 (type 34, layer 0) > Making operation type 34 opaque [module /[Default VFS]/] > Accepting operation type 34 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #35 (type 35, layer 0) > Making operation type 35 opaque [module /[Default VFS]/] > Accepting operation type 35 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #36 (type 36, layer 0) > Making operation type 36 opaque [module /[Default VFS]/] > Accepting operation type 36 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #37 (type 37, layer 0) > Making operation type 37 opaque [module /[Default VFS]/] > Accepting operation type 37 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #38 (type 38, layer 0) > Making operation type 38 opaque [module /[Default VFS]/] > Accepting operation type 38 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #39 (type 39, layer 0) > Making operation type 39 opaque [module /[Default VFS]/] > Accepting operation type 39 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #40 (type 40, layer 0) > Making operation type 40 opaque [module /[Default VFS]/] > Accepting operation type 40 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #41 (type 41, layer 0) > Making operation type 41 opaque [module /[Default VFS]/] > Accepting operation type 41 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #42 (type 42, layer 0) > Making operation type 42 opaque [module /[Default VFS]/] > Accepting operation type 42 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #43 (type 43, layer 0) > Making operation type 43 opaque [module /[Default VFS]/] > Accepting operation type 43 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #44 (type 44, layer 0) > Making operation type 44 opaque [module /[Default VFS]/] > Accepting operation type 44 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #45 (type 45, layer 0) > Making operation type 45 opaque [module /[Default VFS]/] > Accepting operation type 45 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #46 (type 46, layer 0) > Making operation type 46 opaque [module /[Default VFS]/] > Accepting operation type 46 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #47 (type 47, layer 0) > Making operation type 47 opaque [module /[Default VFS]/] > Accepting operation type 47 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #48 (type 48, layer 0) > Making operation type 48 opaque [module /[Default VFS]/] > Accepting operation type 48 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #49 (type 49, layer 0) > Making operation type 49 opaque [module /[Default VFS]/] > Accepting operation type 49 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #50 (type 50, layer 0) > Making operation type 50 opaque [module /[Default VFS]/] > Accepting operation type 50 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #51 (type 51, layer 0) > Making operation type 51 opaque [module /[Default VFS]/] > Accepting operation type 51 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #52 (type 52, layer 0) > Making operation type 52 opaque [module /[Default VFS]/] > Accepting operation type 52 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #53 (type 53, layer 0) > Making operation type 53 opaque [module /[Default VFS]/] > Accepting operation type 53 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #54 (type 54, layer 0) > Making operation type 54 opaque [module /[Default VFS]/] > Accepting operation type 54 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #55 (type 55, layer 0) > Making operation type 55 opaque [module /[Default VFS]/] > Accepting operation type 55 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #56 (type 56, layer 0) > Making operation type 56 opaque [module /[Default VFS]/] > Accepting operation type 56 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #57 (type 57, layer 0) > Making operation type 57 opaque [module /[Default VFS]/] > Accepting operation type 57 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #58 (type 58, layer 0) > Making operation type 58 opaque [module /[Default VFS]/] > Accepting operation type 58 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #59 (type 59, layer 0) > Making operation type 59 opaque [module /[Default VFS]/] > Accepting operation type 59 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #60 (type 60, layer 0) > Making operation type 60 opaque [module /[Default VFS]/] > Accepting operation type 60 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #61 (type 61, layer 0) > Making operation type 61 opaque [module /[Default VFS]/] > Accepting operation type 61 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #62 (type 62, layer 0) > Making operation type 62 opaque [module /[Default VFS]/] > Accepting operation type 62 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #63 (type 63, layer 0) > Making operation type 63 opaque [module /[Default VFS]/] > Accepting operation type 63 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #64 (type 64, layer 0) > Making operation type 64 opaque [module /[Default VFS]/] > Accepting operation type 64 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #65 (type 65, layer 0) > Making operation type 65 opaque [module /[Default VFS]/] > Accepting operation type 65 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #66 (type 66, layer 0) > Making operation type 66 opaque [module /[Default VFS]/] > Accepting operation type 66 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #67 (type 67, layer 0) > Making operation type 67 opaque [module /[Default VFS]/] > Accepting operation type 67 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #68 (type 68, layer 0) > Making operation type 68 opaque [module /[Default VFS]/] > Accepting operation type 68 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #69 (type 69, layer 0) > Making operation type 69 opaque [module /[Default VFS]/] > Accepting operation type 69 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #70 (type 70, layer 0) > Making operation type 70 opaque [module /[Default VFS]/] > Accepting operation type 70 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #71 (type 71, layer 0) > Making operation type 71 opaque [module /[Default VFS]/] > Accepting operation type 71 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #72 (type 72, layer 0) > Making operation type 72 opaque [module /[Default VFS]/] > Accepting operation type 72 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #73 (type 73, layer 0) > Making operation type 73 opaque [module /[Default VFS]/] > Accepting operation type 73 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #74 (type 74, layer 0) > Making operation type 74 opaque [module /[Default VFS]/] > Accepting operation type 74 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #75 (type 75, layer 0) > Making operation type 75 opaque [module /[Default VFS]/] > Accepting operation type 75 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #76 (type 76, layer 0) > Making operation type 76 opaque [module /[Default VFS]/] > Accepting operation type 76 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #77 (type 77, layer 0) > Making operation type 77 opaque [module /[Default VFS]/] > Accepting operation type 77 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #78 (type 78, layer 0) > Making operation type 78 opaque [module /[Default VFS]/] > Accepting operation type 78 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #79 (type 79, layer 0) > Making operation type 79 opaque [module /[Default VFS]/] > Accepting operation type 79 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #80 (type 80, layer 0) > Making operation type 80 opaque [module /[Default VFS]/] > Accepting operation type 80 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #81 (type 81, layer 0) > Making operation type 81 opaque [module /[Default VFS]/] > Accepting operation type 81 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #82 (type 82, layer 0) > Making operation type 82 opaque [module /[Default VFS]/] > Accepting operation type 82 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #83 (type 83, layer 0) > Making operation type 83 opaque [module /[Default VFS]/] > Accepting operation type 83 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #84 (type 84, layer 0) > Making operation type 84 opaque [module /[Default VFS]/] > Accepting operation type 84 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #85 (type 85, layer 0) > Making operation type 85 opaque [module /[Default VFS]/] > Accepting operation type 85 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #86 (type 86, layer 0) > Making operation type 86 opaque [module /[Default VFS]/] > Accepting operation type 86 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #87 (type 87, layer 0) > Making operation type 87 opaque [module /[Default VFS]/] > Accepting operation type 87 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #88 (type 88, layer 0) > Making operation type 88 opaque [module /[Default VFS]/] > Accepting operation type 88 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #89 (type 89, layer 0) > Making operation type 89 opaque [module /[Default VFS]/] > Accepting operation type 89 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #90 (type 90, layer 0) > Making operation type 90 opaque [module /[Default VFS]/] > Accepting operation type 90 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #91 (type 91, layer 0) > Making operation type 91 opaque [module /[Default VFS]/] > Accepting operation type 91 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #92 (type 92, layer 0) > Making operation type 92 opaque [module /[Default VFS]/] > Accepting operation type 92 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #93 (type 93, layer 0) > Making operation type 93 opaque [module /[Default VFS]/] > Accepting operation type 93 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #94 (type 94, layer 0) > Making operation type 94 opaque [module /[Default VFS]/] > Accepting operation type 94 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #95 (type 95, layer 0) > Making operation type 95 opaque [module /[Default VFS]/] > Accepting operation type 95 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #96 (type 96, layer 0) > Making operation type 96 opaque [module /[Default VFS]/] > Accepting operation type 96 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #97 (type 97, layer 0) > Making operation type 97 opaque [module /[Default VFS]/] > Accepting operation type 97 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #98 (type 98, layer 0) > Making operation type 98 opaque [module /[Default VFS]/] > Accepting operation type 98 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #99 (type 99, layer 0) > Making operation type 99 opaque [module /[Default VFS]/] > Accepting operation type 99 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #100 (type 100, layer 0) > Making operation type 100 opaque [module /[Default VFS]/] > Accepting operation type 100 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #101 (type 101, layer 0) > Making operation type 101 opaque [module /[Default VFS]/] > Accepting operation type 101 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #102 (type 102, layer 0) > Making operation type 102 opaque [module /[Default VFS]/] > Accepting operation type 102 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #103 (type 103, layer 0) > Making operation type 103 opaque [module /[Default VFS]/] > Accepting operation type 103 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #104 (type 104, layer 0) > Making operation type 104 opaque [module /[Default VFS]/] > Accepting operation type 104 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #105 (type 105, layer 0) > Making operation type 105 opaque [module /[Default VFS]/] > Accepting operation type 105 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #106 (type 106, layer 0) > Making operation type 106 opaque [module /[Default VFS]/] > Accepting operation type 106 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #107 (type 107, layer 0) > Making operation type 107 opaque [module /[Default VFS]/] > Accepting operation type 107 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #108 (type 108, layer 0) > Making operation type 108 opaque [module /[Default VFS]/] > Accepting operation type 108 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #109 (type 109, layer 0) > Making operation type 109 opaque [module /[Default VFS]/] > Accepting operation type 109 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/vfs.c:192(vfs_init_custom) > Checking operation #110 (type 110, layer 0) > Making operation type 110 opaque [module /[Default VFS]/] > Accepting operation type 110 from module /[Default VFS]/ >[2010/04/27 16:57:51, 5, pid=12782] smbd/connection.c:142(claim_connection) > claiming [IPC$] >[2010/04/27 16:57:51, 10, pid=12782] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) > Locking key EE310000FFFFFFFF0100 >[2010/04/27 16:57:51, 10, pid=12782] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) > Allocated locked data 0x0x98021d0 >[2010/04/27 16:57:51, 10, pid=12782] lib/dbwrap_tdb.c:42(db_tdb_record_destr) > Unlocking key EE310000FFFFFFFF0100 >[2010/04/27 16:57:51, 10, pid=12782] smbd/service.c:163(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2010/04/27 16:57:51, 10, pid=12782] smbd/share_access.c:234(user_ok_token) > user_ok_token: share IPC$ is ok for unix user zanchey >[2010/04/27 16:57:51, 10, pid=12782] smbd/share_access.c:279(is_share_read_only_for_token) > is_share_read_only_for_user: share IPC$ is read-only for unix user zanchey >[2010/04/27 16:57:51, 10, pid=12782] lib/util_seaccess.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2010/04/27 16:57:51, 3, pid=12782] lib/util_sid.c:228(string_to_sid) > string_to_sid: Sid root does not start with 'S-'. >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:69(lookup_name) > lookup_name: UCCDOMAIN\root => UCCDOMAIN (domain), root (name) >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:70(lookup_name) > lookup_name: flags = 0x073 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2010/04/27 16:57:51, 2, pid=12782] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: root >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username root, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username root, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:549(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1000 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1000 >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name Super-User, was >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\root, was >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute description does not exist >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaMungedDial does not exist >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2010/04/27 16:57:51, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2010/04/27 16:57:51, 7, pid=12782] passdb/login_cache.c:87(login_cache_read) > Looking up login cache for user root >[2010/04/27 16:57:51, 7, pid=12782] passdb/login_cache.c:103(login_cache_read) > No cache entry found >[2010/04/27 16:57:51, 9, pid=12782] passdb/pdb_ldap.c:1125(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] lib/username.c:133(Get_Pwnam_alloc) > Finding user root >[2010/04/27 16:57:51, 5, pid=12782] lib/username.c:77(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2010/04/27 16:57:51, 5, pid=12782] lib/username.c:110(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username root, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username root, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name Super-User, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\root, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1000 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1000 from rid 1000 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] lib/util_sid.c:228(string_to_sid) > string_to_sid: Sid @wheel does not start with 'S-'. >[2010/04/27 16:57:51, 5, pid=12782] smbd/password.c:403(user_in_netgroup) > Unable to get default yp domain, let's try without specifying it >[2010/04/27 16:57:51, 5, pid=12782] smbd/password.c:407(user_in_netgroup) > looking for user zanchey of domain (ANY) in netgroup wheel >[2010/04/27 16:57:51, 5, pid=12782] smbd/password.c:423(user_in_netgroup) > looking for user zanchey of domain (ANY) in netgroup wheel >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:69(lookup_name) > lookup_name: UCCDOMAIN\wheel => UCCDOMAIN (domain), wheel (name) >[2010/04/27 16:57:51, 10, pid=12782] passdb/lookup_sid.c:70(lookup_name) > lookup_name: flags = 0x077 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=wheel)(cn=wheel)))], scope => [2] >[2010/04/27 16:57:51, 2, pid=12782] passdb/pdb_ldap.c:2434(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username zanchey, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username zanchey, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name David Adam, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\zanchey, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 >[2010/04/27 16:57:51, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:51, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:51, 10, pid=12782] smbd/service.c:163(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2010/04/27 16:57:51, 3, pid=12782] smbd/service.c:1063(make_connection_snum) > maaxen (::ffff:130.95.13.55) connect to service IPC$ initially as user zanchey (uid=0, gid=0) (pid 12782) >[2010/04/27 16:57:51, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:51, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:51, 5, pid=12782] smbd/uid.c:368(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2010/04/27 16:57:51, 3, pid=12782] smbd/reply.c:759(reply_tcon_and_X) > tconX service=IPC$ >[2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 100 >[2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x64 >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 4 of length 104 (0 toread) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=256 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] D6 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [0010] 00 . >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBntcreateX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:53, 4, pid=12782] smbd/vfs.c:753(vfs_ChDir) > vfs_ChDir to /tmp >[2010/04/27 16:57:53, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc >[2010/04/27 16:57:53, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) > nt_open_pipe: Opening pipe \lsarpc. >[2010/04/27 16:57:53, 5, pid=12782] smbd/files.c:103(file_new) > allocated file structure 5887, fnum = 9983 (1 used) >[2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) > Create pipe requested \lsarpc >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) > init_pipe_handles: created handle list for pipe \lsarpc >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) > init_pipe_handles: pipe_handles ref count = 1 for pipe \lsarpc >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:53, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:53, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:53, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:53, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username zanchey, was >[2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username zanchey, was >[2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name David Adam, was >[2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\zanchey, was >[2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:53, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:53, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 >[2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 >[2010/04/27 16:57:53, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 >[2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) > Created internal pipe \lsarpc (pipes_open=0) >[2010/04/27 16:57:53, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 224 >[2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xe0 >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 5 of length 228 (0 toread) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=320 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9983 (0x26FF) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [0030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 57 34 .+.H`... .....xW4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 57 34 12 34 12 CD 6....... .xW4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 00 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBwriteX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:53, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) > reply_pipe_write_and_X: 26ff name: lsarpc len: 160 >[2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 160 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a0 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 11, flags = 3 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 11 >[2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) > api_pipe_bind_req: decode request. 1558 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_rb >[2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 03 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 >[2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00000f smb_io_rpc_iface >[2010/04/27 16:57:53, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_uuid uuid > 0010 data : 12345778 > 0014 data : 1234 > 0016 data : abcd > 0018 data : ef 00 > 001a data : 01 23 45 67 89 ab > 0020 version: 00000000 >[2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_rpc_iface >[2010/04/27 16:57:53, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 > 0038 context_id : 0001 > 003a num_transfer_syntaxes: 01 >[2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003b smb_io_rpc_iface >[2010/04/27 16:57:53, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003c smb_io_uuid uuid > 003c data : 12345778 > 0040 data : 1234 > 0042 data : abcd > 0044 data : ef 00 > 0046 data : 01 23 45 67 89 ab > 004c version: 00000000 >[2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_rpc_iface >[2010/04/27 16:57:53, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_uuid uuid > 0050 data : 71710533 > 0054 data : beba > 0056 data : 4937 > 0058 data : 83 19 > 005a data : b5 db ef 9c cc 36 > 0060 version: 00000001 > 0064 context_id : 0002 > 0066 num_transfer_syntaxes: 01 >[2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000067 smb_io_rpc_iface >[2010/04/27 16:57:53, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000068 smb_io_uuid uuid > 0068 data : 12345778 > 006c data : 1234 > 006e data : abcd > 0070 data : ef 00 > 0072 data : 01 23 45 67 89 ab > 0078 version: 00000000 >[2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_rpc_iface >[2010/04/27 16:57:53, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_uuid uuid > 007c data : 6cb71c2c > 0080 data : 9812 > 0082 data : 4540 > 0084 data : 03 00 > 0086 data : 00 00 00 00 00 00 > 008c version: 00000001 >[2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc >[2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) > api_pipe_bind_req: make response. 1628 >[2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) > check_bind_req for \lsarpc > checking lsarpc >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_ba >[2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 >[2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\lsarpc. >[2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 >[2010/04/27 16:57:53, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000020 smb_io_rpc_iface >[2010/04/27 16:57:53, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:53, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 59 >[2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x3b >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 6 of length 63 (0 toread) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=384 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9983 (0x26FF) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBreadX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) > read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:53, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 164 >[2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xa4 >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 7 of length 168 (0 toread) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=448 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9983 (0x26FF) > smb_bcc=97 >[2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 50 00 00 00 02 00 00 ........ .P...... > [0020] 00 38 00 00 00 00 00 2C 00 00 00 02 00 06 00 00 .8....., ........ > [0030] 00 00 00 00 00 06 00 00 00 4D 00 59 00 4C 00 41 ........ .M.Y.L.A > [0040] 00 48 00 00 00 30 00 00 00 00 00 00 00 00 00 00 .H...0.. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 02 . >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=80 params=0 setup=2 >[2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 26ff) >[2010/04/27 16:57:53, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 80 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 80 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 64 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0050 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 64 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000038 > 0004 context_id: 0000 > 0006 opnum : 002c >[2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 167 >[2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\lsarpc >[2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[44].fn == 0x822bf40 >[2010/04/27 16:57:53, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > in: struct lsa_OpenPolicy2 > system_name : * > system_name : 'MYLAH' > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000030 (48) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : NULL > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION >[2010/04/27 16:57:53, 10, pid=12782] lib/util_seaccess.c:58(se_map_generic) > se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff >[2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) > _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) >[2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) > Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4B 11 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:53, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > out: struct lsa_OpenPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-d64b-11a7ee310000 > result : NT_STATUS_OK >[2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1052 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 64 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016e0 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016e0 >[2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd7d0 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97dd7d0 >[2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=448 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [0020] 00 00 00 00 00 D6 4B 11 A7 EE 31 00 00 00 00 00 ......K. ..1..... > [0030] 00 . >[2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 130 >[2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x82 >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 8 of length 134 (0 toread) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=512 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9983 (0x26FF) > smb_bcc=63 >[2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ > [0020] 00 16 00 00 00 00 00 2E 00 00 00 00 00 01 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 11 A7 EE 31 00 00 0C 00 ......K. ..1.... >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=46 params=0 setup=2 >[2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 26ff) >[2010/04/27 16:57:53, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 46 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 46 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 00000003 >[2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000016 > 0004 context_id: 0000 > 0006 opnum : 002e >[2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\lsarpc >[2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x2e - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2 >[2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[46].fn == 0x822b910 >[2010/04/27 16:57:53, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-d64b-11a7ee310000 > level : LSA_POLICY_INFO_DNS (12) >[2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_pipe.c:2345(api_rpcTNP) > api_rpcTNP: rng fault return >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 23 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 00000003 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000000 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_OP_RNG_ERROR > 001c reserved: 00000000 >[2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 30 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) > read_from_pipe: \lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97eaf30 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97eaf30 >[2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..32] (align 0) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=512 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 03 23 10 00 00 00 20 00 00 00 03 00 00 ....#... . ...... > [0010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [0020] 00 . >[2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 130 >[2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x82 >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 9 of length 134 (0 toread) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=576 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9983 (0x26FF) > smb_bcc=63 >[2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 04 00 00 ........ ........ > [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 01 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 11 A7 EE 31 00 00 03 00 ......K. ..1.... >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=46 params=0 setup=2 >[2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 26ff) >[2010/04/27 16:57:53, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 46 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 46 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 00000004 >[2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000016 > 0004 context_id: 0000 > 0006 opnum : 0007 >[2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\lsarpc >[2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[7].fn == 0x82330e0 >[2010/04/27 16:57:53, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > in: struct lsa_QueryInfoPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-d64b-11a7ee310000 > level : LSA_POLICY_INFO_DOMAIN (3) >[2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4B 11 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:53, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > out: struct lsa_QueryInfoPolicy > info : * > info : * > info : union lsa_PolicyInformation(case 3) > domain: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : 'UCCDOMAIN' > sid : * > sid : S-1-5-352321536-3342141748-1574249315-1264630062 > result : NT_STATUS_OK >[2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 112 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 30 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 84. >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 00000004 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000054 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd560 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97dd560 >[2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..108] (align 0) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=576 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 108 (0x6C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 108 (0x6C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=109 >[2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 6C 00 00 00 04 00 00 ........ .l...... > [0010] 00 54 00 00 00 00 00 00 00 00 00 02 00 03 00 00 .T...... ........ > [0020] 00 12 00 14 00 04 00 02 00 08 00 02 00 0A 00 00 ........ ........ > [0030] 00 00 00 00 00 09 00 00 00 55 00 43 00 43 00 44 ........ .U.C.C.D > [0040] 00 4F 00 4D 00 41 00 49 00 4E 00 00 00 04 00 00 .O.M.A.I .N...... > [0050] 00 01 04 00 00 00 00 00 05 00 00 00 15 34 09 35 ........ .....4.5 > [0060] C7 63 23 D5 5D 2E B9 60 4B 00 00 00 00 .c#.]..` K.... >[2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 128 >[2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x80 >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 10 of length 132 (0 toread) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=640 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9983 (0x26FF) > smb_bcc=61 >[2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 11 A7 EE 31 00 00 ......K. ..1.. >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:53, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 26ff) >[2010/04/27 16:57:53, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 44 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 00000005 >[2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0000 >[2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\lsarpc >[2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[0].fn == 0x8234650 >[2010/04/27 16:57:53, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000001-0000-0000-d64b-11a7ee310000 >[2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4B 11 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:53, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 D6 4B 11 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) > Closed policy >[2010/04/27 16:57:53, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2010/04/27 16:57:53, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2010/04/27 16:57:53, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:53, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000005 >[2010/04/27 16:57:53, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ed578 >[2010/04/27 16:57:53, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ed578 >[2010/04/27 16:57:53, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=640 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2010/04/27 16:57:53, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2010/04/27 16:57:53, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 41 >[2010/04/27 16:57:53, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x29 >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 11 of length 45 (0 toread) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=704 > smt_wct=3 > smb_vwv[ 0]= 9983 (0x26FF) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2010/04/27 16:57:53, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBclose (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:53, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:53, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:53, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:53, 3, pid=12782] smbd/reply.c:4488(reply_close) > close fd=-1 fnum=9983 (numopen=1) >[2010/04/27 16:57:53, 6, pid=12782] smbd/close.c:454(set_close_write_time) > close_write_time: Thu Jan 1 07:59:59 1970 >[2010/04/27 16:57:53, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \lsarpc >[2010/04/27 16:57:53, 5, pid=12782] smbd/files.c:474(file_free) > freed files structure 9983 (0 used) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:53, 5, pid=12782] lib/util.c:642(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=704 > smt_wct=0 > smb_bcc=0 >[2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 100 >[2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x64 >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 12 of length 104 (0 toread) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=768 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] D6 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [0010] 00 . >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBntcreateX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:54, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc >[2010/04/27 16:57:54, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) > nt_open_pipe: Opening pipe \lsarpc. >[2010/04/27 16:57:54, 5, pid=12782] smbd/files.c:103(file_new) > allocated file structure 5888, fnum = 9984 (1 used) >[2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) > Create pipe requested \lsarpc >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) > init_pipe_handles: created handle list for pipe \lsarpc >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) > init_pipe_handles: pipe_handles ref count = 1 for pipe \lsarpc >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:54, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:54, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:54, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:54, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username zanchey, was >[2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username zanchey, was >[2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name David Adam, was >[2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\zanchey, was >[2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:54, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:54, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 >[2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 >[2010/04/27 16:57:54, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 >[2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) > Created internal pipe \lsarpc (pipes_open=0) >[2010/04/27 16:57:54, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 224 >[2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xe0 >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 13 of length 228 (0 toread) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=832 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9984 (0x2700) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [0030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 57 34 .+.H`... .....xW4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 57 34 12 34 12 CD 6....... .xW4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 00 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBwriteX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:54, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2700 name: lsarpc len: 160 >[2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 160 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a0 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 11, flags = 3 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 11 >[2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) > api_pipe_bind_req: decode request. 1558 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_rb >[2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 03 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 >[2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00000f smb_io_rpc_iface >[2010/04/27 16:57:54, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_uuid uuid > 0010 data : 12345778 > 0014 data : 1234 > 0016 data : abcd > 0018 data : ef 00 > 001a data : 01 23 45 67 89 ab > 0020 version: 00000000 >[2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_rpc_iface >[2010/04/27 16:57:54, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 > 0038 context_id : 0001 > 003a num_transfer_syntaxes: 01 >[2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003b smb_io_rpc_iface >[2010/04/27 16:57:54, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003c smb_io_uuid uuid > 003c data : 12345778 > 0040 data : 1234 > 0042 data : abcd > 0044 data : ef 00 > 0046 data : 01 23 45 67 89 ab > 004c version: 00000000 >[2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_rpc_iface >[2010/04/27 16:57:54, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_uuid uuid > 0050 data : 71710533 > 0054 data : beba > 0056 data : 4937 > 0058 data : 83 19 > 005a data : b5 db ef 9c cc 36 > 0060 version: 00000001 > 0064 context_id : 0002 > 0066 num_transfer_syntaxes: 01 >[2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000067 smb_io_rpc_iface >[2010/04/27 16:57:54, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000068 smb_io_uuid uuid > 0068 data : 12345778 > 006c data : 1234 > 006e data : abcd > 0070 data : ef 00 > 0072 data : 01 23 45 67 89 ab > 0078 version: 00000000 >[2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_rpc_iface >[2010/04/27 16:57:54, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_uuid uuid > 007c data : 6cb71c2c > 0080 data : 9812 > 0082 data : 4540 > 0084 data : 03 00 > 0086 data : 00 00 00 00 00 00 > 008c version: 00000001 >[2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc >[2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) > api_pipe_bind_req: make response. 1628 >[2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) > check_bind_req for \lsarpc > checking lsarpc >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_ba >[2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 >[2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\lsarpc. >[2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 >[2010/04/27 16:57:54, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000020 smb_io_rpc_iface >[2010/04/27 16:57:54, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:54, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 59 >[2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x3b >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 14 of length 63 (0 toread) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=896 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9984 (0x2700) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBreadX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) > read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:54, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 164 >[2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xa4 >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 15 of length 168 (0 toread) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=960 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9984 (0x2700) > smb_bcc=97 >[2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 50 00 00 00 02 00 00 ........ .P...... > [0020] 00 38 00 00 00 00 00 2C 00 00 00 02 00 06 00 00 .8....., ........ > [0030] 00 00 00 00 00 06 00 00 00 4D 00 59 00 4C 00 41 ........ .M.Y.L.A > [0040] 00 48 00 00 00 30 00 00 00 00 00 00 00 00 00 00 .H...0.. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 02 . >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=80 params=0 setup=2 >[2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 2700) >[2010/04/27 16:57:54, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 80 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 80 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 64 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0050 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 64 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000038 > 0004 context_id: 0000 > 0006 opnum : 002c >[2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 167 >[2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\lsarpc >[2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[44].fn == 0x822bf40 >[2010/04/27 16:57:54, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > in: struct lsa_OpenPolicy2 > system_name : * > system_name : 'MYLAH' > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000030 (48) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : NULL > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION >[2010/04/27 16:57:54, 10, pid=12782] lib/util_seaccess.c:58(se_map_generic) > se_map_generic(): mapped mask 0xb0000000 to 0x000f0fff >[2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) > _lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted: 0x000f0fff) >[2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) > Opened policy hnd[1] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4B 12 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:54, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > out: struct lsa_OpenPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-d64b-12a7ee310000 > result : NT_STATUS_OK >[2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1052 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 64 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016e0 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016e0 >[2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd7d0 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97dd7d0 >[2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=960 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [0020] 00 00 00 00 00 D6 4B 12 A7 EE 31 00 00 00 00 00 ......K. ..1..... > [0030] 00 . >[2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 130 >[2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x82 >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 16 of length 134 (0 toread) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1024 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9984 (0x2700) > smb_bcc=63 >[2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ > [0020] 00 16 00 00 00 00 00 2E 00 00 00 00 00 02 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 12 A7 EE 31 00 00 0C 00 ......K. ..1.... >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=46 params=0 setup=2 >[2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 2700) >[2010/04/27 16:57:54, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 46 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 46 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 00000003 >[2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000016 > 0004 context_id: 0000 > 0006 opnum : 002e >[2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\lsarpc >[2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x2e - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2 >[2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[46].fn == 0x822b910 >[2010/04/27 16:57:54, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-d64b-12a7ee310000 > level : LSA_POLICY_INFO_DNS (12) >[2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_pipe.c:2345(api_rpcTNP) > api_rpcTNP: rng fault return >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 23 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 00000003 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000000 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_OP_RNG_ERROR > 001c reserved: 00000000 >[2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 30 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) > read_from_pipe: \lsarpc: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ed578 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ed578 >[2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..32] (align 0) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1024 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 03 23 10 00 00 00 20 00 00 00 03 00 00 ....#... . ...... > [0010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [0020] 00 . >[2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 130 >[2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x82 >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 17 of length 134 (0 toread) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1088 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9984 (0x2700) > smb_bcc=63 >[2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 04 00 00 ........ ........ > [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 02 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 12 A7 EE 31 00 00 03 00 ......K. ..1.... >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=46 params=0 setup=2 >[2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 2700) >[2010/04/27 16:57:54, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 46 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 46 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 00000004 >[2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000016 > 0004 context_id: 0000 > 0006 opnum : 0007 >[2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\lsarpc >[2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[7].fn == 0x82330e0 >[2010/04/27 16:57:54, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > in: struct lsa_QueryInfoPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-d64b-12a7ee310000 > level : LSA_POLICY_INFO_DOMAIN (3) >[2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4B 12 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:54, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > out: struct lsa_QueryInfoPolicy > info : * > info : * > info : union lsa_PolicyInformation(case 3) > domain: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : 'UCCDOMAIN' > sid : * > sid : S-1-5-352321536-3342141748-1574249315-1264630062 > result : NT_STATUS_OK >[2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 112 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 30 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 84. >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 00000004 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000054 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ec9e0 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ec9e0 >[2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..108] (align 0) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1088 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 108 (0x6C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 108 (0x6C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=109 >[2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 6C 00 00 00 04 00 00 ........ .l...... > [0010] 00 54 00 00 00 00 00 00 00 00 00 02 00 03 00 00 .T...... ........ > [0020] 00 12 00 14 00 04 00 02 00 08 00 02 00 0A 00 00 ........ ........ > [0030] 00 00 00 00 00 09 00 00 00 55 00 43 00 43 00 44 ........ .U.C.C.D > [0040] 00 4F 00 4D 00 41 00 49 00 4E 00 00 00 04 00 00 .O.M.A.I .N...... > [0050] 00 01 04 00 00 00 00 00 05 00 00 00 15 34 09 35 ........ .....4.5 > [0060] C7 63 23 D5 5D 2E B9 60 4B 00 00 00 00 .c#.]..` K.... >[2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 128 >[2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x80 >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 18 of length 132 (0 toread) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1152 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9984 (0x2700) > smb_bcc=61 >[2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 02 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 12 A7 EE 31 00 00 ......K. ..1.. >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:54, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 2700) >[2010/04/27 16:57:54, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 44 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 00000005 >[2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0000 >[2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\lsarpc >[2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[0].fn == 0x8234650 >[2010/04/27 16:57:54, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000002-0000-0000-d64b-12a7ee310000 >[2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4B 12 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:54, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 D6 4B 12 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) > Closed policy >[2010/04/27 16:57:54, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2010/04/27 16:57:54, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2010/04/27 16:57:54, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:54, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000005 >[2010/04/27 16:57:54, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:54, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:54, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1152 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2010/04/27 16:57:54, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2010/04/27 16:57:54, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 41 >[2010/04/27 16:57:54, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x29 >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 19 of length 45 (0 toread) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1216 > smt_wct=3 > smb_vwv[ 0]= 9984 (0x2700) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2010/04/27 16:57:54, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBclose (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:54, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:54, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:54, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:54, 3, pid=12782] smbd/reply.c:4488(reply_close) > close fd=-1 fnum=9984 (numopen=1) >[2010/04/27 16:57:54, 6, pid=12782] smbd/close.c:454(set_close_write_time) > close_write_time: Thu Jan 1 07:59:59 1970 >[2010/04/27 16:57:54, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \lsarpc >[2010/04/27 16:57:54, 5, pid=12782] smbd/files.c:474(file_free) > freed files structure 9984 (0 used) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:54, 5, pid=12782] lib/util.c:642(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1216 > smt_wct=0 > smb_bcc=0 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 96 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x60 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 20 of length 100 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1280 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=13 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] FF 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBntcreateX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = samr >[2010/04/27 16:57:55, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) > nt_open_pipe: Opening pipe \samr. >[2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:103(file_new) > allocated file structure 5889, fnum = 9985 (1 used) >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) > Create pipe requested \samr >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) > init_pipe_handles: created handle list for pipe \samr >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) > init_pipe_handles: pipe_handles ref count = 1 for pipe \samr >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name David Adam, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) > Created internal pipe \samr (pipes_open=0) >[2010/04/27 16:57:55, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \samr >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 224 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xe0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 21 of length 228 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1344 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9985 (0x2701) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [0030] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 57 34 .+.H`... .....xW4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 57 34 12 34 12 CD 6....... .xW4.4.. > [0080] AB EF 00 01 23 45 67 89 AC 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBwriteX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2701 name: samr len: 160 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a0 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 11, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 11 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) > api_pipe_bind_req: decode request. 1558 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_rb >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 03 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00000f smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_uuid uuid > 0010 data : 12345778 > 0014 data : 1234 > 0016 data : abcd > 0018 data : ef 00 > 001a data : 01 23 45 67 89 ac > 0020 version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 > 0038 context_id : 0001 > 003a num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003b smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003c smb_io_uuid uuid > 003c data : 12345778 > 0040 data : 1234 > 0042 data : abcd > 0044 data : ef 00 > 0046 data : 01 23 45 67 89 ac > 004c version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_uuid uuid > 0050 data : 71710533 > 0054 data : beba > 0056 data : 4937 > 0058 data : 83 19 > 005a data : b5 db ef 9c cc 36 > 0060 version: 00000001 > 0064 context_id : 0002 > 0066 num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000067 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000068 smb_io_uuid uuid > 0068 data : 12345778 > 006c data : 1234 > 006e data : abcd > 0070 data : ef 00 > 0072 data : 01 23 45 67 89 ac > 0078 version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_uuid uuid > 007c data : 6cb71c2c > 0080 data : 9812 > 0082 data : 4540 > 0084 data : 03 00 > 0086 data : 00 00 00 00 00 00 > 008c version: 00000001 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\samr -> \PIPE\samr >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) > api_pipe_bind_req: make response. 1628 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) > check_bind_req for \samr > checking lsarpc > checking winreg > checking initshutdown > checking dssetup > checking wkssvc > checking svcctl > checking ntsvcs > checking netlogon > checking netdfs > checking srvsvc > checking spoolss > checking eventlog > checking samr >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_ba >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000008 smb_io_rpc_addr_str > 0008 len: 000b > 000a str: \PIPE\samr. >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000015 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000020 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 59 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x3b >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 22 of length 63 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1408 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9985 (0x2701) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBreadX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) > read_from_pipe: \samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 156 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x9c >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 23 of length 160 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1472 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9985 (0x2701) > smb_bcc=89 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 48 00 00 00 02 00 00 ........ .H...... > [0020] 00 30 00 00 00 00 00 40 00 00 00 02 00 06 00 00 .0.....@ ........ > [0030] 00 00 00 00 00 06 00 00 00 4D 00 59 00 4C 00 41 ........ .M.Y.L.A > [0040] 00 48 00 00 00 30 00 00 00 01 00 00 00 01 00 00 .H...0.. ........ > [0050] 00 03 00 00 00 00 00 00 00 ........ . >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2701) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 72 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000030 > 0004 context_id: 0000 > 0006 opnum : 0040 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 165 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x40 - api_rpcTNP: rpc command: SAMR_CONNECT5 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[64].fn == 0x82cff10 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_Connect5: struct samr_Connect5 > in: struct samr_Connect5 > system_name : * > system_name : 'MYLAH' > access_mask : 0x00000030 (48) > 0: SAMR_ACCESS_CONNECT_TO_SERVER > 0: SAMR_ACCESS_SHUTDOWN_SERVER > 0: SAMR_ACCESS_INITIALIZE_SERVER > 0: SAMR_ACCESS_CREATE_DOMAIN > 1: SAMR_ACCESS_ENUM_DOMAINS > 1: SAMR_ACCESS_LOOKUP_DOMAIN > level_in : 0x00000001 (1) > info_in : * > info_in : union samr_ConnectInfo(case 1) > info1: struct samr_ConnectInfo1 > client_version : SAMR_CONNECT_AFTER_W2K (3) > unknown2 : 0x00000000 (0) >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:3976(_samr_Connect2) > _samr_Connect5: 3976 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) > _samr_Connect5: access GRANTED (requested: 0x00000030, granted: 0x00000030) >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:395(get_samr_info_by_sid) > get_samr_info_by_sid: created new info for sid (NULL) >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:400(get_samr_info_by_sid) > get_samr_info_by_sid: created new info for NULL sid. >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) > Opened policy hnd[1] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:4007(_samr_Connect2) > _samr_Connect5: 4007 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_Connect5: struct samr_Connect5 > out: struct samr_Connect5 > level_out : * > level_out : 0x00000001 (1) > info_out : * > info_out : union samr_ConnectInfo(case 1) > info1: struct samr_ConnectInfo1 > client_version : SAMR_CONNECT_AFTER_W2K (3) > unknown2 : 0x00000000 (0) > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-d64b-13a7ee310000 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 984 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016d0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016d0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 40. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0040 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000028 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd7d0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97dd7d0 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..64] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1472 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 64 (0x40) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 64 (0x40) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=65 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 40 00 00 00 02 00 00 ........ .@...... > [0010] 00 28 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .(...... ........ > [0020] 00 03 00 00 00 00 00 00 00 00 00 00 00 03 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 00 00 ......K. ..1..... > [0040] 00 . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 136 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x88 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 24 of length 140 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1536 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9985 (0x2701) > smb_bcc=69 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 34 00 00 00 03 00 00 ........ .4...... > [0020] 00 1C 00 00 00 00 00 06 00 00 00 00 00 03 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 00 00 ......K. ..1..... > [0040] 00 00 20 00 00 .. .. >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=52 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2701) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 52 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 52 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 36 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0034 > 000a auth_len : 0000 > 000c call_id : 00000003 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 36 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000001c > 0004 context_id: 0000 > 0006 opnum : 0006 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x6 - api_rpcTNP: rpc command: SAMR_ENUMDOMAINS >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[6].fn == 0x82db760 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_EnumDomains: struct samr_EnumDomains > in: struct samr_EnumDomains > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-d64b-13a7ee310000 > resume_handle : * > resume_handle : 0x00000000 (0) > buf_size : 0x00002000 (8192) >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) > _samr_EnumDomains: access check ((granted: 0x00000030; required: 0x00000010) >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_EnumDomains: struct samr_EnumDomains > out: struct samr_EnumDomains > resume_handle : * > resume_handle : 0x00000000 (0) > sam : * > sam : * > sam: struct samr_SamArray > count : 0x00000002 (2) > entries : * > entries: ARRAY(2) > entries: struct samr_SamEntry > idx : 0x00000000 (0) > name: struct lsa_String > length : 0x0012 (18) > size : 0x0012 (18) > string : * > string : 'UCCDOMAIN' > entries: struct samr_SamEntry > idx : 0x00000001 (1) > name: struct lsa_String > length : 0x000e (14) > size : 0x000e (14) > string : * > string : 'Builtin' > num_entries : * > num_entries : 0x00000002 (2) > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 32 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 36 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016b0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016b0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 112. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0088 > 000a auth_len : 0000 > 000c call_id : 00000003 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000070 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..136] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=192 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1536 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 136 (0x88) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 136 (0x88) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=137 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 88 00 00 00 03 00 00 ........ ........ > [0010] 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 02 .p...... ........ > [0020] 00 02 00 00 00 04 00 02 00 02 00 00 00 00 00 00 ........ ........ > [0030] 00 12 00 12 00 08 00 02 00 01 00 00 00 0E 00 0E ........ ........ > [0040] 00 0C 00 02 00 09 00 00 00 00 00 00 00 09 00 00 ........ ........ > [0050] 00 55 00 43 00 43 00 44 00 4F 00 4D 00 41 00 49 .U.C.C.D .O.M.A.I > [0060] 00 4E 00 00 00 07 00 00 00 00 00 00 00 07 00 00 .N...... ........ > [0070] 00 42 00 75 00 69 00 6C 00 74 00 69 00 6E 00 00 .B.u.i.l .t.i.n.. > [0080] 00 02 00 00 00 00 00 00 00 ........ . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 166 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xa6 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 25 of length 170 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=166 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1600 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 82 (0x52) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 82 (0x52) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9985 (0x2701) > smb_bcc=99 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 52 00 00 00 04 00 00 ........ .R...... > [0020] 00 3A 00 00 00 00 00 05 00 00 00 00 00 03 00 00 .:...... ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 12 00 12 ......K. ..1..... > [0040] 00 00 00 02 00 09 00 00 00 00 00 00 00 09 00 00 ........ ........ > [0050] 00 55 00 43 00 43 00 44 00 4F 00 4D 00 41 00 49 .U.C.C.D .O.M.A.I > [0060] 00 4E 00 .N. >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=82 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2701) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 82 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 82 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 82 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 82, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 66 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 66 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0052 > 000a auth_len : 0000 > 000c call_id : 00000004 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 66 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 66, incoming data = 66 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000003a > 0004 context_id: 0000 > 0006 opnum : 0005 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x5 - api_rpcTNP: rpc command: SAMR_LOOKUPDOMAIN >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[5].fn == 0x82dbaf0 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_LookupDomain: struct samr_LookupDomain > in: struct samr_LookupDomain > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-d64b-13a7ee310000 > domain_name : * > domain_name: struct lsa_String > length : 0x0012 (18) > size : 0x0012 (18) > string : * > string : 'UCCDOMAIN' >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) > _samr_LookupDomain: access check ((granted: 0x00000030; required: 0x00000020) >[2010/04/27 16:57:55, 2, pid=12782] rpc_server/srv_samr_nt.c:4118(_samr_LookupDomain) > Returning domain sid for domain UCCDOMAIN -> S-1-5-352321536-3342141748-1574249315-1264630062 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_LookupDomain: struct samr_LookupDomain > out: struct samr_LookupDomain > sid : * > sid : * > sid : S-1-5-352321536-3342141748-1574249315-1264630062 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 68 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 66 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016f0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016f0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 003c > 000a auth_len : 0000 > 000c call_id : 00000004 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000024 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd7d0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97dd7d0 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..60] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1600 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 04 00 00 ........ .<...... > [0010] 00 24 00 00 00 00 00 00 00 00 00 02 00 04 00 00 .$...... ........ > [0020] 00 01 04 00 00 00 00 00 05 00 00 00 15 34 09 35 ........ .....4.5 > [0030] C7 63 23 D5 5D 2E B9 60 4B 00 00 00 00 .c#.]..` K.... >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 160 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xa0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 26 of length 164 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1664 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9985 (0x2701) > smb_bcc=93 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 05 00 00 ........ .L...... > [0020] 00 34 00 00 00 00 00 07 00 00 00 00 00 03 00 00 .4...... ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 11 02 00 ......K. ..1..... > [0040] 00 04 00 00 00 01 04 00 00 00 00 00 05 00 00 00 ........ ........ > [0050] 15 34 09 35 C7 63 23 D5 5D 2E B9 60 4B .4.5.c#. ]..`K >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=76 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2701) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 76 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 76 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 60 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 004c > 000a auth_len : 0000 > 000c call_id : 00000005 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 60 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000034 > 0004 context_id: 0000 > 0006 opnum : 0007 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPENDOMAIN >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[7].fn == 0x82db430 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_OpenDomain: struct samr_OpenDomain > in: struct samr_OpenDomain > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-d64b-13a7ee310000 > access_mask : 0x00000211 (529) > 1: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 > 1: SAMR_DOMAIN_ACCESS_CREATE_USER > 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP > 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS > 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS > 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS > 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT > 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 > sid : * > sid : S-1-5-352321536-3342141748-1574249315-1264630062 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:186(access_check_object) > access_check_object: user rights access mask [0x3f0] >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) > _samr_OpenDomain: access GRANTED (requested: 0x00000001, granted: 0x000003f1) >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:395(get_samr_info_by_sid) > get_samr_info_by_sid: created new info for sid S-1-5-352321536-3342141748-1574249315-1264630062 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) > Opened policy hnd[2] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:662(_samr_OpenDomain) > _samr_OpenDomain: 662 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_OpenDomain: struct samr_OpenDomain > out: struct samr_OpenDomain > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-d64b-13a7ee310000 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 984 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 60 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016e0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016e0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000005 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ec9e0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ec9e0 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1664 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 04 00 00 ........ ........ > [0020] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 00 00 ......K. ..1..... > [0030] 00 . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 172 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xac >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 27 of length 176 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1728 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9985 (0x2701) > smb_bcc=105 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 58 00 00 00 06 00 00 ........ .X...... > [0020] 00 40 00 00 00 00 00 32 00 00 00 00 00 04 00 00 .@.....2 ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 0E 00 10 ......K. ..1..... > [0040] 00 00 00 02 00 08 00 00 00 00 00 00 00 07 00 00 ........ ........ > [0050] 00 4D 00 41 00 41 00 58 00 45 00 4E 00 24 00 00 .M.A.A.X .E.N.$.. > [0060] 00 80 00 00 00 B0 00 05 E0 ........ . >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=88 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2701) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 88 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 88 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 88 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 72 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0058 > 000a auth_len : 0000 > 000c call_id : 00000006 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 72, incoming data = 72 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000040 > 0004 context_id: 0000 > 0006 opnum : 0032 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x32 - api_rpcTNP: rpc command: SAMR_CREATEUSER2 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[50].fn == 0x82d2b60 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_CreateUser2: struct samr_CreateUser2 > in: struct samr_CreateUser2 > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-d64b-13a7ee310000 > account_name : * > account_name: struct lsa_String > length : 0x000e (14) > size : 0x000e (14) > string : * > string : 'MAAXEN$' > acct_flags : 0x00000080 (128) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 0: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 1: ACB_WSTRUST > 0: ACB_SVRTRUST > 0: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_NO_AUTH_DATA_REQD > access_mask : 0xe00500b0 (3758424240) > 0: SAMR_USER_ACCESS_GET_NAME_ETC > 0: SAMR_USER_ACCESS_GET_LOCALE > 0: SAMR_USER_ACCESS_SET_LOC_COM > 0: SAMR_USER_ACCESS_GET_LOGONINFO > 1: SAMR_USER_ACCESS_GET_ATTRIBUTES > 1: SAMR_USER_ACCESS_SET_ATTRIBUTES > 0: SAMR_USER_ACCESS_CHANGE_PASSWORD > 1: SAMR_USER_ACCESS_SET_PASSWORD > 0: SAMR_USER_ACCESS_GET_GROUPS > 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP > 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) > _samr_CreateUser2: access check ((granted: 0x000003f1; required: 0x00000010) >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:3709(can_create) > Checking whether [MAAXEN$] can be created >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:69(lookup_name) > lookup_name: MAAXEN$ => (domain), MAAXEN$ (name) >[2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:70(lookup_name) > lookup_name: flags = 0x071 >[2010/04/27 16:57:55, 10, pid=12782] passdb/util_wellknown.c:151(lookup_wellknown_name) > map_name_to_wellknown_sid: looking up MAAXEN$ >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(uid=MAAXEN$)(objectclass=sambaSamAccount))], scope => [2] >[2010/04/27 16:57:55, 2, pid=12782] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: MAAXEN$ >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:549(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaPwdCanChange does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute displayName does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute cn does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\maaxen_, was >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute description does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaMungedDial does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLMPassword does not exist >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2010/04/27 16:57:55, 7, pid=12782] passdb/login_cache.c:87(login_cache_read) > Looking up login cache for user MAAXEN$ >[2010/04/27 16:57:55, 7, pid=12782] passdb/login_cache.c:103(login_cache_read) > No cache entry found >[2010/04/27 16:57:55, 9, pid=12782] passdb/pdb_ldap.c:1125(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] lib/username.c:133(Get_Pwnam_alloc) > Finding user MAAXEN$ >[2010/04/27 16:57:55, 5, pid=12782] lib/username.c:77(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is maaxen$ >[2010/04/27 16:57:55, 5, pid=12782] lib/username.c:85(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as given is MAAXEN$ >[2010/04/27 16:57:55, 5, pid=12782] lib/username.c:110(Get_Pwnam_internals) > Get_Pwnam_internals did find user [MAAXEN$]! >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = IDMAP/GID2SID/12004 couldn't be found >[2010/04/27 16:57:55, 5, pid=12782] passdb/lookup_sid.c:1378(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 12004 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=12004))], scope => [2] >[2010/04/27 16:57:55, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=12004)) >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:1173(legacy_gid_to_sid) > LEGACY: gid 12004 -> sid S-1-22-2-12004 >[2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=12004))], scope => [2] >[2010/04/27 16:57:55, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=12004)) >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\maaxen_, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 from rid 1068 >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = IDMAP/SID2GID/S-1-5-352321536-3342141748-1574249315-1264630062-513 couldn't be found >[2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:1502(sid_to_gid) > winbind failed to find a gid for sid S-1-5-352321536-3342141748-1574249315-1264630062-513 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 5, pid=12782] passdb/pdb_interface.c:1513(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 513. >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(sambaSID=S-1-5-352321536-3342141748-1574249315-1264630062-513)(objectclass=sambaSamAccount))], scope => [2] >[2010/04/27 16:57:55, 4, pid=12782] passdb/pdb_ldap.c:1694(ldapsam_getsampwsid) > ldapsam_getsampwsid: Unable to locate SID [S-1-5-352321536-3342141748-1574249315-1264630062-513] count=0 >[2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-352321536-3342141748-1574249315-1264630062-513))], scope => [2] >[2010/04/27 16:57:55, 2, pid=12782] passdb/pdb_ldap.c:2434(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 21 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:1279(legacy_sid_to_gid) > LEGACY: sid S-1-5-352321536-3342141748-1574249315-1264630062-513 -> gid 21 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-513 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:3724(can_create) > trying to create MAAXEN$, exists as User >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_CreateUser2: struct samr_CreateUser2 > out: struct samr_CreateUser2 > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > access_granted : * > access_granted : 0x00000000 (0) > rid : * > rid : 0x00000000 (0) > result : NT_STATUS_USER_EXISTS >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 72 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016f0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016f0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 32. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0038 > 000a auth_len : 0000 > 000c call_id : 00000006 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000020 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ec9e0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ec9e0 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..56] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=112 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1728 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 56 (0x38) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=57 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 38 00 00 00 06 00 00 ........ .8...... > [0010] 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ...... ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 63 00 00 C0 .....c.. . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 128 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x80 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 28 of length 132 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1792 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9985 (0x2701) > smb_bcc=61 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 07 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 04 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 ......K. ..1.. >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2701) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 00000007 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0001 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[1].fn == 0x82dc710 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000004-0000-0000-d64b-13a7ee310000 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) > Closed policy >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:416(free_samr_cache) > free_samr_cache: deleting cache for SID S-1-5-352321536-3342141748-1574249315-1264630062 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000007 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd560 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97dd560 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1792 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 07 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 128 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x80 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 29 of length 132 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1856 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9985 (0x2701) > smb_bcc=61 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 08 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 03 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 ......K. ..1.. >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2701) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 00000008 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0001 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[1].fn == 0x82dc710 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000003-0000-0000-d64b-13a7ee310000 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) > Closed policy >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000008 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd7d0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97dd7d0 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1856 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 08 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 41 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x29 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 30 of length 45 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1920 > smt_wct=3 > smb_vwv[ 0]= 9985 (0x2701) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBclose (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/reply.c:4488(reply_close) > close fd=-1 fnum=9985 (numopen=1) >[2010/04/27 16:57:55, 6, pid=12782] smbd/close.c:454(set_close_write_time) > close_write_time: Thu Jan 1 07:59:59 1970 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \samr >[2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:474(file_free) > freed files structure 9985 (0 used) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=1920 > smt_wct=0 > smb_bcc=0 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 96 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x60 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 31 of length 100 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=1984 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=13 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 73 00 61 00 6D 00 72 00 00 00 .\.s.a.m .r... >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBntcreateX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = samr >[2010/04/27 16:57:55, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) > nt_open_pipe: Opening pipe \samr. >[2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:103(file_new) > allocated file structure 5890, fnum = 9986 (1 used) >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) > Create pipe requested \samr >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) > init_pipe_handles: created handle list for pipe \samr >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) > init_pipe_handles: pipe_handles ref count = 1 for pipe \samr >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name David Adam, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) > Created internal pipe \samr (pipes_open=0) >[2010/04/27 16:57:55, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \samr >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 224 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xe0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 32 of length 228 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2048 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9986 (0x2702) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [0030] AC 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 57 34 .+.H`... .....xW4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AC 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 57 34 12 34 12 CD 6....... .xW4.4.. > [0080] AB EF 00 01 23 45 67 89 AC 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBwriteX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2702 name: samr len: 160 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a0 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 11, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 11 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) > api_pipe_bind_req: decode request. 1558 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_rb >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 03 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00000f smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_uuid uuid > 0010 data : 12345778 > 0014 data : 1234 > 0016 data : abcd > 0018 data : ef 00 > 001a data : 01 23 45 67 89 ac > 0020 version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 > 0038 context_id : 0001 > 003a num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003b smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003c smb_io_uuid uuid > 003c data : 12345778 > 0040 data : 1234 > 0042 data : abcd > 0044 data : ef 00 > 0046 data : 01 23 45 67 89 ac > 004c version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_uuid uuid > 0050 data : 71710533 > 0054 data : beba > 0056 data : 4937 > 0058 data : 83 19 > 005a data : b5 db ef 9c cc 36 > 0060 version: 00000001 > 0064 context_id : 0002 > 0066 num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000067 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000068 smb_io_uuid uuid > 0068 data : 12345778 > 006c data : 1234 > 006e data : abcd > 0070 data : ef 00 > 0072 data : 01 23 45 67 89 ac > 0078 version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_uuid uuid > 007c data : 6cb71c2c > 0080 data : 9812 > 0082 data : 4540 > 0084 data : 03 00 > 0086 data : 00 00 00 00 00 00 > 008c version: 00000001 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\samr -> \PIPE\samr >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) > api_pipe_bind_req: make response. 1628 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) > check_bind_req for \samr > checking lsarpc > checking winreg > checking initshutdown > checking dssetup > checking wkssvc > checking svcctl > checking ntsvcs > checking netlogon > checking netdfs > checking srvsvc > checking spoolss > checking eventlog > checking samr >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_ba >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000008 smb_io_rpc_addr_str > 0008 len: 000b > 000a str: \PIPE\samr. >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000015 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000020 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 59 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x3b >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 33 of length 63 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2112 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9986 (0x2702) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBreadX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) > read_from_pipe: \samr: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 156 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x9c >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 34 of length 160 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2176 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9986 (0x2702) > smb_bcc=89 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 48 00 00 00 02 00 00 ........ .H...... > [0020] 00 30 00 00 00 00 00 40 00 00 00 02 00 06 00 00 .0.....@ ........ > [0030] 00 00 00 00 00 06 00 00 00 4D 00 59 00 4C 00 41 ........ .M.Y.L.A > [0040] 00 48 00 00 00 21 00 00 00 01 00 00 00 01 00 00 .H...!.. ........ > [0050] 00 03 00 00 00 00 00 00 00 ........ . >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=72 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2702) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 72 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 72 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 72, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 56 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 56, incoming data = 56 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000030 > 0004 context_id: 0000 > 0006 opnum : 0040 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 165 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x40 - api_rpcTNP: rpc command: SAMR_CONNECT5 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[64].fn == 0x82cff10 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_Connect5: struct samr_Connect5 > in: struct samr_Connect5 > system_name : * > system_name : 'MYLAH' > access_mask : 0x00000021 (33) > 1: SAMR_ACCESS_CONNECT_TO_SERVER > 0: SAMR_ACCESS_SHUTDOWN_SERVER > 0: SAMR_ACCESS_INITIALIZE_SERVER > 0: SAMR_ACCESS_CREATE_DOMAIN > 0: SAMR_ACCESS_ENUM_DOMAINS > 1: SAMR_ACCESS_LOOKUP_DOMAIN > level_in : 0x00000001 (1) > info_in : * > info_in : union samr_ConnectInfo(case 1) > info1: struct samr_ConnectInfo1 > client_version : SAMR_CONNECT_AFTER_W2K (3) > unknown2 : 0x00000000 (0) >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:3976(_samr_Connect2) > _samr_Connect5: 3976 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) > _samr_Connect5: access GRANTED (requested: 0x00000021, granted: 0x00000021) >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:395(get_samr_info_by_sid) > get_samr_info_by_sid: created new info for sid (NULL) >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:400(get_samr_info_by_sid) > get_samr_info_by_sid: created new info for NULL sid. >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) > Opened policy hnd[1] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:4007(_samr_Connect2) > _samr_Connect5: 4007 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_Connect5: struct samr_Connect5 > out: struct samr_Connect5 > level_out : * > level_out : 0x00000001 (1) > info_out : * > info_out : union samr_ConnectInfo(case 1) > info1: struct samr_ConnectInfo1 > client_version : SAMR_CONNECT_AFTER_W2K (3) > unknown2 : 0x00000000 (0) > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-d64b-13a7ee310000 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 984 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 56 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016d0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016d0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 40. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0040 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000028 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ed578 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ed578 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..64] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2176 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 64 (0x40) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 64 (0x40) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=65 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 40 00 00 00 02 00 00 ........ .@...... > [0010] 00 28 00 00 00 00 00 00 00 01 00 00 00 01 00 00 .(...... ........ > [0020] 00 03 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 00 00 ......K. ..1..... > [0040] 00 . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 160 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xa0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 35 of length 164 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2240 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9986 (0x2702) > smb_bcc=93 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 4C 00 00 00 03 00 00 ........ .L...... > [0020] 00 34 00 00 00 00 00 07 00 00 00 00 00 05 00 00 .4...... ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 02 00 ......K. ..1..... > [0040] 00 04 00 00 00 01 04 00 00 00 00 00 05 00 00 00 ........ ........ > [0050] 15 34 09 35 C7 63 23 D5 5D 2E B9 60 4B .4.5.c#. ]..`K >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=76 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2702) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 76 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 76 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 76 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 76, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 60 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 60 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 004c > 000a auth_len : 0000 > 000c call_id : 00000003 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 60 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 60, incoming data = 60 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000034 > 0004 context_id: 0000 > 0006 opnum : 0007 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPENDOMAIN >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[7].fn == 0x82db430 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_OpenDomain: struct samr_OpenDomain > in: struct samr_OpenDomain > connect_handle : * > connect_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-d64b-13a7ee310000 > access_mask : 0x00000200 (512) > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_1 > 0: SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 > 0: SAMR_DOMAIN_ACCESS_SET_INFO_2 > 0: SAMR_DOMAIN_ACCESS_CREATE_USER > 0: SAMR_DOMAIN_ACCESS_CREATE_GROUP > 0: SAMR_DOMAIN_ACCESS_CREATE_ALIAS > 0: SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS > 0: SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS > 1: SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT > 0: SAMR_DOMAIN_ACCESS_SET_INFO_3 > sid : * > sid : S-1-5-352321536-3342141748-1574249315-1264630062 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:186(access_check_object) > access_check_object: user rights access mask [0x3f0] >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) > _samr_OpenDomain: access GRANTED (requested: 0x00000000, granted: 0x000003f0) >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:395(get_samr_info_by_sid) > get_samr_info_by_sid: created new info for sid S-1-5-352321536-3342141748-1574249315-1264630062 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) > Opened policy hnd[2] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:662(_samr_OpenDomain) > _samr_OpenDomain: 662 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_OpenDomain: struct samr_OpenDomain > out: struct samr_OpenDomain > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-d64b-13a7ee310000 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 984 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 60 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016e0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016e0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000003 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97eaf30 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97eaf30 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2240 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 06 00 00 ........ ........ > [0020] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 00 00 ......K. ..1..... > [0030] 00 . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 178 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xb2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 36 of length 182 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=178 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2304 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 94 (0x5E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 94 (0x5E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9986 (0x2702) > smb_bcc=111 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 5E 00 00 00 04 00 00 ........ .^...... > [0020] 00 46 00 00 00 00 00 11 00 00 00 00 00 06 00 00 .F...... ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 01 00 00 ......K. ..1..... > [0040] 00 E8 03 00 00 00 00 00 00 01 00 00 00 0E 00 10 ........ ........ > [0050] 00 00 00 02 00 08 00 00 00 00 00 00 00 07 00 00 ........ ........ > [0060] 00 4D 00 41 00 41 00 58 00 45 00 4E 00 24 00 .M.A.A.X .E.N.$. >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=94 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2702) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 94 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 94 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 94 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 94, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 78 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 78 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 005e > 000a auth_len : 0000 > 000c call_id : 00000004 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 78 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 78, incoming data = 78 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000046 > 0004 context_id: 0000 > 0006 opnum : 0011 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUPNAMES >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[17].fn == 0x82d9240 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_LookupNames: struct samr_LookupNames > in: struct samr_LookupNames > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-d64b-13a7ee310000 > num_names : 0x00000001 (1) > names: ARRAY(1) > names: struct lsa_String > length : 0x000e (14) > size : 0x000e (14) > string : * > string : 'MAAXEN$' >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:1816(_samr_LookupNames) > _samr_LookupNames: 1816 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) > _samr_LookupNames: access check ((granted: 0x000003f0; required: 0000000000) >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:1841(_samr_LookupNames) > _samr_LookupNames: looking name on SID S-1-5-352321536-3342141748-1574249315-1264630062 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(uid=MAAXEN$)(objectclass=sambaSamAccount))], scope => [2] >[2010/04/27 16:57:55, 2, pid=12782] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: MAAXEN$ >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:549(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaPwdCanChange does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute displayName does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute cn does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\maaxen_, was >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute description does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaMungedDial does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLMPassword does not exist >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:310(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2010/04/27 16:57:55, 7, pid=12782] passdb/login_cache.c:87(login_cache_read) > Looking up login cache for user MAAXEN$ >[2010/04/27 16:57:55, 7, pid=12782] passdb/login_cache.c:103(login_cache_read) > No cache entry found >[2010/04/27 16:57:55, 9, pid=12782] passdb/pdb_ldap.c:1125(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] lib/username.c:133(Get_Pwnam_alloc) > Finding user MAAXEN$ >[2010/04/27 16:57:55, 5, pid=12782] lib/username.c:77(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is maaxen$ >[2010/04/27 16:57:55, 5, pid=12782] lib/username.c:85(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as given is MAAXEN$ >[2010/04/27 16:57:55, 5, pid=12782] lib/username.c:110(Get_Pwnam_internals) > Get_Pwnam_internals did find user [MAAXEN$]! >[2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=12004))], scope => [2] >[2010/04/27 16:57:55, 4, pid=12782] passdb/pdb_ldap.c:2550(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=12004)) >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\maaxen_, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 from rid 1068 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-513 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:1883(_samr_LookupNames) > _samr_LookupNames: 1883 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_LookupNames: struct samr_LookupNames > out: struct samr_LookupNames > rids : * > rids: struct samr_Ids > count : 0x00000001 (1) > ids : * > ids: ARRAY(1) > ids : 0x0000042c (1068) > types : * > types: struct samr_Ids > count : 0x00000001 (1) > ids : * > ids: ARRAY(1) > ids : 0x00000001 (1) > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 8 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 78 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x9801700 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x9801700 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 36. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 003c > 000a auth_len : 0000 > 000c call_id : 00000004 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000024 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..60] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2304 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 3C 00 00 00 04 00 00 ........ .<...... > [0010] 00 24 00 00 00 00 00 00 00 01 00 00 00 00 00 02 .$...... ........ > [0020] 00 01 00 00 00 2C 04 00 00 01 00 00 00 04 00 02 .....,.. ........ > [0030] 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 136 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x88 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 37 of length 140 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2368 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9986 (0x2702) > smb_bcc=69 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 34 00 00 00 05 00 00 ........ .4...... > [0020] 00 1C 00 00 00 00 00 22 00 00 00 00 00 06 00 00 ......." ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 B0 00 00 ......K. ..1..... > [0040] 00 2C 04 00 00 .,... >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=52 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2702) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 52 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 52 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 52 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 36 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 36 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0034 > 000a auth_len : 0000 > 000c call_id : 00000005 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 36 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 36, incoming data = 36 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000001c > 0004 context_id: 0000 > 0006 opnum : 0022 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPENUSER >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[34].fn == 0x82d5e70 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_OpenUser: struct samr_OpenUser > in: struct samr_OpenUser > domain_handle : * > domain_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-d64b-13a7ee310000 > access_mask : 0x000000b0 (176) > 0: SAMR_USER_ACCESS_GET_NAME_ETC > 0: SAMR_USER_ACCESS_GET_LOCALE > 0: SAMR_USER_ACCESS_SET_LOC_COM > 0: SAMR_USER_ACCESS_GET_LOGONINFO > 1: SAMR_USER_ACCESS_GET_ATTRIBUTES > 1: SAMR_USER_ACCESS_SET_ATTRIBUTES > 0: SAMR_USER_ACCESS_CHANGE_PASSWORD > 1: SAMR_USER_ACCESS_SET_PASSWORD > 0: SAMR_USER_ACCESS_GET_GROUPS > 0: SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP > 0: SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP > rid : 0x0000042c (1068) >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) > _samr_OpenUser: access check ((granted: 0x000003f0; required: 0x00000200) >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\maaxen_, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 from rid 1068 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-513 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:2398(_samr_OpenUser) > _samr_OpenUser: adding machine account rights to handle for user MAAXEN$ >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:186(access_check_object) > access_check_object: user rights access mask [0xd04e4] >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) > _samr_OpenUser: access GRANTED (requested: 0x00000010, granted: 0x000d04f4) >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:395(get_samr_info_by_sid) > get_samr_info_by_sid: created new info for sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) > Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_OpenUser: struct samr_OpenUser > out: struct samr_OpenUser > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-d64b-13a7ee310000 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1216 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 36 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016b0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016b0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000005 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ed578 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ed578 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2368 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 07 00 00 ........ ........ > [0020] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 00 00 ......K. ..1..... > [0030] 00 . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 130 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x82 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 38 of length 134 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2432 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9986 (0x2702) > smb_bcc=63 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 06 00 00 ........ ........ > [0020] 00 16 00 00 00 00 00 24 00 00 00 00 00 07 00 00 .......$ ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 10 00 ......K. ..1.... >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=46 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2702) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 46 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 46 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 00000006 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000016 > 0004 context_id: 0000 > 0006 opnum : 0024 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x24 - api_rpcTNP: rpc command: SAMR_QUERYUSERINFO >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[36].fn == 0x82d5850 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_QueryUserInfo: struct samr_QueryUserInfo > in: struct samr_QueryUserInfo > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-d64b-13a7ee310000 > level : 0x0010 (16) >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) > _samr_QueryUserInfo: access check ((granted: 0x000d04f4; required: 0x00000010) >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:3132(_samr_QueryUserInfo) > _samr_QueryUserInfo: sid:S-1-5-352321536-3342141748-1574249315-1264630062-1068 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:3139(_samr_QueryUserInfo) > _samr_QueryUserInfo: user info level: 16 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\maaxen_, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 from rid 1068 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-513 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_samr_nt.c:3155(_samr_QueryUserInfo) > User:[MAAXEN$] >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:3232(_samr_QueryUserInfo) > _samr_QueryUserInfo: 3232 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_QueryUserInfo: struct samr_QueryUserInfo > out: struct samr_QueryUserInfo > info : * > info : * > info : union samr_UserInfo(case 16) > info16: struct samr_UserInfo16 > acct_flags : 0x00000080 (128) > 0: ACB_DISABLED > 0: ACB_HOMDIRREQ > 0: ACB_PWNOTREQ > 0: ACB_TEMPDUP > 0: ACB_NORMAL > 0: ACB_MNS > 0: ACB_DOMTRUST > 1: ACB_WSTRUST > 0: ACB_SVRTRUST > 0: ACB_PWNOEXP > 0: ACB_AUTOLOCK > 0: ACB_ENC_TXT_PWD_ALLOWED > 0: ACB_SMARTCARD_REQUIRED > 0: ACB_TRUSTED_FOR_DELEGATION > 0: ACB_NOT_DELEGATED > 0: ACB_USE_DES_KEY_ONLY > 0: ACB_DONT_REQUIRE_PREAUTH > 0: ACB_PW_EXPIRED > 0: ACB_NO_AUTH_DATA_REQD > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 728 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 30 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 16. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0028 > 000a auth_len : 0000 > 000c call_id : 00000006 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000010 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..40] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=96 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2432 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=41 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 28 00 00 00 06 00 00 ........ .(...... > [0010] 00 10 00 00 00 00 00 00 00 00 00 02 00 10 00 00 ........ ........ > [0020] 00 80 00 00 00 00 00 00 00 ........ . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 128 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x80 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 39 of length 132 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2496 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9986 (0x2702) > smb_bcc=61 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 07 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 2C 00 00 00 00 00 07 00 00 ......., ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 ......K. ..1.. >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2702) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 00000007 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 002c >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x2c - api_rpcTNP: rpc command: SAMR_GETUSERPWINFO >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[44].fn == 0x82d3f70 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_GetUserPwInfo: struct samr_GetUserPwInfo > in: struct samr_GetUserPwInfo > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-d64b-13a7ee310000 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:681(_samr_GetUserPwInfo) > _samr_GetUserPwInfo: 681 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) > _samr_GetUserPwInfo: access check ((granted: 0x000d04f4; required: 0x00000010) >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:953(lookup_sid) > lookup_sid called for SID 'S-1-5-352321536-3342141748-1574249315-1264630062-1068' >[2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:708(check_dom_sid_to_level) > Accepting SID S-1-5-352321536-3342141748-1574249315-1264630062 in level 1 >[2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:468(lookup_rids) > lookup_rids called for domain sid 'S-1-5-352321536-3342141748-1574249315-1264630062' >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 5, pid=12782] passdb/pdb_interface.c:1513(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 1068. >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\maaxen_, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 4 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 4 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 from rid 1068 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-513 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] passdb/pdb_interface.c:1635(pdb_default_lookup_rids) > lookup_rids: MAAXEN$:1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 10, pid=12782] passdb/lookup_sid.c:988(lookup_sid) > Sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 -> UCCDOMAIN\MAAXEN$(1) >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = ACCT_POL/min password length couldn't be found >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_ldap.c:3963(ldapsam_get_account_policy_from_ldap) > ldapsam_get_account_policy_from_ldap >[2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [sambaDomainName=UCCDOMAIN,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(objectClass=sambaDomain)], scope => [0] >[2010/04/27 16:57:55, 10, pid=12782] lib/account_pol.c:396(cache_account_policy_set) > cache_account_policy_set: updating account pol cache >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:131(gencache_set) > Adding cache entry with key = ACCT_POL/min password length; value = 5 > and timeout = Tue Apr 27 16:58:55 2010 > (60 seconds ahead) >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:194(gencache_get) > Cache entry with key = ACCT_POL/user must logon to change password couldn't be found >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_ldap.c:3963(ldapsam_get_account_policy_from_ldap) > ldapsam_get_account_policy_from_ldap >[2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [sambaDomainName=UCCDOMAIN,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(objectClass=sambaDomain)], scope => [0] >[2010/04/27 16:57:55, 10, pid=12782] lib/account_pol.c:396(cache_account_policy_set) > cache_account_policy_set: updating account pol cache >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:131(gencache_set) > Adding cache entry with key = ACCT_POL/user must logon to change password; value = 0 > and timeout = Tue Apr 27 16:58:55 2010 > (60 seconds ahead) >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:727(_samr_GetUserPwInfo) > _samr_GetUserPwInfo: 727 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_GetUserPwInfo: struct samr_GetUserPwInfo > out: struct samr_GetUserPwInfo > info : * > info: struct samr_PwInfo > min_password_length : 0x0005 (5) > password_properties : 0x00000000 (0) > 0: DOMAIN_PASSWORD_COMPLEX > 0: DOMAIN_PASSWORD_NO_ANON_CHANGE > 0: DOMAIN_PASSWORD_NO_CLEAR_CHANGE > 0: DOMAIN_PASSWORD_LOCKOUT_ADMINS > 0: DOMAIN_PASSWORD_STORE_CLEARTEXT > 0: DOMAIN_REFUSE_PASSWORD_CHANGE > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 12. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0024 > 000a auth_len : 0000 > 000c call_id : 00000007 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 0000000c > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ed578 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ed578 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..36] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2496 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 24 00 00 00 07 00 00 ........ .$...... > [0010] 00 0C 00 00 00 00 00 00 00 05 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 ..... >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 665 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x299 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 40 of length 669 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=665 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2560 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 581 (0x245) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 581 (0x245) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9986 (0x2702) > smb_bcc=598 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 45 02 00 00 08 00 00 ........ .E...... > [0020] 00 2D 02 00 00 00 00 3A 00 00 00 00 00 07 00 00 .-.....: ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 1A 00 1A ......K. ..1..... > [0040] 00 AF 6D FD 87 67 22 C5 ED F8 01 D7 95 6C D2 F7 ..m..g". .....l.. > [0050] 92 21 4B 5D E1 B7 2C F3 0B 35 49 1F 8E 6D 6D BE .!K]..,. .5I..mm. > [0060] CA F2 F1 20 23 E3 D2 2B 8C 11 CD 17 AD CB 87 AF ... #..+ ........ > [0070] 26 AF B1 E6 1E 18 75 F2 C0 58 B4 B0 7A F7 38 98 &.....u. .X..z.8. > [0080] 57 08 AA 9D 7A 59 6B 86 47 6E 22 52 AC C2 1F B1 W...zYk. Gn"R.... > [0090] 25 C7 AE 78 97 E3 BA 8B B6 D5 3B BD DC 56 98 43 %..x.... ..;..V.C > [00A0] 9C F4 44 37 B3 21 27 F2 B0 0F C9 A8 F9 A8 39 26 ..D7.!'. ......9& > [00B0] 1F 60 A9 ED AF 11 80 E0 FC 96 55 80 AC 0B 5B B7 .`...... ..U...[. > [00C0] CC 42 C7 E3 52 78 8A 4B 70 AA A1 7F BC 0A 5D BF .B..Rx.K p.....]. > [00D0] 0E 6B 56 B6 32 EE 5F 8B 5C BF 95 BA E0 08 7C 48 .kV.2._. \.....|H > [00E0] D4 05 55 16 F2 28 97 03 E1 B4 A8 F9 88 27 5A A4 ..U..(.. .....'Z. > [00F0] C7 0C BE 21 51 1B 56 20 32 6B E4 9D 7A 3C 4B BD ...!Q.V 2k..z<K. > [0100] 6A 0C 94 C7 F3 89 1F B9 C5 19 FC CA D6 65 8B 7D j....... .....e.} > [0110] 91 42 A6 7F 4D 44 41 87 A6 4D F0 A7 78 9F 79 D7 .B..MDA. .M..x.y. > [0120] 00 C4 24 45 CB 0A D6 20 06 F4 FD D6 9E 38 F9 FE ..$E... .....8.. > [0130] D7 C5 2D 8A 45 41 2E 3C B8 70 09 25 95 30 7A E3 ..-.EA.< .p.%.0z. > [0140] 29 BA 6F 06 2F 26 8D 82 3E 6B C1 CC DA E8 DE 6D ).o./&.. >k.....m > [0150] FC 0C 63 19 55 6E 21 7C D6 6B 8C 2F 53 DF 2B BE ..c.Un!| .k./S.+. > [0160] 3B 7A A6 D9 82 05 A0 48 3E F7 17 8F 7D 62 86 7D ;z.....H >...}b.} > [0170] E5 F4 C4 46 02 06 36 2B B1 73 FC 2E 34 40 7B 3B ...F..6+ .s..4@{; > [0180] C4 6B 3B C0 99 61 AF BD 43 E4 9F A9 C3 5A DB 64 .k;..a.. C....Z.d > [0190] C9 E7 53 A9 0A 8F 07 E8 71 BE 97 03 A1 5E 13 78 ..S..... q....^.x > [01A0] 19 81 EE B7 06 98 B7 8B BD D3 BA 2C 81 0D B9 75 ........ ...,...u > [01B0] 87 07 B1 A0 91 A2 8A 20 F2 C8 2E 01 5A 31 6B 2F ....... ....Z1k/ > [01C0] 42 3D BF 30 EE FA BB 08 3E 5D 20 34 75 F2 86 45 B=.0.... >] 4u..E > [01D0] CB C1 EA AD BD 48 3F AC 8D B1 81 C3 6A 58 07 CD .....H?. ....jX.. > [01E0] 0B AC B2 35 7F 98 17 B8 CE 44 9E 61 71 82 3E FD ...5.... .D.aq.>. > [01F0] BA 71 A1 21 02 36 54 F4 53 68 EE 60 BC 6A 03 0E .q.!.6T. Sh.`.j.. >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=581 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2702) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 581 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 581 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 581 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 581, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 565 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 565 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0245 > 000a auth_len : 0000 > 000c call_id : 00000008 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 565 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 565, incoming data = 565 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 0000022d > 0004 context_id: 0000 > 0006 opnum : 003a >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x3a - api_rpcTNP: rpc command: SAMR_SETUSERINFO2 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[58].fn == 0x82d12d0 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_SetUserInfo2: struct samr_SetUserInfo2 > in: struct samr_SetUserInfo2 > user_handle : * > user_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-d64b-13a7ee310000 > level : 0x001a (26) > info : * > info : union samr_UserInfo(case 26) > info26: struct samr_UserInfo26 > password: struct samr_CryptPasswordEx > data : af6dfd876722c5edf801d7956cd2f792214b5de1b72cf30b35491f8e6d6dbecaf2f12023e3d22b8c11cd17adcb87af26afb1e61e1875f2c058b4b07af738985708aa9d7a596b86476e2252acc21fb125c7ae7897e3ba8bb6d53bbddc5698439cf44437b32127f2b00fc9a8f9a839261f60a9edaf1180e0fc965580ac0b5bb7cc42c7e352788a4b70aaa17fbc0a5dbf0e6b56b632ee5f8b5cbf95bae0087c48d4055516f2289703e1b4a8f988275aa4c70cbe21511b5620326be49d7a3c4bbd6a0c94c7f3891fb9c519fccad6658b7d9142a67f4d444187a64df0a7789f79d700c42445cb0ad62006f4fdd69e38f9fed7c52d8a45412e3cb870092595307ae329ba6f062f268d823e6bc1ccdae8de6dfc0c6319556e217cd66b8c2f53df2bbe3b7aa6d98205a0483ef7178f7d62867de5f4c4460206362bb173fc2e34407b3bc46b3bc09961afbd43e49fa9c35adb64c9e753a90a8f07e871be9703a15e13781981eeb70698b78bbdd3ba2c810db9758707b1a091a28a20f2c82e015a316b2f423dbf30eefabb083e5d203475f28645cbc1eaadbd483fac8db181c36a5807cd0bacb2357f9817b8ce449e6171823efdba71a121023654f45368ee60bc6a030ed60ee70277278e6194fa6f4c51c317839bd417049aedb758832bba6cb23d7a417f2bf385e2bc +> > 74d93aa139671b5d60c107c966022856788f76c7f52fa4129e49f67b86138aa744f87fd699544335540e70416fed7a > password_expired : 0x00 (0) >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:5061(_samr_SetUserInfo) > _samr_SetUserInfo: 5061 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:231(access_check_samr_function) > _samr_SetUserInfo: access check ((granted: 0x000d04f4; required: 0x00000080) >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:5128(_samr_SetUserInfo) > _samr_SetUserInfo: sid:S-1-5-352321536-3342141748-1574249315-1264630062-1068, level:26 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username MAAXEN$, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\maaxen_, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-1068 from rid 1068 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-513 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:4812(set_user_info_pw) > Attempting administrator password change for user MAAXEN$ >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:4832(set_user_info_pw) > Changing trust account or non-unix-user password, not updating /etc/passwd >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_samr_nt.c:4857(set_user_info_pw) > set_user_info_pw: pdb_update_pwd() >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_util.c:608(copy_id21_to_sam_passwd) > INFO_26 SAMR_FIELD_EXPIRED_FLAG: 00 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1295(smbldap_search_ext) > smbldap_search_ext: base => [dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au], filter => [(&(uid=MAAXEN$)(objectclass=sambaSamAccount))], scope => [2] >[2010/04/27 16:57:55, 4, pid=12782] passdb/pdb_ldap.c:2015(ldapsam_update_sam_account) > ldapsam_update_sam_account: user MAAXEN$ to be modified has dn: uid=MAAXEN$,ou=Computers,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au >[2010/04/27 16:57:55, 2, pid=12782] passdb/pdb_ldap.c:1199(init_ldap_from_sam) > init_ldap_from_sam: Setting entry for user: MAAXEN$ >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:276(smbldap_get_single_attribute) > smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>] >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:597(smbldap_make_mod) > smbldap_make_mod: deleting attribute |sambaNTPassword| values |2143C883513FA5AAF69DEA0ABDDA1444| >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:606(smbldap_make_mod) > smbldap_make_mod: adding attribute |sambaNTPassword| value |003D857DCA3CBD25EF38653931BE46A5| >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:597(smbldap_make_mod) > smbldap_make_mod: deleting attribute |sambaPwdLastSet| values |1272357882| >[2010/04/27 16:57:55, 10, pid=12782] lib/smbldap.c:606(smbldap_make_mod) > smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1272358675| >[2010/04/27 16:57:55, 5, pid=12782] lib/smbldap.c:1491(smbldap_modify) > smbldap_modify: dn => [uid=MAAXEN$,ou=Computers,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au] >[2010/04/27 16:57:55, 2, pid=12782] passdb/pdb_ldap.c:2060(ldapsam_update_sam_account) > ldapsam_update_sam_account: successfully modified uid = MAAXEN$ in the LDAP database >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_SetUserInfo2: struct samr_SetUserInfo2 > out: struct samr_SetUserInfo2 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 565 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x9801ad0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x9801ad0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 001c > 000a auth_len : 0000 > 000c call_id : 00000008 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000004 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..28] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2560 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 1C 00 00 00 08 00 00 ........ ........ > [0010] 00 04 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 128 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x80 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 41 of length 132 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2624 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9986 (0x2702) > smb_bcc=61 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 09 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 07 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 ......K. ..1.. >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2702) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 00000009 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0001 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[1].fn == 0x82dc710 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000007-0000-0000-d64b-13a7ee310000 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) > Closed policy >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:416(free_samr_cache) > free_samr_cache: deleting cache for SID S-1-5-352321536-3342141748-1574249315-1264630062 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000009 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x9810660 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x9810660 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2624 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 09 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 128 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x80 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 42 of length 132 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2688 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9986 (0x2702) > smb_bcc=61 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0A 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 06 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 ......K. ..1.. >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2702) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 0000000a >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0001 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[1].fn == 0x82dc710 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000006-0000-0000-d64b-13a7ee310000 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) > Closed policy >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_samr_nt.c:416(free_samr_cache) > free_samr_cache: deleting cache for SID S-1-5-352321536-3342141748-1574249315-1264630062 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 0000000a >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd7d0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97dd7d0 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2688 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0A 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 128 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x80 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 43 of length 132 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2752 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9986 (0x2702) > smb_bcc=61 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 0B 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 01 00 00 00 00 00 05 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 ......K. ..1.. >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "samr" (pnum 2702) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97ea6a8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 0000000b >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0001 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\samr >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[1].fn == 0x82dc710 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_Close: struct samr_Close > in: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000005-0000-0000-d64b-13a7ee310000 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) > Closed policy >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > samr_Close: struct samr_Close > out: struct samr_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \samr successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \samr len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 0000000b >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2752 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 0B 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 41 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x29 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 44 of length 45 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2816 > smt_wct=3 > smb_vwv[ 0]= 9986 (0x2702) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBclose (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/reply.c:4488(reply_close) > close fd=-1 fnum=9986 (numopen=1) >[2010/04/27 16:57:55, 6, pid=12782] smbd/close.c:454(set_close_write_time) > close_write_time: Thu Jan 1 07:59:59 1970 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \samr >[2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:474(file_free) > freed files structure 9986 (0 used) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2816 > smt_wct=0 > smb_bcc=0 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 104 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x68 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 45 of length 108 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=2880 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=21 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O > [0010] 00 4E 00 00 00 .N... >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBntcreateX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = NETLOGON >[2010/04/27 16:57:55, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) > nt_open_pipe: Opening pipe \NETLOGON. >[2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:103(file_new) > allocated file structure 5891, fnum = 9987 (1 used) >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) > Create pipe requested \NETLOGON >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) > init_pipe_handles: created handle list for pipe \NETLOGON >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) > init_pipe_handles: pipe_handles ref count = 1 for pipe \NETLOGON >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name David Adam, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) > Created internal pipe \NETLOGON (pipes_open=0) >[2010/04/27 16:57:55, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \NETLOGON >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 224 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xe0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 46 of length 228 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=2944 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9987 (0x2703) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. > [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 CF FB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBwriteX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2703 name: NETLOGON len: 160 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a0 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 11, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 11 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) > api_pipe_bind_req: decode request. 1558 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_rb >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 03 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00000f smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_uuid uuid > 0010 data : 12345678 > 0014 data : 1234 > 0016 data : abcd > 0018 data : ef 00 > 001a data : 01 23 45 67 cf fb > 0020 version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 > 0038 context_id : 0001 > 003a num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003b smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003c smb_io_uuid uuid > 003c data : 12345678 > 0040 data : 1234 > 0042 data : abcd > 0044 data : ef 00 > 0046 data : 01 23 45 67 cf fb > 004c version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_uuid uuid > 0050 data : 71710533 > 0054 data : beba > 0056 data : 4937 > 0058 data : 83 19 > 005a data : b5 db ef 9c cc 36 > 0060 version: 00000001 > 0064 context_id : 0002 > 0066 num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000067 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000068 smb_io_uuid uuid > 0068 data : 12345678 > 006c data : 1234 > 006e data : abcd > 0070 data : ef 00 > 0072 data : 01 23 45 67 cf fb > 0078 version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_uuid uuid > 007c data : 6cb71c2c > 0080 data : 9812 > 0082 data : 4540 > 0084 data : 03 00 > 0086 data : 00 00 00 00 00 00 > 008c version: 00000001 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) > api_pipe_bind_req: make response. 1628 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) > check_bind_req for \NETLOGON > checking lsarpc > checking winreg > checking initshutdown > checking dssetup > checking wkssvc > checking svcctl > checking ntsvcs > checking netlogon >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_ba >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000008 smb_io_rpc_addr_str > 0008 len: 000f > 000a str: \PIPE\netlogon. >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000019 smb_io_rpc_results > 001c num_results: 01 > 0020 result : 0000 > 0022 reason : 0000 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 59 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x3b >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 47 of length 63 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3008 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9987 (0x2703) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBreadX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \NETLOGON len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) > read_from_pipe: \NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=72 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 144 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x90 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 48 of length 148 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=3072 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9987 (0x2703) > smb_bcc=77 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 ........ .<...... > [0020] 00 24 00 00 00 00 00 28 00 00 00 02 00 08 00 00 .$.....( ........ > [0030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 4D 00 59 ........ .\.\.M.Y > [0040] 00 4C 00 41 00 48 00 00 00 3F 00 00 00 .L.A.H.. .?... >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=60 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "NETLOGON" (pnum 2703) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97e18f8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 60 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 60 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 003c > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000024 > 0004 context_id: 0000 > 0006 opnum : 0028 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 169 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\NETLOGON >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \NETLOGON op 0x28 - api_rpcTNP: rpc command: NETR_DSRENUMERATEDOMAINTRUSTS >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[40].fn == 0x82696a0 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > in: struct netr_DsrEnumerateDomainTrusts > server_name : * > server_name : '\\MYLAH' > trust_flags : 0x0000003f (63) > 1: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 1: NETR_TRUST_FLAG_TREEROOT > 1: NETR_TRUST_FLAG_PRIMARY > 1: NETR_TRUST_FLAG_NATIVE > 1: NETR_TRUST_FLAG_INBOUND > 0: NETR_TRUST_FLAG_MIT_KRB5 > 0: NETR_TRUST_FLAG_AES >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2345(api_rpcTNP) > api_rpcTNP: rng fault return >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 23 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000000 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_OP_RNG_ERROR > 001c reserved: 00000000 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 44 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016c0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016c0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \NETLOGON len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) > read_from_pipe: \NETLOGON: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd560 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97dd560 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..32] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=3072 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... > [0010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [0020] 00 . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 41 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x29 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 49 of length 45 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3136 > smt_wct=3 > smb_vwv[ 0]= 9987 (0x2703) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBclose (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/reply.c:4488(reply_close) > close fd=-1 fnum=9987 (numopen=1) >[2010/04/27 16:57:55, 6, pid=12782] smbd/close.c:454(set_close_write_time) > close_write_time: Thu Jan 1 07:59:59 1970 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \NETLOGON >[2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:474(file_free) > freed files structure 9987 (0 used) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3136 > smt_wct=0 > smb_bcc=0 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 104 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x68 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 50 of length 108 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=3200 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=21 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O > [0010] 00 4E 00 00 00 .N... >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBntcreateX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = NETLOGON >[2010/04/27 16:57:55, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) > nt_open_pipe: Opening pipe \NETLOGON. >[2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:103(file_new) > allocated file structure 5892, fnum = 9988 (1 used) >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) > Create pipe requested \NETLOGON >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) > init_pipe_handles: created handle list for pipe \NETLOGON >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) > init_pipe_handles: pipe_handles ref count = 1 for pipe \NETLOGON >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name David Adam, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) > Created internal pipe \NETLOGON (pipes_open=0) >[2010/04/27 16:57:55, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \NETLOGON >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 224 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xe0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 51 of length 228 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3264 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9988 (0x2704) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. > [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 CF FB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBwriteX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2704 name: NETLOGON len: 160 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a0 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 11, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 11 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) > api_pipe_bind_req: decode request. 1558 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_rb >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 03 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00000f smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_uuid uuid > 0010 data : 12345678 > 0014 data : 1234 > 0016 data : abcd > 0018 data : ef 00 > 001a data : 01 23 45 67 cf fb > 0020 version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 > 0038 context_id : 0001 > 003a num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003b smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003c smb_io_uuid uuid > 003c data : 12345678 > 0040 data : 1234 > 0042 data : abcd > 0044 data : ef 00 > 0046 data : 01 23 45 67 cf fb > 004c version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_uuid uuid > 0050 data : 71710533 > 0054 data : beba > 0056 data : 4937 > 0058 data : 83 19 > 005a data : b5 db ef 9c cc 36 > 0060 version: 00000001 > 0064 context_id : 0002 > 0066 num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000067 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000068 smb_io_uuid uuid > 0068 data : 12345678 > 006c data : 1234 > 006e data : abcd > 0070 data : ef 00 > 0072 data : 01 23 45 67 cf fb > 0078 version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_uuid uuid > 007c data : 6cb71c2c > 0080 data : 9812 > 0082 data : 4540 > 0084 data : 03 00 > 0086 data : 00 00 00 00 00 00 > 008c version: 00000001 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) > api_pipe_bind_req: make response. 1628 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) > check_bind_req for \NETLOGON > checking lsarpc > checking winreg > checking initshutdown > checking dssetup > checking wkssvc > checking svcctl > checking ntsvcs > checking netlogon >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_ba >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000008 smb_io_rpc_addr_str > 0008 len: 000f > 000a str: \PIPE\netlogon. >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000019 smb_io_rpc_results > 001c num_results: 01 > 0020 result : 0000 > 0022 reason : 0000 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 59 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x3b >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 52 of length 63 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3328 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9988 (0x2704) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBreadX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \NETLOGON len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) > read_from_pipe: \NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=72 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 144 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x90 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 53 of length 148 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=3392 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9988 (0x2704) > smb_bcc=77 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 02 00 00 ........ .<...... > [0020] 00 24 00 00 00 00 00 28 00 00 00 02 00 08 00 00 .$.....( ........ > [0030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 4D 00 59 ........ .\.\.M.Y > [0040] 00 4C 00 41 00 48 00 00 00 0A 00 00 00 .L.A.H.. ..... >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=60 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "NETLOGON" (pnum 2704) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97e18f8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 60 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 60 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 60 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 44 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 003c > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 44, incoming data = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000024 > 0004 context_id: 0000 > 0006 opnum : 0028 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 169 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\NETLOGON >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \NETLOGON op 0x28 - api_rpcTNP: rpc command: NETR_DSRENUMERATEDOMAINTRUSTS >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[40].fn == 0x82696a0 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > netr_DsrEnumerateDomainTrusts: struct netr_DsrEnumerateDomainTrusts > in: struct netr_DsrEnumerateDomainTrusts > server_name : * > server_name : '\\MYLAH' > trust_flags : 0x0000000a (10) > 0: NETR_TRUST_FLAG_IN_FOREST > 1: NETR_TRUST_FLAG_OUTBOUND > 0: NETR_TRUST_FLAG_TREEROOT > 1: NETR_TRUST_FLAG_PRIMARY > 0: NETR_TRUST_FLAG_NATIVE > 0: NETR_TRUST_FLAG_INBOUND > 0: NETR_TRUST_FLAG_MIT_KRB5 > 0: NETR_TRUST_FLAG_AES >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2345(api_rpcTNP) > api_rpcTNP: rng fault return >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 03 > 0003 flags : 23 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0020 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000000 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000018 smb_io_rpc_hdr_fault fault > 0018 status : DCERPC_FAULT_OP_RNG_ERROR > 001c reserved: 00000000 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 44 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016c0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016c0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \NETLOGON len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) > read_from_pipe: \NETLOGON: current_pdu_len = 32, current_pdu_sent = 0 returning 32 bytes. >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97dd7d0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97dd7d0 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..32] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=3392 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 03 23 10 00 00 00 20 00 00 00 02 00 00 ....#... . ...... > [0010] 00 00 00 00 00 00 00 00 00 02 00 01 1C 00 00 00 ........ ........ > [0020] 00 . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 41 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x29 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 54 of length 45 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3456 > smt_wct=3 > smb_vwv[ 0]= 9988 (0x2704) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBclose (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/reply.c:4488(reply_close) > close fd=-1 fnum=9988 (numopen=1) >[2010/04/27 16:57:55, 6, pid=12782] smbd/close.c:454(set_close_write_time) > close_write_time: Thu Jan 1 07:59:59 1970 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \NETLOGON >[2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:474(file_free) > freed files structure 9988 (0 used) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3456 > smt_wct=0 > smb_bcc=0 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 104 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x68 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 55 of length 108 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=3520 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4608 (0x1200) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 256 (0x100) > smb_bcc=21 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 4E 00 45 00 54 00 4C 00 4F 00 47 00 4F .\.N.E.T .L.O.G.O > [0010] 00 4E 00 00 00 .N... >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBntcreateX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = NETLOGON >[2010/04/27 16:57:55, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) > nt_open_pipe: Opening pipe \NETLOGON. >[2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:103(file_new) > allocated file structure 5893, fnum = 9989 (1 used) >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) > Create pipe requested \NETLOGON >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) > init_pipe_handles: created handle list for pipe \NETLOGON >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) > init_pipe_handles: pipe_handles ref count = 1 for pipe \NETLOGON >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name David Adam, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) > Created internal pipe \NETLOGON (pipes_open=0) >[2010/04/27 16:57:55, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \NETLOGON >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 224 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xe0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 56 of length 228 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3584 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9989 (0x2705) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 CF .xV4.4.. ....#Eg. > [0030] FB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 CF FB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 CF FB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBwriteX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2705 name: NETLOGON len: 160 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a0 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 11, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 11 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) > api_pipe_bind_req: decode request. 1558 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_rb >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 03 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00000f smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_uuid uuid > 0010 data : 12345678 > 0014 data : 1234 > 0016 data : abcd > 0018 data : ef 00 > 001a data : 01 23 45 67 cf fb > 0020 version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 > 0038 context_id : 0001 > 003a num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003b smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003c smb_io_uuid uuid > 003c data : 12345678 > 0040 data : 1234 > 0042 data : abcd > 0044 data : ef 00 > 0046 data : 01 23 45 67 cf fb > 004c version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_uuid uuid > 0050 data : 71710533 > 0054 data : beba > 0056 data : 4937 > 0058 data : 83 19 > 005a data : b5 db ef 9c cc 36 > 0060 version: 00000001 > 0064 context_id : 0002 > 0066 num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000067 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000068 smb_io_uuid uuid > 0068 data : 12345678 > 006c data : 1234 > 006e data : abcd > 0070 data : ef 00 > 0072 data : 01 23 45 67 cf fb > 0078 version: 00000001 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_uuid uuid > 007c data : 6cb71c2c > 0080 data : 9812 > 0082 data : 4540 > 0084 data : 03 00 > 0086 data : 00 00 00 00 00 00 > 008c version: 00000001 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) > api_pipe_bind_req: make response. 1628 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) > check_bind_req for \NETLOGON > checking lsarpc > checking winreg > checking initshutdown > checking dssetup > checking wkssvc > checking svcctl > checking ntsvcs > checking netlogon >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_ba >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000008 smb_io_rpc_addr_str > 0008 len: 000f > 000a str: \PIPE\netlogon. >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000019 smb_io_rpc_results > 001c num_results: 01 > 0020 result : 0000 > 0022 reason : 0000 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0048 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 59 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x3b >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 57 of length 63 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3648 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9989 (0x2705) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBreadX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \NETLOGON len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) > read_from_pipe: \NETLOGON: current_pdu_len = 72, current_pdu_sent = 0 returning 72 bytes. >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=72 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 140 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x8c >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 58 of length 144 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=140 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=3712 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 56 (0x38) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9989 (0x2705) > smb_bcc=73 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 38 00 00 00 02 00 00 ........ .8...... > [0020] 00 20 00 00 00 00 00 13 00 00 00 02 00 08 00 00 . ...... ........ > [0030] 00 00 00 00 00 08 00 00 00 5C 00 5C 00 4D 00 59 ........ .\.\.M.Y > [0040] 00 4C 00 41 00 48 00 00 00 .L.A.H.. . >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=56 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "NETLOGON" (pnum 2705) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97e18f8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 56 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 56 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 56, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 40 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 40 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0038 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 40 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 40, incoming data = 40 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000020 > 0004 context_id: 0000 > 0006 opnum : 0013 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 169 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\NETLOGON >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \NETLOGON op 0x13 - api_rpcTNP: rpc command: NETR_NETRENUMERATETRUSTEDDOMAINS >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[19].fn == 0x826d930 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > netr_NetrEnumerateTrustedDomains: struct netr_NetrEnumerateTrustedDomains > in: struct netr_NetrEnumerateTrustedDomains > server_name : * > server_name : '\\MYLAH' >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_netlog_nt.c:279(_netr_NetrEnumerateTrustedDomains) > _netr_NetrEnumerateTrustedDomains: 279 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_netlog_nt.c:287(_netr_NetrEnumerateTrustedDomains) > _netr_NetrEnumerateTrustedDomains: 287 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > netr_NetrEnumerateTrustedDomains: struct netr_NetrEnumerateTrustedDomains > out: struct netr_NetrEnumerateTrustedDomains > trusted_domains_blob : * > trusted_domains_blob: struct netr_Blob > length : 0x00000002 (2) > data : * > data: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > result : WERR_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \NETLOGON successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 40 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016b0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016b0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \NETLOGON len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 20. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000014 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..44] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=100 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=3712 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 44 (0x2C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 2C 00 00 00 02 00 00 ........ .,...... > [0010] 00 14 00 00 00 00 00 00 00 02 00 00 00 00 00 02 ........ ........ > [0020] 00 02 00 00 00 00 00 00 00 00 00 00 00 ........ ..... >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 41 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x29 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 59 of length 45 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3776 > smt_wct=3 > smb_vwv[ 0]= 9989 (0x2705) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBclose (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/reply.c:4488(reply_close) > close fd=-1 fnum=9989 (numopen=1) >[2010/04/27 16:57:55, 6, pid=12782] smbd/close.c:454(set_close_write_time) > close_write_time: Thu Jan 1 07:59:59 1970 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \NETLOGON >[2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:474(file_free) > freed files structure 9989 (0 used) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3776 > smt_wct=0 > smb_bcc=0 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 100 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x64 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 60 of length 104 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=3840 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=17 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 6C 00 73 00 61 00 72 00 70 00 63 00 00 .\.l.s.a .r.p.c.. > [0010] 00 . >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBntcreateX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 10, pid=12782] smbd/nttrans.c:484(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = lsarpc >[2010/04/27 16:57:55, 4, pid=12782] smbd/nttrans.c:315(nt_open_pipe) > nt_open_pipe: Opening pipe \lsarpc. >[2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:103(file_new) > allocated file structure 5894, fnum = 9990 (1 used) >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:99(make_internal_rpc_pipe_p) > Create pipe requested \lsarpc >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:85(init_pipe_handle_list) > init_pipe_handles: created handle list for pipe \lsarpc >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:102(init_pipe_handle_list) > init_pipe_handles: pipe_handles ref count = 1 for pipe \lsarpc >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/maximum password age, value = 4294967295 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:607(pdb_set_username) > pdb_set_username: setting username zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:630(pdb_set_domain) > pdb_set_domain: setting domain UCCDOMAIN, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:653(pdb_set_nt_username) > pdb_set_nt_username: setting nt username zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:676(pdb_set_fullname) > pdb_set_full_name: setting full name David Adam, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:769(pdb_set_homedir) > pdb_set_homedir: setting home dir \\mylah\zanchey, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:745(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive H:, was NULL >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:699(pdb_set_logon_script) > pdb_set_logon_script: setting logon script , was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:722(pdb_set_profile_path) > pdb_set_profile_path: setting profile path \\mylah\profiles, was >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:812(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 3, pid=12782] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:57:55, 10, pid=12782] lib/gencache.c:208(gencache_get) > Returning valid cache entry: key = ACCT_POL/password history, value = 0 > , timeout = Tue Apr 27 16:58:51 2010 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:536(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_compat.c:72(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-352321536-3342141748-1574249315-1264630062-23502 from rid 23502 >[2010/04/27 16:57:55, 10, pid=12782] passdb/pdb_get_set.c:594(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-352321536-3342141748-1574249315-1264630062-512 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe_hnd.c:161(make_internal_rpc_pipe_p) > Created internal pipe \lsarpc (pipes_open=0) >[2010/04/27 16:57:55, 5, pid=12782] smbd/nttrans.c:404(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 224 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xe0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 61 of length 228 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3904 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9990 (0x2706) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xW4.4.. ....#Eg. > [0030] AB 00 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 57 34 .+.H`... .....xW4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 00 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 57 34 12 34 12 CD 6....... .xW4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 00 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBwriteX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 6, pid=12782] smbd/pipes.c:271(reply_pipe_write_and_X) > reply_pipe_write_and_X: 2706 name: lsarpc len: 160 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 160 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 144 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0b > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 00a0 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 11, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 144, incoming data = 144 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 11 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1558(api_pipe_bind_req) > api_pipe_bind_req: decode request. 1558 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_rb >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 00000000 > 0008 num_contexts: 03 > 000c context_id : 0000 > 000e num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00000f smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_uuid uuid > 0010 data : 12345778 > 0014 data : 1234 > 0016 data : abcd > 0018 data : ef 00 > 001a data : 01 23 45 67 89 ab > 0020 version: 00000000 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000024 smb_io_uuid uuid > 0024 data : 8a885d04 > 0028 data : 1ceb > 002a data : 11c9 > 002c data : 9f e8 > 002e data : 08 00 2b 10 48 60 > 0034 version: 00000002 > 0038 context_id : 0001 > 003a num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003b smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00003c smb_io_uuid uuid > 003c data : 12345778 > 0040 data : 1234 > 0042 data : abcd > 0044 data : ef 00 > 0046 data : 01 23 45 67 89 ab > 004c version: 00000000 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000050 smb_io_uuid uuid > 0050 data : 71710533 > 0054 data : beba > 0056 data : 4937 > 0058 data : 83 19 > 005a data : b5 db ef 9c cc 36 > 0060 version: 00000001 > 0064 context_id : 0002 > 0066 num_transfer_syntaxes: 01 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000067 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000068 smb_io_uuid uuid > 0068 data : 12345778 > 006c data : 1234 > 006e data : abcd > 0070 data : ef 00 > 0072 data : 01 23 45 67 89 ab > 0078 version: 00000000 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 00007c smb_io_uuid uuid > 007c data : 6cb71c2c > 0080 data : 9812 > 0082 data : 4540 > 0084 data : 03 00 > 0086 data : 00 00 00 00 00 00 > 008c version: 00000001 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:1584(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:1628(api_pipe_bind_req) > api_pipe_bind_req: make response. 1628 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe.c:960(check_bind_req) > check_bind_req for \lsarpc > checking lsarpc >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_ba >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_bba > 0000 max_tsize: 10b8 > 0002 max_rsize: 10b8 > 0004 assoc_gid: 000053f0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000008 smb_io_rpc_addr_str > 0008 len: 000d > 000a str: \PIPE\lsarpc. >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000017 smb_io_rpc_results > 0018 num_results: 01 > 001c result : 0000 > 001e reason : 0000 >[2010/04/27 16:57:55, 6, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000020 smb_io_rpc_iface >[2010/04/27 16:57:55, 7, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000020 smb_io_uuid uuid > 0020 data : 8a885d04 > 0024 data : 1ceb > 0026 data : 11c9 > 0028 data : 9f e8 > 002a data : 08 00 2b 10 48 60 > 0030 version: 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 0c > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0044 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:325(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 59 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x3b >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 62 of length 63 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=3968 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9990 (0x2706) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBreadX (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:842(read_from_internal_pipe) > read_from_pipe: \lsarpc: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x9801a60 >[2010/04/27 16:57:55, 3, pid=12782] smbd/pipes.c:435(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 164 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0xa4 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 63 of length 168 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=4032 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9990 (0x2706) > smb_bcc=97 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 50 00 00 00 02 00 00 ........ .P...... > [0020] 00 38 00 00 00 00 00 2C 00 00 00 02 00 06 00 00 .8....., ........ > [0030] 00 00 00 00 00 06 00 00 00 4D 00 59 00 4C 00 41 ........ .M.Y.L.A > [0040] 00 48 00 00 00 30 00 00 00 00 00 00 00 00 00 00 .H...0.. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [0060] 00 . >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=80 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 2706) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97e18f8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 80 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 80 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 80 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 64 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 64 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0050 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 64 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 64, incoming data = 64 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000038 > 0004 context_id: 0000 > 0006 opnum : 002c >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 167 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\lsarpc >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[44].fn == 0x822bf40 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > in: struct lsa_OpenPolicy2 > system_name : * > system_name : 'MYLAH' > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000030 (48) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : NULL > access_mask : 0x00000001 (1) > 1: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_samr_nt.c:219(access_check_object) > _lsa_OpenPolicy2: access GRANTED (requested: 0x00000001, granted: 0x00000001) >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:160(create_policy_hnd) > Opened policy hnd[1] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_OpenPolicy2: struct lsa_OpenPolicy2 > out: struct lsa_OpenPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-d64b-13a7ee310000 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1052 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 64 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016e0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016e0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000002 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=4032 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 08 00 00 ........ ........ > [0020] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 00 00 00 ......K. ..1..... > [0030] 00 . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 130 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x82 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 64 of length 134 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=4096 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9990 (0x2706) > smb_bcc=63 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2E 00 00 00 03 00 00 ........ ........ > [0020] 00 16 00 00 00 00 00 07 00 00 00 00 00 08 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 03 00 ......K. ..1.... >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=46 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 2706) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97e18f8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 46 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 46 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 46 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 46, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 30 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002e > 000a auth_len : 0000 > 000c call_id : 00000003 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 30 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 30, incoming data = 30 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000016 > 0004 context_id: 0000 > 0006 opnum : 0007 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\lsarpc >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[7].fn == 0x82330e0 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > in: struct lsa_QueryInfoPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-d64b-13a7ee310000 > level : LSA_POLICY_INFO_DOMAIN (3) >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_QueryInfoPolicy: struct lsa_QueryInfoPolicy > out: struct lsa_QueryInfoPolicy > info : * > info : * > info : union lsa_PolicyInformation(case 3) > domain: struct lsa_DomainInfo > name: struct lsa_StringLarge > length : 0x0000 (0) > size : 0x0000 (0) > string : * > string : 'UCCDOMAIN' > sid : * > sid : S-1-5-352321536-3342141748-1574249315-1264630062 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 112 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 30 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 84. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 006c > 000a auth_len : 0000 > 000c call_id : 00000003 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000054 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97ef540 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..108] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=4096 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 108 (0x6C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 108 (0x6C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=109 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 6C 00 00 00 03 00 00 ........ .l...... > [0010] 00 54 00 00 00 00 00 00 00 00 00 02 00 03 00 00 .T...... ........ > [0020] 00 12 00 14 00 04 00 02 00 08 00 02 00 0A 00 00 ........ ........ > [0030] 00 00 00 00 00 09 00 00 00 55 00 43 00 43 00 44 ........ .U.C.C.D > [0040] 00 4F 00 4D 00 41 00 49 00 4E 00 00 00 04 00 00 .O.M.A.I .N...... > [0050] 00 01 04 00 00 00 00 00 05 00 00 00 15 34 09 35 ........ .....4.5 > [0060] C7 63 23 D5 5D 2E B9 60 4B 00 00 00 00 .c#.]..` K.... >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 128 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x80 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 65 of length 132 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=4160 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]= 9990 (0x2706) > smb_bcc=61 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 00 00 00 00 00 00 08 00 00 ........ ........ > [0030] 00 00 00 00 00 D6 4B 13 A7 EE 31 00 00 ......K. ..1.. >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtrans (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:539(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:572(handle_trans) > calling named_pipe >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:490(named_pipe) > named pipe command on <> name >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:413(api_fd_reply) > api_fd_reply >[2010/04/27 16:57:55, 3, pid=12782] smbd/ipc.c:454(api_fd_reply) > Got API command 0x26 on pipe "lsarpc" (pnum 2706) >[2010/04/27 16:57:55, 10, pid=12782] smbd/ipc.c:456(api_fd_reply) > api_fd_reply: p:0x97e18f8 max_trans_reply: 1024 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:1195(np_write_send) > np_write_send: len: 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, incoming data = 44 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:192(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, incoming data = 28 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 00 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 002c > 000a auth_len : 0000 > 000c call_id : 00000004 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe_hnd.c:288(unmarshall_rpc_header) > unmarshall_rpc_header: using little-endian RPC >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:317(unmarshall_rpc_header) > unmarshall_rpc_header: type = 0, flags = 3 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:762(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:672(process_incoming_data) > process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 28, incoming data = 28 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:534(process_complete_pdu) > process_complete_pdu: processing packet type 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr_req req > 0000 alloc_hint: 00000014 > 0004 context_id: 0000 > 0006 opnum : 0000 >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2261(api_pipe_request) > Requested \PIPE\\lsarpc >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_pipe.c:2297(api_rpcTNP) > api_rpcTNP: \lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe.c:2327(api_rpcTNP) > api_rpc_cmds[0].fn == 0x8234650 >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000008-0000-0000-d64b-13a7ee310000 >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 4, pid=12782] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D6 4B 13 A7 ........ .....K.. > [0010] EE 31 00 00 .1.. >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) > Closed policy >[2010/04/27 16:57:55, 1, pid=12782] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK >[2010/04/27 16:57:55, 5, pid=12782] rpc_server/srv_pipe.c:2362(api_rpcTNP) > api_rpcTNP: called \lsarpc successfully >[2010/04/27 16:57:55, 3, pid=12782] rpc_server/srv_pipe_hnd.c:343(free_pipe_context) > free_pipe_context: destroying talloc pool of size 0 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:766(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x98016a0 >[2010/04/27 16:57:55, 6, pid=12782] rpc_server/srv_pipe_hnd.c:802(read_from_internal_pipe) > name: \lsarpc len: 1024 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_pipe_hnd.c:862(read_from_internal_pipe) > read_from_pipe: \lsarpc: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 24. >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000000 smb_io_rpc_hdr hdr > 0000 major : 05 > 0001 minor : 00 > 0002 pkt_type : 02 > 0003 flags : 03 > 0004 pack_type0: 10 > 0005 pack_type1: 00 > 0006 pack_type2: 00 > 0007 pack_type3: 00 > 0008 frag_len : 0030 > 000a auth_len : 0000 > 000c call_id : 00000004 >[2010/04/27 16:57:55, 5, pid=12782] rpc_parse/parse_prs.c:88(prs_debug) > 000010 smb_io_rpc_hdr_resp resp > 0010 alloc_hint: 00000018 > 0014 context_id: 0000 > 0016 cancel_ct : 00 > 0017 reserved : 00 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Schedule immediate event "tevent_req_trigger": 0x97e2000 >[2010/04/27 16:57:55, 10, pid=12782] lib/events.c:287(s3_event_debug) > s3_event: Run immediate event "tevent_req_trigger": 0x97e2000 >[2010/04/27 16:57:55, 5, pid=12782] smbd/ipc.c:59(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=992 > smb_uid=100 > smb_mid=4160 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2010/04/27 16:57:55, 10, pid=12782] ../lib/util/util.c:304(_dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2010/04/27 16:57:55, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 41 >[2010/04/27 16:57:55, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x29 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 66 of length 45 (0 toread) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=4224 > smt_wct=3 > smb_vwv[ 0]= 9990 (0x2706) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2010/04/27 16:57:55, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBclose (pid 12782) conn 0x97e9be8 >[2010/04/27 16:57:55, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:528(debug_nt_user_token) > NT user token of user S-1-5-352321536-3342141748-1574249315-1264630062-23502 > contains 11 SIDs > SID[ 0]: S-1-5-352321536-3342141748-1574249315-1264630062-23502 > SID[ 1]: S-1-5-352321536-3342141748-1574249315-1264630062-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-22-2-69 > SID[ 6]: S-1-22-2-101 > SID[ 7]: S-1-22-2-20042 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-11251 > SID[ 10]: S-1-22-2-0 > SE_PRIV 0xff0 0x0 0x0 0x0 >[2010/04/27 16:57:55, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 4 supplementary groups > Group[ 0]: 0 > Group[ 1]: 69 > Group[ 2]: 101 > Group[ 3]: 20042 >[2010/04/27 16:57:55, 5, pid=12782] smbd/uid.c:353(change_to_user) > change_to_user uid=(0,0) gid=(0,0) >[2010/04/27 16:57:55, 3, pid=12782] smbd/reply.c:4488(reply_close) > close fd=-1 fnum=9990 (numopen=1) >[2010/04/27 16:57:55, 6, pid=12782] smbd/close.c:454(set_close_write_time) > close_write_time: Thu Jan 1 07:59:59 1970 >[2010/04/27 16:57:55, 10, pid=12782] rpc_server/srv_lsa_hnd.c:249(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \lsarpc >[2010/04/27 16:57:55, 5, pid=12782] smbd/files.c:474(file_free) > freed files structure 9990 (0 used) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:57:55, 5, pid=12782] lib/util.c:642(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=4224 > smt_wct=0 > smb_bcc=0 >[2010/04/27 16:58:06, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 35 >[2010/04/27 16:58:06, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x23 >[2010/04/27 16:58:06, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 67 of length 39 (0 toread) >[2010/04/27 16:58:06, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:58:06, 5, pid=12782] lib/util.c:642(show_msg) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=4288 > smt_wct=0 > smb_bcc=0 >[2010/04/27 16:58:06, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBtdis (pid 12782) conn 0x97e9be8 >[2010/04/27 16:58:06, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:58:06, 5, pid=12782] smbd/uid.c:368(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2010/04/27 16:58:06, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:58:06, 5, pid=12782] smbd/uid.c:368(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2010/04/27 16:58:06, 3, pid=12782] smbd/service.c:1240(close_cnum) > maaxen (::ffff:130.95.13.55) closed connection to service IPC$ >[2010/04/27 16:58:06, 3, pid=12782] smbd/connection.c:31(yield_connection) > Yielding connection to IPC$ >[2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) > Locking key EE310000FFFFFFFF0100 >[2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) > Allocated locked data 0x0x97af968 >[2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:42(db_tdb_record_destr) > Unlocking key EE310000FFFFFFFF0100 >[2010/04/27 16:58:06, 4, pid=12782] smbd/vfs.c:753(vfs_ChDir) > vfs_ChDir to / >[2010/04/27 16:58:06, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:58:06, 5, pid=12782] smbd/uid.c:368(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2010/04/27 16:58:06, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:58:06, 5, pid=12782] lib/util.c:642(show_msg) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=4288 > smt_wct=0 > smb_bcc=0 >[2010/04/27 16:58:06, 10, pid=12782] lib/util_sock.c:789(read_smb_length_return_keepalive) > got smb length of 39 >[2010/04/27 16:58:06, 6, pid=12782] smbd/process.c:1456(process_smb) > got message type 0x0 of len 0x27 >[2010/04/27 16:58:06, 3, pid=12782] smbd/process.c:1459(process_smb) > Transaction 68 of length 43 (0 toread) >[2010/04/27 16:58:06, 5, pid=12782] lib/util.c:632(show_msg) >[2010/04/27 16:58:06, 5, pid=12782] lib/util.c:642(show_msg) > size=39 > smb_com=0x74 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=60160 > smb_pid=65279 > smb_uid=100 > smb_mid=4352 > smt_wct=2 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_bcc=0 >[2010/04/27 16:58:06, 3, pid=12782] smbd/process.c:1273(switch_message) > switch message SMBulogoffX (pid 12782) conn 0x0 >[2010/04/27 16:58:06, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:58:06, 5, pid=12782] smbd/uid.c:368(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) > Locking key 49442F31323738322F31 >[2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) > Allocated locked data 0x0x97af6b8 >[2010/04/27 16:58:06, 4, pid=12782] auth/pampass.c:472(smb_pam_start) > smb_pam_start: PAM: Init user: zanchey >[2010/04/27 16:58:06, 4, pid=12782] auth/pampass.c:489(smb_pam_start) > smb_pam_start: PAM: setting rhost to: ::ffff:130.95.13.55 >[2010/04/27 16:58:06, 4, pid=12782] auth/pampass.c:498(smb_pam_start) > smb_pam_start: PAM: setting tty >[2010/04/27 16:58:06, 4, pid=12782] auth/pampass.c:506(smb_pam_start) > smb_pam_start: PAM: Init passed for user: zanchey >[2010/04/27 16:58:06, 4, pid=12782] auth/pampass.c:643(smb_internal_pam_session) > smb_internal_pam_session: PAM: tty set to: smb/12782/100 >[2010/04/27 16:58:06, 4, pid=12782] auth/pampass.c:450(smb_pam_end) > smb_pam_end: PAM: PAM_END OK. >[2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:42(db_tdb_record_destr) > Unlocking key 49442F31323738322F31 >[2010/04/27 16:58:06, 3, pid=12782] smbd/reply.c:1948(reply_ulogoffX) > ulogoffX vuid=100 >[2010/04/27 16:58:06, 0, pid=12782] lib/util_sock.c:539(read_fd_with_timeout) >[2010/04/27 16:58:06, 0, pid=12782] lib/util_sock.c:1491(get_peer_addr_internal) > getpeername failed. Error was Transport endpoint is not connected > read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. >[2010/04/27 16:58:06, 10, pid=12782] smbd/process.c:271(receive_smb_raw_talloc) > receive_smb_raw: NT_STATUS_ACCESS_DENIED >[2010/04/27 16:58:06, 3, pid=12782] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:522(debug_nt_user_token) > NT user token: (NULL) >[2010/04/27 16:58:06, 5, pid=12782] auth/token_util.c:548(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2010/04/27 16:58:06, 5, pid=12782] smbd/uid.c:368(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2010/04/27 16:58:06, 3, pid=12782] smbd/connection.c:31(yield_connection) > Yielding connection to >[2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) > Locking key EE310000FFFFFFFFFFFF >[2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) > Allocated locked data 0x0x97ed170 >[2010/04/27 16:58:06, 10, pid=12782] lib/dbwrap_tdb.c:42(db_tdb_record_destr) > Unlocking key EE310000FFFFFFFFFFFF >[2010/04/27 16:58:06, 3, pid=12782] smbd/server.c:849(exit_server_common) > Server exit (failed to receive smb request)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5662">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 7395
:
5660
|
5661
| 5662