The Samba-Bugzilla – Attachment 57 Details for
Bug 252
delete user script = /usr/local/samba/bin/del_user %u
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Log of a failed user account deletion using the NT4 domain user manager.
slim.5.log (text/plain), 193.88 KB, created by
John H Terpstra (mail address dead(
on 2003-07-26 12:54:25 UTC
(
hide
)
Description:
Log of a failed user account deletion using the NT4 domain user manager.
Filename:
MIME Type:
Creator:
John H Terpstra (mail address dead(
Created:
2003-07-26 12:54:25 UTC
Size:
193.88 KB
patch
obsolete
>[2003/07/26 13:53:12, 5] lib/debug.c:debug_dump_status(359) > INFO: Current debug levels: > all: True/5 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 >[2003/07/26 13:53:12, 2] param/loadparm.c:do_section(3418) > Processing section "[homes]" > doing parameter comment = Home Directories > doing parameter valid users = %S > doing parameter read only = No > doing parameter browseable = No >[2003/07/26 13:53:12, 2] param/loadparm.c:do_section(3418) > Processing section "[print$]" > doing parameter comment = Printer Drivers Share > doing parameter path = /var/lib/samba/drivers > doing parameter write list = jht, root > doing parameter printer admin = jht, root > doing parameter create mask = 0664 > doing parameter directory mask = 0775 >[2003/07/26 13:53:12, 2] param/loadparm.c:do_section(3418) > Processing section "[netlogon]" > doing parameter comment = Network Logon Service > doing parameter path = /var/lib/samba/netlogon > doing parameter admin users = root, jht > doing parameter guest ok = Yes > doing parameter nt acl support = No > doing parameter browseable = No > doing parameter blocking locks = No > doing parameter csc policy = disable > doing parameter locking = No > doing parameter oplocks = No > doing parameter level2 oplocks = No > doing parameter posix locking = No > doing parameter strict locking = No > doing parameter share modes = No >[2003/07/26 13:53:12, 2] param/loadparm.c:do_section(3418) > Processing section "[Profiles]" > doing parameter comment = Roaming Profile Share > doing parameter path = /var/lib/samba/profiles > doing parameter read only = No > doing parameter profile acls = Yes >[2003/07/26 13:53:12, 2] param/loadparm.c:do_section(3418) > Processing section "[printers]" > doing parameter comment = All Printers > doing parameter path = /var/spool/samba > doing parameter printer admin = root, jht > doing parameter create mask = 0600 > doing parameter guest ok = Yes > doing parameter printable = Yes > doing parameter use client driver = Yes > doing parameter default devmode = Yes > doing parameter browseable = No >[2003/07/26 13:53:12, 2] param/loadparm.c:do_section(3418) > Processing section "[media]" > doing parameter comment = Public Stuff > doing parameter path = /export2 > doing parameter read list = @users > doing parameter write list = jht > doing parameter read only = No > doing parameter blocking locks = No > doing parameter csc policy = disable > doing parameter locking = No > doing parameter oplocks = No > doing parameter level2 oplocks = No > doing parameter posix locking = No > doing parameter strict locking = No > doing parameter share modes = No >[2003/07/26 13:53:12, 2] param/loadparm.c:do_section(3418) > Processing section "[data]" > doing parameter comment = Data Stuff > doing parameter path = /export/data > doing parameter write list = @ntadmin > doing parameter read only = No > doing parameter blocking locks = No > doing parameter csc policy = disable > doing parameter locking = No > doing parameter oplocks = No > doing parameter level2 oplocks = No > doing parameter posix locking = No > doing parameter strict locking = No > doing parameter share modes = No >[2003/07/26 13:53:12, 2] param/loadparm.c:do_section(3418) > Processing section "[cdr]" > doing parameter comment = CDR Production Files > doing parameter path = /export/CDR > doing parameter force user = root > doing parameter read only = No > doing parameter case sensitive = Yes >[2003/07/26 13:53:12, 4] param/loadparm.c:lp_load(3930) > pm_process() returned Yes >[2003/07/26 13:53:12, 3] param/loadparm.c:lp_add_ipc(2351) > adding IPC service >[2003/07/26 13:53:12, 3] param/loadparm.c:lp_add_ipc(2351) > adding IPC service >[2003/07/26 13:53:12, 5] lib/charcnv.c:charset_name(74) > Substituting charset 'ISO-8859-1' for LOCALE >[2003/07/26 13:53:12, 5] lib/charcnv.c:charset_name(74) > Substituting charset 'ISO-8859-1' for LOCALE >[2003/07/26 13:53:12, 5] lib/charcnv.c:charset_name(74) > Substituting charset 'ISO-8859-1' for LOCALE >[2003/07/26 13:53:12, 5] lib/charcnv.c:charset_name(74) > Substituting charset 'ISO-8859-1' for LOCALE >[2003/07/26 13:53:12, 5] lib/charcnv.c:charset_name(74) > Substituting charset 'ISO-8859-1' for LOCALE >[2003/07/26 13:53:12, 5] lib/charcnv.c:charset_name(74) > Substituting charset 'ISO-8859-1' for LOCALE >[2003/07/26 13:53:12, 5] lib/charcnv.c:charset_name(74) > Substituting charset 'ISO-8859-1' for LOCALE >[2003/07/26 13:53:12, 5] lib/charcnv.c:charset_name(74) > Substituting charset 'ISO-8859-1' for LOCALE >[2003/07/26 13:53:12, 5] lib/charcnv.c:charset_name(74) > Substituting charset 'ISO-8859-1' for LOCALE >[2003/07/26 13:53:12, 5] lib/charcnv.c:charset_name(74) > Substituting charset 'ISO-8859-1' for LOCALE >[2003/07/26 13:53:12, 5] printing/print_cups.c:cups_printer_fn(92) > cups_printer_fn(0x807cb9e) >[2003/07/26 13:53:12, 3] param/loadparm.c:lp_add_printer(2386) > adding printer service color >[2003/07/26 13:53:12, 3] param/loadparm.c:lp_add_printer(2386) > adding printer service high >[2003/07/26 13:53:12, 3] param/loadparm.c:lp_add_printer(2386) > adding printer service hpps1000 >[2003/07/26 13:53:12, 3] param/loadparm.c:lp_add_printer(2386) > adding printer service lp >[2003/07/26 13:53:12, 3] param/loadparm.c:lp_add_printer(2386) > adding printer service photo >[2003/07/26 13:53:12, 3] param/loadparm.c:lp_add_printer(2386) > adding printer service raw >[2003/07/26 13:53:12, 2] lib/interface.c:add_interface(79) > added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 >[2003/07/26 13:53:12, 2] lib/interface.c:add_interface(79) > added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_KEEPALIVE = 1 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_REUSEADDR = 1 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_BROADCAST = 0 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option TCP_NODELAY = 1 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option IPTOS_LOWDELAY = 0 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option IPTOS_THROUGHPUT = 0 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDBUF = 16384 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVBUF = 16384 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDLOWAT = 1 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVLOWAT = 1 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDTIMEO = 0 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVTIMEO = 0 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_KEEPALIVE = 1 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_REUSEADDR = 1 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_BROADCAST = 0 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option TCP_NODELAY = 1 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option IPTOS_LOWDELAY = 0 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option IPTOS_THROUGHPUT = 0 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDBUF = 16384 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVBUF = 16384 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDLOWAT = 1 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVLOWAT = 1 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_SNDTIMEO = 0 >[2003/07/26 13:53:12, 5] lib/util_sock.c:print_socket_options(105) > socket option SO_RCVTIMEO = 0 >[2003/07/26 13:53:12, 5] lib/hash.c:hash_table_init(67) > Hash size = 521. >[2003/07/26 13:53:12, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2003/07/26 13:53:12, 5] smbd/reply.c:reply_special(136) > init msg_type=0x81 msg_flags=0x0 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 1 of length 174 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=170 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=0 > smb_pid=51966 > smb_uid=102 > smb_mid=0 > smt_wct=0 > smb_bcc=135 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBnegprot (pid 26844) >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/07/26 13:53:12, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/07/26 13:53:12, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2003/07/26 13:53:12, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [XENIX CORE] >[2003/07/26 13:53:12, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [MICROSOFT NETWORKS 1.03] >[2003/07/26 13:53:12, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [LANMAN1.0] >[2003/07/26 13:53:12, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [Windows for Workgroups 3.1a] >[2003/07/26 13:53:12, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [LM1.2X002] >[2003/07/26 13:53:12, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [LANMAN2.1] >[2003/07/26 13:53:12, 3] smbd/negprot.c:reply_negprot(455) > Requested protocol [NT LM 0.12] >[2003/07/26 13:53:12, 5] auth/auth.c:make_auth_context_subsystem(463) > Making default auth method list for DC, security=user, encrypt passwords = yes >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend rhosts >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'rhosts' >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend hostsequiv >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'hostsequiv' >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam' >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend sam_ignoredomain >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'sam_ignoredomain' >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend unix >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'unix' >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend winbind >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'winbind' >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend smbserver >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'smbserver' >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend trustdomain >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'trustdomain' >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend ntdomain >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'ntdomain' >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(45) > Attempting to register auth backend guest >[2003/07/26 13:53:12, 5] auth/auth.c:smb_register_auth(57) > Successfully added auth method 'guest' >[2003/07/26 13:53:12, 5] auth/auth.c:load_auth_module(370) > load_auth_module: Attempting to find an auth method to match guest >[2003/07/26 13:53:12, 5] auth/auth.c:load_auth_module(395) > load_auth_module: auth method guest has a valid init >[2003/07/26 13:53:12, 5] auth/auth.c:load_auth_module(370) > load_auth_module: Attempting to find an auth method to match sam >[2003/07/26 13:53:12, 5] auth/auth.c:load_auth_module(395) > load_auth_module: auth method sam has a valid init >[2003/07/26 13:53:12, 5] auth/auth.c:load_auth_module(370) > load_auth_module: Attempting to find an auth method to match winbind:trustdomain >[2003/07/26 13:53:12, 5] auth/auth.c:load_auth_module(370) > load_auth_module: Attempting to find an auth method to match trustdomain >[2003/07/26 13:53:12, 5] auth/auth.c:load_auth_module(395) > load_auth_module: auth method trustdomain has a valid init >[2003/07/26 13:53:12, 5] auth/auth.c:load_auth_module(395) > load_auth_module: auth method winbind has a valid init >[2003/07/26 13:53:12, 5] auth/auth.c:get_ntlm_challenge(93) > auth_get_challenge: module guest did not want to specify a challenge >[2003/07/26 13:53:12, 5] auth/auth.c:get_ntlm_challenge(93) > auth_get_challenge: module sam did not want to specify a challenge >[2003/07/26 13:53:12, 5] auth/auth.c:get_ntlm_challenge(93) > auth_get_challenge: module winbind did not want to specify a challenge >[2003/07/26 13:53:12, 5] auth/auth.c:get_ntlm_challenge(132) > auth_context challenge created by random >[2003/07/26 13:53:12, 5] auth/auth.c:get_ntlm_challenge(133) > challenge is: >[2003/07/26 13:53:12, 5] lib/util.c:dump_data(1887) > [000] 10 2C 96 C4 CB C6 47 CE .,.ÄËÆGÎ >[2003/07/26 13:53:12, 3] smbd/negprot.c:reply_nt1(323) > not using SPNEGO >[2003/07/26 13:53:12, 3] smbd/negprot.c:reply_negprot(532) > Selected protocol NT LM 0.12 >[2003/07/26 13:53:12, 5] smbd/negprot.c:reply_negprot(538) > negprot index=7 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=95 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=51966 > smb_uid=102 > smb_mid=0 > smt_wct=17 > smb_vwv[ 0]= 7 (0x7) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=56320 (0xDC00) > smb_vwv[ 8]= 104 (0x68) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]= 227 (0xE3) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]=27652 (0x6C04) > smb_vwv[13]=44939 (0xAF8B) > smb_vwv[14]=50003 (0xC353) > smb_vwv[15]=26625 (0x6801) > smb_vwv[16]= 2049 (0x801) > smb_bcc=26 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 2 of length 268 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=264 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=0 > smb_pid=51966 > smb_uid=102 > smb_mid=0 > smt_wct=13 > smb_vwv[ 0]= 117 (0x75) > smb_vwv[ 1]= 222 (0xDE) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]=26844 (0x68DC) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 24 (0x18) > smb_vwv[ 8]= 24 (0x18) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 212 (0xD4) > smb_vwv[12]= 0 (0x0) > smb_bcc=161 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBsesssetupX (pid 26844) >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/07/26 13:53:12, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/07/26 13:53:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X(569) > wct=13 flg2=0x8003 >[2003/07/26 13:53:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X(676) > Domain=[MIDEARTH] NativeOS=[Windows NT 1381] NativeLanMan=[] >[2003/07/26 13:53:12, 3] smbd/sesssetup.c:reply_sesssetup_and_X(687) > sesssetupX:name=[MIDEARTH]\[Administrator]@[slim] >[2003/07/26 13:53:12, 4] lib/username.c:map_username(132) > Scanning username map /etc/samba/smbusers >[2003/07/26 13:53:12, 3] lib/username.c:map_username(173) > Mapped user Administrator to root >[2003/07/26 13:53:12, 5] auth/auth_util.c:make_user_info_map(216) > make_user_info_map: Mapping user [MIDEARTH]\[Administrator] from workstation [slim] >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/07/26 13:53:12, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/07/26 13:53:12, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(299) > secrets_fetch failed! >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(172) > no entry for trusted domain MIDEARTH found. >[2003/07/26 13:53:12, 5] auth/auth_util.c:make_user_info(132) > attempting to make a user_info for root (Administrator) >[2003/07/26 13:53:12, 5] auth/auth_util.c:make_user_info(142) > making strings for root's user_info struct >[2003/07/26 13:53:12, 5] auth/auth_util.c:make_user_info(184) > making blobs for root's user_info struct >[2003/07/26 13:53:12, 3] auth/auth.c:check_ntlm_password(216) > check_ntlm_password: Checking password for unmapped user [MIDEARTH]\[Administrator]@[slim] with the new password interface >[2003/07/26 13:53:12, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: mapped user is: [MIDEARTH]\[root]@[slim] >[2003/07/26 13:53:12, 5] lib/util.c:dump_data(1887) > [000] 10 2C 96 C4 CB C6 47 CE .,.ÄËÆGÎ >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/07/26 13:53:12, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 4] auth/auth_sam.c:sam_password_ok(218) > sam_password_ok: Checking NT MD4 password >[2003/07/26 13:53:12, 4] auth/auth_sam.c:sam_account_ok(324) > sam_account_ok: Checking SMB password for user root >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/07/26 13:53:12, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 3 supplementary groups > Group[ 0]: 0 > Group[ 1]: 0 > Group[ 2]: 71 >[2003/07/26 13:53:12, 3] smbd/uid.c:fetch_sid_from_gid_cache(651) > fetch sid from gid cache 0 -> S-1-5-32-544 >[2003/07/26 13:53:12, 5] auth/auth_util.c:make_server_info_sam(815) > make_server_info_sam: made server info for user root -> root >[2003/07/26 13:53:12, 3] auth/auth.c:check_ntlm_password(265) > check_ntlm_password: sam authentication for user [Administrator] succeeded >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/07/26 13:53:12, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 5] auth/auth.c:check_ntlm_password(289) > check_ntlm_password: PAM Account for user [root] succeeded >[2003/07/26 13:53:12, 2] auth/auth.c:check_ntlm_password(302) > check_ntlm_password: authentication for user [Administrator] -> [root] -> [root] succeeded >[2003/07/26 13:53:12, 5] auth/auth_util.c:free_user_info(1151) > attempting to free (and zero) a user_info structure >[2003/07/26 13:53:12, 3] smbd/password.c:register_vuid(204) > User name: root Real name: root >[2003/07/26 13:53:12, 3] smbd/password.c:register_vuid(222) > UNIX uid 0 is UNIX user root, and will be vuid 100 >[2003/07/26 13:53:12, 2] smbd/utmp.c:sys_utmp_update(413) > utmp_update: uname:/var/run/utmp wname:/var/log/wtmp >[2003/07/26 13:53:12, 3] smbd/password.c:register_vuid(238) > Adding/updating homes service for user 'root' using home directory: '/root' >[2003/07/26 13:53:12, 3] param/loadparm.c:lp_add_home(2310) > adding home's share [root] for user 'root' at '/root' >[2003/07/26 13:53:12, 3] smbd/process.c:chain_reply(1012) > Chained message >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=264 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=0 > smb_pid=51966 > smb_uid=100 > smb_mid=0 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=31 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtconX (pid 26844) >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/07/26 13:53:12, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/07/26 13:53:12, 4] smbd/reply.c:reply_tcon_and_X(260) > Client requested device type [IPC] for share [IPC$] >[2003/07/26 13:53:12, 5] smbd/service.c:make_connection(855) > making a connection to 'normal' service ipc$ >[2003/07/26 13:53:12, 3] lib/access.c:check_access(314) > check_access: no hostnames in host allow/deny list. >[2003/07/26 13:53:12, 2] lib/access.c:check_access(325) > Allowed connection from (192.168.1.233) >[2003/07/26 13:53:12, 5] lib/username.c:Get_Pwnam(288) > Finding user root >[2003/07/26 13:53:12, 5] lib/username.c:Get_Pwnam_internals(223) > Trying _Get_Pwnam(), username as lowercase is root >[2003/07/26 13:53:12, 5] lib/username.c:Get_Pwnam_internals(251) > Get_Pwnam_internals did find user [root]! >[2003/07/26 13:53:12, 3] smbd/service.c:make_connection_snum(536) > Connect path is '/tmp' for service [IPC$] >[2003/07/26 13:53:12, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) > get_share_security: using default secdesc for IPC$ >[2003/07/26 13:53:12, 3] lib/util_seaccess.c:se_access_check(267) >[2003/07/26 13:53:12, 3] lib/util_seaccess.c:se_access_check(268) > se_access_check: user sid is S-1-5-21-1593769616-160655940-3590153233-1000 > se_access_check: also S-1-5-21-1593769616-160655940-3590153233-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 >[2003/07/26 13:53:12, 5] lib/util_seaccess.c:se_access_check(325) > se_access_check: access (2) granted. >[2003/07/26 13:53:12, 3] smbd/vfs.c:vfs_init_default(201) > Initialising default vfs hooks >[2003/07/26 13:53:12, 5] smbd/connection.c:claim_connection(170) > claiming IPC$ 0 >[2003/07/26 13:53:12, 4] rpc_server/srv_srvsvc_nt.c:get_share_security(217) > get_share_security: using default secdesc for IPC$ >[2003/07/26 13:53:12, 3] lib/util_seaccess.c:se_access_check(267) >[2003/07/26 13:53:12, 3] lib/util_seaccess.c:se_access_check(268) > se_access_check: user sid is S-1-5-21-1593769616-160655940-3590153233-1000 > se_access_check: also S-1-5-21-1593769616-160655940-3590153233-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 >[2003/07/26 13:53:12, 5] lib/util_seaccess.c:se_access_check(325) > se_access_check: access (1) granted. >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1593769616-160655940-3590153233-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1593769616-160655940-3590153233-1000 > SID[ 1]: S-1-5-21-1593769616-160655940-3590153233-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-32-544 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 3 supplementary groups > Group[ 0]: 0 > Group[ 1]: 0 > Group[ 2]: 71 >[2003/07/26 13:53:12, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,0) >[2003/07/26 13:53:12, 3] smbd/service.c:make_connection_snum(692) > slim (192.168.1.233) connect to service IPC$ initially as user root (uid=0, gid=0) (pid 26844) >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/07/26 13:53:12, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2003/07/26 13:53:12, 3] smbd/reply.c:reply_tcon_and_X(308) > tconX service=IPC$ >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=116 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=51966 > smb_uid=100 > smb_mid=0 > smt_wct=3 > smb_vwv[ 0]= 117 (0x75) > smb_vwv[ 1]= 100 (0x64) > smb_vwv[ 2]= 0 (0x0) > smb_bcc=59 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 3 of length 100 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=64 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 1536 (0x600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=13 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBntcreateX (pid 26844) >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_nt_user_token(491) > NT user token of user S-1-5-21-1593769616-160655940-3590153233-1000 > contains 6 SIDs > SID[ 0]: S-1-5-21-1593769616-160655940-3590153233-1000 > SID[ 1]: S-1-5-21-1593769616-160655940-3590153233-512 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-11 > SID[ 5]: S-1-5-32-544 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 3 supplementary groups > Group[ 0]: 0 > Group[ 1]: 0 > Group[ 2]: 71 >[2003/07/26 13:53:12, 5] smbd/uid.c:change_to_user(203) > change_to_user uid=(0,0) gid=(0,0) >[2003/07/26 13:53:12, 4] smbd/vfs.c:vfs_ChDir(611) > vfs_ChDir to /tmp >[2003/07/26 13:53:12, 4] smbd/nttrans.c:nt_open_pipe(486) > nt_open_pipe: Opening pipe \samr. >[2003/07/26 13:53:12, 3] smbd/nttrans.c:nt_open_pipe(503) > nt_open_pipe: Known pipe samr opening. >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested samr (pipes_open=0) >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) > Create pipe requested samr >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) > Created internal pipe samr (pipes_open=0) >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) > Opened pipe samr with handle 74f4 (pipes_open=1) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name samr pnum=74f4 >[2003/07/26 13:53:12, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) > do_ntcreate_pipe_open: open pipe = \samr >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=64 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=62464 (0xF400) > smb_vwv[ 3]= 372 (0x174) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 4 of length 160 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=128 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29940 (0x74F4) > smb_bcc=89 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=72 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f4 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f4 (pipes_open=1) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 74f4)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 0b >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0048 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00680067 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(846) > api_pipe_bind_req: decode request. 846 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(857) > api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_rb >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0000 max_tsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0002 max_rsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 assoc_gid: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0008 num_elements: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000c context_id : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 000e num_syntaxes: 01 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 data : 12345778 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 data : 1234 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0016 data : abcd >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 0018 data : ef 00 01 23 45 67 89 ac >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0020 version: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0024 data : 8a885d04 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0028 data : 1ceb >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 002a data : 11c9 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 002c data : 9f e8 08 00 2b 10 48 60 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0034 version: 00000002 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(987) > api_pipe_bind_req: make response. 987 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:check_bind_req(725) > check_bind_req for \PIPE\samr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_ba >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0000 max_tsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0002 max_rsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 assoc_gid: 000053f0 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 len: 000c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000a str: \PIPE\lsass. >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0018 num_results: 01 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 001c result : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 001e reason : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0020 data : 8a885d04 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0024 data : 1ceb >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0026 data : 11c9 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 0028 data : 9f e8 08 00 2b 10 48 60 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0030 version: 00000002 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 0c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0044 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00680067 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..68] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=128 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 5 of length 164 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=192 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29940 (0x74F4) > smb_bcc=93 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=76 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f4 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f4 (pipes_open=1) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 74f4)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 004c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000044 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_req req >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 alloc_hint: 00000034 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0006 opnum : 0007 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1413) > Requested \PIPE\samr >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_request(1418) > Doing \PIPE\samr >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1464) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_q_open_domain >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000020 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: a6 db 22 3f c7 68 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0014 flags: 00000200 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0018 num_auths: 00000004 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001c sid_rev_num: 01 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001d num_auths : 04 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001e id_auth[0] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001f id_auth[1] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0020 id_auth[2] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0021 id_auth[3] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0022 id_auth[4] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0023 id_auth[5] : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32s(861) > 0024 sub_auths : 00000015 5efefe90 09936a44 d5fd6411 >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(170) > Policy not found: [000] 00 00 00 00 20 00 00 00 00 00 00 00 A6 DB 22 3F .... ... ....¦Û"? > [010] C7 68 00 00 Çh.. >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_r_open_domain >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0014 status: NT_STATUS_INVALID_HANDLE >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1499) > api_rpcTNP: bad handle fault return. >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 23 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0020 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000044 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000010 smb_io_rpc_hdr_resp resp >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 alloc_hint: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0016 cancel_ct : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0017 reserved : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000018 smb_io_rpc_hdr_fault fault >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0018 status : NT code 0x1c00001a >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 001c reserved: 00000000 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..32] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=192 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 6 of length 46 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=42 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51966 > smb_uid=100 > smb_mid=256 > smt_wct=3 > smb_vwv[ 0]=29940 (0x74F4) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBclose (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f4 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f4 (pipes_open=1) >[2003/07/26 13:53:12, 5] smbd/pipes.c:reply_pipe_close(258) > reply_pipe_close: pnum:74f4 >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name samr pnum=74f4 (pipes_open=0) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=51966 > smb_uid=100 > smb_mid=256 > smt_wct=0 > smb_bcc=0 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 7 of length 100 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=320 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 1536 (0x600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=13 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBntcreateX (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 4] smbd/nttrans.c:nt_open_pipe(486) > nt_open_pipe: Opening pipe \samr. >[2003/07/26 13:53:12, 3] smbd/nttrans.c:nt_open_pipe(503) > nt_open_pipe: Known pipe samr opening. >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested samr (pipes_open=0) >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) > Create pipe requested samr >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) > Created internal pipe samr (pipes_open=0) >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) > Opened pipe samr with handle 74f5 (pipes_open=1) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name samr pnum=74f5 >[2003/07/26 13:53:12, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) > do_ntcreate_pipe_open: open pipe = \samr >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=320 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=62720 (0xF500) > smb_vwv[ 3]= 372 (0x174) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 8 of length 160 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=384 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29941 (0x74F5) > smb_bcc=89 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=72 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f5 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f5 (pipes_open=1) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 74f5)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 0b >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0048 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000043 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(846) > api_pipe_bind_req: decode request. 846 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(857) > api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_rb >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0000 max_tsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0002 max_rsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 assoc_gid: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0008 num_elements: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000c context_id : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 000e num_syntaxes: 01 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 data : 12345778 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 data : 1234 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0016 data : abcd >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 0018 data : ef 00 01 23 45 67 89 ac >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0020 version: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0024 data : 8a885d04 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0028 data : 1ceb >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 002a data : 11c9 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 002c data : 9f e8 08 00 2b 10 48 60 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0034 version: 00000002 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(987) > api_pipe_bind_req: make response. 987 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:check_bind_req(725) > check_bind_req for \PIPE\samr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_ba >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0000 max_tsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0002 max_rsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 assoc_gid: 000053f0 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 len: 000c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000a str: \PIPE\lsass. >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0018 num_results: 01 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 001c result : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 001e reason : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0020 data : 8a885d04 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0024 data : 1ceb >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0026 data : 11c9 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 0028 data : 9f e8 08 00 2b 10 48 60 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0030 version: 00000002 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 0c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0044 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000043 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..68] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=384 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 9 of length 132 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=448 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29941 (0x74F5) > smb_bcc=61 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f5 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f5 (pipes_open=1) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 74f5)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 002c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000045 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_req req >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 alloc_hint: 00000014 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0006 opnum : 0001 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1413) > Requested \PIPE\samr >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_request(1418) > Doing \PIPE\samr >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1464) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_q_close_hnd >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000020 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: a6 db 22 3f c7 68 00 00 >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(170) > Policy not found: [000] 00 00 00 00 20 00 00 00 00 00 00 00 A6 DB 22 3F .... ... ....¦Û"? > [010] C7 68 00 00 Çh.. >[2003/07/26 13:53:12, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(196) > Error closing policy >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_r_close_hnd >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0014 status: NT_STATUS_OBJECT_NAME_INVALID >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1499) > api_rpcTNP: bad handle fault return. >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 23 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0020 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000045 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000010 smb_io_rpc_hdr_resp resp >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 alloc_hint: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0016 cancel_ct : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0017 reserved : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000018 smb_io_rpc_hdr_fault fault >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0018 status : NT code 0x1c00001a >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 001c reserved: 00000000 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..32] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=88 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=448 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 32 (0x20) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 32 (0x20) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=33 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 10 of length 46 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=42 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=51966 > smb_uid=100 > smb_mid=512 > smt_wct=3 > smb_vwv[ 0]=29941 (0x74F5) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBclose (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f5 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f5 (pipes_open=1) >[2003/07/26 13:53:12, 5] smbd/pipes.c:reply_pipe_close(258) > reply_pipe_close: pnum:74f5 >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081) > closed pipe name samr pnum=74f5 (pipes_open=0) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=51966 > smb_uid=100 > smb_mid=512 > smt_wct=0 > smb_bcc=0 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 11 of length 100 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=96 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=576 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2560 (0xA00) > smb_vwv[ 3]= 1536 (0x600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=13 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBntcreateX (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 4] smbd/nttrans.c:nt_open_pipe(486) > nt_open_pipe: Opening pipe \samr. >[2003/07/26 13:53:12, 3] smbd/nttrans.c:nt_open_pipe(503) > nt_open_pipe: Known pipe samr opening. >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested samr (pipes_open=0) >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) > Create pipe requested samr >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) > Created internal pipe samr (pipes_open=0) >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) > Opened pipe samr with handle 74f6 (pipes_open=1) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name samr pnum=74f6 >[2003/07/26 13:53:12, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) > do_ntcreate_pipe_open: open pipe = \samr >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=576 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=62976 (0xF600) > smb_vwv[ 3]= 372 (0x174) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 12 of length 160 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=640 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29942 (0x74F6) > smb_bcc=89 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=72 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f6 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f6 (pipes_open=1) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 74f6)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 0b >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0048 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000045 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(846) > api_pipe_bind_req: decode request. 846 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(857) > api_pipe_bind_req: \PIPE\samr -> \PIPE\lsass >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_rb >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0000 max_tsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0002 max_rsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 assoc_gid: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0008 num_elements: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000c context_id : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 000e num_syntaxes: 01 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 data : 12345778 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 data : 1234 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0016 data : abcd >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 0018 data : ef 00 01 23 45 67 89 ac >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0020 version: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0024 data : 8a885d04 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0028 data : 1ceb >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 002a data : 11c9 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 002c data : 9f e8 08 00 2b 10 48 60 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0034 version: 00000002 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(987) > api_pipe_bind_req: make response. 987 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:check_bind_req(725) > check_bind_req for \PIPE\samr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_ba >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0000 max_tsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0002 max_rsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 assoc_gid: 000053f0 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 len: 000c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000a str: \PIPE\lsass. >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0018 num_results: 01 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 001c result : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 001e reason : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0020 data : 8a885d04 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0024 data : 1ceb >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0026 data : 11c9 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 0028 data : 9f e8 08 00 2b 10 48 60 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0030 version: 00000002 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 0c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0044 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000045 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..68] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=640 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 13 of length 148 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=704 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29942 (0x74F6) > smb_bcc=77 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=60 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f6 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f6 (pipes_open=1) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 74f6)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 003c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000046 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_req req >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 alloc_hint: 00000024 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0006 opnum : 0039 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1413) > Requested \PIPE\samr >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_request(1418) > Doing \PIPE\samr >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1464) > api_rpcTNP: samr op 0x39 - api_rpcTNP: rpc command: SAMR_CONNECT >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_q_connect >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 ptr_srv_name: 00139c30 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 uni_max_len: 00000008 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0008 undoc : 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c uni_str_len: 00000008 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) > 0010 buffer : \.\.F.R.O.D.O... >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0020 access_mask: 00000020 >[2003/07/26 13:53:12, 5] rpc_server/srv_samr_nt.c:_samr_connect(2413) > _samr_connect: 2413 >[2003/07/26 13:53:12, 3] lib/util_seaccess.c:se_access_check(267) >[2003/07/26 13:53:12, 3] lib/util_seaccess.c:se_access_check(268) > se_access_check: user sid is S-1-5-21-1593769616-160655940-3590153233-1000 > se_access_check: also S-1-5-21-1593769616-160655940-3590153233-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 >[2003/07/26 13:53:12, 5] lib/util_seaccess.c:se_access_check(325) > se_access_check: access (20) granted. >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 5] rpc_server/srv_samr_nt.c:_samr_connect(2444) > _samr_connect: 2444 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_r_connect >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0014 status: NT_STATUS_OK >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1511) > api_rpcTNP: called samr successfully >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 748 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 02 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0030 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000046 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000010 smb_io_rpc_hdr_resp resp >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 alloc_hint: 00000018 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0016 cancel_ct : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0017 reserved : 00 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=704 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 14 of length 104 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=100 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=768 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 3584 (0xE00) > smb_vwv[ 3]= 1536 (0x600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 513 (0x201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_bcc=17 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBntcreateX (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 4] smbd/nttrans.c:nt_open_pipe(486) > nt_open_pipe: Opening pipe \lsarpc. >[2003/07/26 13:53:12, 3] smbd/nttrans.c:nt_open_pipe(503) > nt_open_pipe: Known pipe lsarpc opening. >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(178) > Open pipe requested lsarpc (pipes_open=1) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) > open_rpc_pipe_p: name samr pnum=74f6 >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(279) > Create pipe requested lsarpc >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:make_internal_rpc_pipe_p(372) > Created internal pipe lsarpc (pipes_open=1) >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(258) > Opened pipe lsarpc with handle 74f7 (pipes_open=2) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name lsarpc pnum=74f7 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(264) > open pipes: name samr pnum=74f6 >[2003/07/26 13:53:12, 5] smbd/nttrans.c:do_ntcreate_pipe_open(551) > do_ntcreate_pipe_open: open pipe = \lsarpc >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=103 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=768 > smt_wct=34 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]=63232 (0xF700) > smb_vwv[ 3]= 372 (0x174) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 0 (0x0) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 0 (0x0) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]=32768 (0x8000) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 0 (0x0) > smb_vwv[24]= 0 (0x0) > smb_vwv[25]= 0 (0x0) > smb_vwv[26]= 0 (0x0) > smb_vwv[27]= 0 (0x0) > smb_vwv[28]= 0 (0x0) > smb_vwv[29]= 0 (0x0) > smb_vwv[30]= 0 (0x0) > smb_vwv[31]= 512 (0x200) > smb_vwv[32]=65280 (0xFF00) > smb_vwv[33]= 5 (0x5) > smb_bcc=0 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 15 of length 160 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=156 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=832 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 72 (0x48) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 72 (0x48) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29943 (0x74F7) > smb_bcc=89 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=72 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f7 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name lsarpc pnum=74f7 (pipes_open=2) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f6 (pipes_open=2) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "lsarpc" (pnum 74f7)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 0b >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0048 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000044 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(846) > api_pipe_bind_req: decode request. 846 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(857) > api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_rb >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0000 max_tsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0002 max_rsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 assoc_gid: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0008 num_elements: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000c context_id : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 000e num_syntaxes: 01 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 data : 12345778 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 data : 1234 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0016 data : abcd >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 0018 data : ef 00 01 23 45 67 89 ab >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0020 version: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0024 data : 8a885d04 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0028 data : 1ceb >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 002a data : 11c9 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 002c data : 9f e8 08 00 2b 10 48 60 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0034 version: 00000002 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_bind_req(987) > api_pipe_bind_req: make response. 987 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:check_bind_req(725) > check_bind_req for \PIPE\lsarpc >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_ba >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0000 max_tsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0002 max_rsize: 1630 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 assoc_gid: 000053f0 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 len: 000c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000a str: \PIPE\lsass. >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0018 num_results: 01 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 001c result : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 001e reason : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0020 data : 8a885d04 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0024 data : 1ceb >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0026 data : 11c9 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 0028 data : 9f e8 08 00 2b 10 48 60 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0030 version: 00000002 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 0c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0044 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000044 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..68] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=124 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=832 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 68 (0x44) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 68 (0x44) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=69 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 16 of length 172 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=168 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=896 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 84 (0x54) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 84 (0x54) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29943 (0x74F7) > smb_bcc=101 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=84 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f7 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name lsarpc pnum=74f7 (pipes_open=2) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f6 (pipes_open=2) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "lsarpc" (pnum 74f7)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0054 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000013 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_req req >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 alloc_hint: 0000003c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0006 opnum : 002c >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1413) > Requested \PIPE\lsarpc >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_request(1418) > Doing \PIPE\lsarpc >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1464) > api_rpcTNP: lsarpc op 0x2c - api_rpcTNP: rpc command: LSA_OPENPOLICY2 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 lsa_io_q_open_pol2 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 ptr : 00139c30 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 uni_max_len: 00000008 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0008 undoc : 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c uni_str_len: 00000008 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) > 0010 buffer : \.\.F.R.O.D.O... >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0020 len : 00000018 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0024 ptr_root_dir: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0028 ptr_obj_name: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 002c attributes : 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0030 ptr_sec_desc: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0034 ptr_sec_qos : 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0038 des_access: 00000001 >[2003/07/26 13:53:12, 3] lib/util_seaccess.c:se_access_check(267) >[2003/07/26 13:53:12, 3] lib/util_seaccess.c:se_access_check(268) > se_access_check: user sid is S-1-5-21-1593769616-160655940-3590153233-1000 > se_access_check: also S-1-5-21-1593769616-160655940-3590153233-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 >[2003/07/26 13:53:12, 5] lib/util_seaccess.c:se_access_check(325) > se_access_check: access (1) granted. >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 lsa_io_r_open_pol2 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000002 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0014 status: NT_STATUS_OK >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1511) > api_rpcTNP: called lsarpc successfully >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 816 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 02 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0030 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000013 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000010 smb_io_rpc_hdr_resp resp >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 alloc_hint: 00000018 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0016 cancel_ct : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0017 reserved : 00 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=896 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 17 of length 134 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=130 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=960 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 46 (0x2E) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 46 (0x2E) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29943 (0x74F7) > smb_bcc=63 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=46 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f7 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name lsarpc pnum=74f7 (pipes_open=2) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f6 (pipes_open=2) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "lsarpc" (pnum 74f7)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 002e >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000014 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_req req >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 alloc_hint: 00000016 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0006 opnum : 0007 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1413) > Requested \PIPE\lsarpc >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_request(1418) > Doing \PIPE\lsarpc >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1464) > api_rpcTNP: lsarpc op 0x7 - api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 lsa_io_q_query >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000002 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 info_class: 0005 >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 lsa_io_r_query >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 undoc_buffer: 22000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 info_class: 0005 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 uni_dom_max_len: 0010 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a uni_dom_str_len: 0012 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c buffer_dom_name: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 buffer_dom_sid : 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0014 uni_max_len: 00000009 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0018 undoc : 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 001c uni_str_len: 00000008 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) > 0020 buffer : M.I.D.E.A.R.T.H. >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0030 num_auths: 00000004 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0034 sid_rev_num: 01 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0035 num_auths : 04 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0036 id_auth[0] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0037 id_auth[1] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0038 id_auth[2] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0039 id_auth[3] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 003a id_auth[4] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 003b id_auth[5] : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32s(861) > 003c sub_auths : 00000015 5efefe90 09936a44 d5fd6411 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 004c status: NT_STATUS_OK >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1511) > api_rpcTNP: called lsarpc successfully >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 512 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 02 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0068 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000014 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000010 smb_io_rpc_hdr_resp resp >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 alloc_hint: 00000050 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0016 cancel_ct : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0017 reserved : 00 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..104] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=960 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 104 (0x68) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=105 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 18 of length 132 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1024 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29943 (0x74F7) > smb_bcc=61 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f7 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name lsarpc pnum=74f7 (pipes_open=2) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f6 (pipes_open=2) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "lsarpc" (pnum 74f7)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 002c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000015 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_req req >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 alloc_hint: 00000014 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0006 opnum : 0000 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1413) > Requested \PIPE\lsarpc >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_request(1418) > Doing \PIPE\lsarpc >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1464) > api_rpcTNP: lsarpc op 0x0 - api_rpcTNP: rpc command: LSA_CLOSE >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 lsa_io_q_close >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000002 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 02 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 lsa_io_r_close >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0014 status: NT_STATUS_OK >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1511) > api_rpcTNP: called lsarpc successfully >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 02 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0030 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000015 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000010 smb_io_rpc_hdr_resp resp >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 alloc_hint: 00000018 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0016 cancel_ct : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0017 reserved : 00 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1024 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 19 of length 164 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1088 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29942 (0x74F6) > smb_bcc=93 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=76 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f6 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name lsarpc pnum=74f7 (pipes_open=2) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f6 (pipes_open=2) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 74f6)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 004c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000047 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_req req >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 alloc_hint: 00000034 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0006 opnum : 0007 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1413) > Requested \PIPE\samr >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_request(1418) > Doing \PIPE\samr >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1464) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_q_open_domain >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0014 flags: 00000200 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0018 num_auths: 00000004 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001c sid_rev_num: 01 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001d num_auths : 04 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001e id_auth[0] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001f id_auth[1] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0020 id_auth[2] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0021 id_auth[3] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0022 id_auth[4] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0023 id_auth[5] : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32s(861) > 0024 sub_auths : 00000015 5efefe90 09936a44 d5fd6411 >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 01 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) > _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) >[2003/07/26 13:53:12, 3] lib/util_seaccess.c:se_access_check(267) >[2003/07/26 13:53:12, 3] lib/util_seaccess.c:se_access_check(268) > se_access_check: user sid is S-1-5-21-1593769616-160655940-3590153233-1000 > se_access_check: also S-1-5-21-1593769616-160655940-3590153233-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 >[2003/07/26 13:53:12, 5] lib/util_seaccess.c:se_access_check(325) > se_access_check: access (200) granted. >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[2] [000] 00 00 00 00 03 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(403) > samr_open_domain: 403 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_r_open_domain >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000003 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0014 status: NT_STATUS_OK >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1511) > api_rpcTNP: called samr successfully >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 732 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 02 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0030 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000047 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000010 smb_io_rpc_hdr_resp resp >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 alloc_hint: 00000018 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0016 cancel_ct : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0017 reserved : 00 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1088 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 20 of length 152 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=148 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1152 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 64 (0x40) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29942 (0x74F6) > smb_bcc=81 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=64 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f6 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name lsarpc pnum=74f7 (pipes_open=2) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f6 (pipes_open=2) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 74f6)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0040 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000048 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_req req >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 alloc_hint: 00000028 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0006 opnum : 0007 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1413) > Requested \PIPE\samr >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_request(1418) > Doing \PIPE\samr >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1464) > api_rpcTNP: samr op 0x7 - api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_q_open_domain >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0014 flags: 00000200 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0018 num_auths: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001c sid_rev_num: 01 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001d num_auths : 01 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001e id_auth[0] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001f id_auth[1] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0020 id_auth[2] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0021 id_auth[3] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0022 id_auth[4] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0023 id_auth[5] : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32s(861) > 0024 sub_auths : 00000020 >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 01 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) > _samr_open_domain: access check ((granted: 0x00000020; required: 0x00000020) >[2003/07/26 13:53:12, 3] lib/util_seaccess.c:se_access_check(267) >[2003/07/26 13:53:12, 3] lib/util_seaccess.c:se_access_check(268) > se_access_check: user sid is S-1-5-21-1593769616-160655940-3590153233-1000 > se_access_check: also S-1-5-21-1593769616-160655940-3590153233-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 >[2003/07/26 13:53:12, 5] lib/util_seaccess.c:se_access_check(325) > se_access_check: access (200) granted. >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[3] [000] 00 00 00 00 04 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 5] rpc_server/srv_samr_nt.c:_samr_open_domain(403) > samr_open_domain: 403 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_r_open_domain >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000004 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0014 status: NT_STATUS_OK >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1511) > api_rpcTNP: called samr successfully >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 732 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 02 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0030 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000048 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000010 smb_io_rpc_hdr_resp resp >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 alloc_hint: 00000018 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0016 cancel_ct : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0017 reserved : 00 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1152 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 21 of length 176 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1216 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29942 (0x74F6) > smb_bcc=105 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=88 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f6 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name lsarpc pnum=74f7 (pipes_open=2) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f6 (pipes_open=2) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 74f6)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0058 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000049 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_req req >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 alloc_hint: 00000040 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0006 opnum : 0011 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1413) > Requested \PIPE\samr >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_request(1418) > Doing \PIPE\samr >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1464) > api_rpcTNP: samr op 0x11 - api_rpcTNP: rpc command: SAMR_LOOKUP_NAMES >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_q_lookup_names >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000003 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0014 num_names1: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0018 flags : 000003e8 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 001c ptr : 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0020 num_names2: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0024 uni_str_len: 0008 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0026 uni_max_len: 000a >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0028 buffer : 0012ed5c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 002c uni_max_len: 00000005 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0030 undoc : 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0034 uni_str_len: 00000004 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) > 0038 buffer : j.o.e.u. >[2003/07/26 13:53:12, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1447) > _samr_lookup_names: 1447 >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 03 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) > _samr_lookup_names: access check ((granted: 0x00000200; required: 0000000000) >[2003/07/26 13:53:12, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1466) > _samr_lookup_names: looking name on SID S-1-5-21-1593769616-160655940-3590153233 >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/07/26 13:53:12, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/07/26 13:53:12, 4] lib/username.c:map_username(132) > Scanning username map /etc/samba/smbusers >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2003/07/26 13:53:12, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(100) : conn_ctx_stack_ndx = 1 >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 5] rpc_parse/parse_samr.c:init_samr_r_lookup_names(4751) > init_samr_r_lookup_names >[2003/07/26 13:53:12, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1509) > _samr_lookup_names: 1509 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_r_lookup_names >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 num_rids1: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 ptr_rids : 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0008 num_rids2: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c rid[00] : 000007e4 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 num_types1: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0014 ptr_types : 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0018 num_types2: 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 001c type[00] : 00000001 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0020 status: NT_STATUS_OK >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1511) > api_rpcTNP: called samr successfully >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 42 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 02 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 003c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 00000049 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000010 smb_io_rpc_hdr_resp resp >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 alloc_hint: 00000024 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0016 cancel_ct : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0017 reserved : 00 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..60] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=116 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1216 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 60 (0x3C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=61 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 22 of length 140 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=136 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1280 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 52 (0x34) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 52 (0x34) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29942 (0x74F6) > smb_bcc=69 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=52 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f6 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name lsarpc pnum=74f7 (pipes_open=2) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f6 (pipes_open=2) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 74f6)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0034 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 0000004a >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_req req >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 alloc_hint: 0000001c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0006 opnum : 0022 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1413) > Requested \PIPE\samr >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_request(1418) > Doing \PIPE\samr >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1464) > api_rpcTNP: samr op 0x22 - api_rpcTNP: rpc command: SAMR_OPEN_USER >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_q_open_user >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000003 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0014 access_mask: 00010000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0018 user_rid : 000007e4 >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 03 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) > _samr_open_user: access check ((granted: 0x00000200; required: 0x00000200) >[2003/07/26 13:53:12, 3] lib/util_seaccess.c:se_access_check(267) >[2003/07/26 13:53:12, 3] lib/util_seaccess.c:se_access_check(268) > se_access_check: user sid is S-1-5-21-1593769616-160655940-3590153233-1000 > se_access_check: also S-1-5-21-1593769616-160655940-3590153233-512 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: also S-1-5-32-544 >[2003/07/26 13:53:12, 5] lib/util_seaccess.c:se_access_check(325) > se_access_check: access (10000) granted. >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2003/07/26 13:53:12, 3] smbd/uid.c:push_conn_ctx(287) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/07/26 13:53:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/07/26 13:53:12, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) > Opened policy hnd[4] [000] 00 00 00 00 05 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_r_open_user >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000005 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0014 status: NT_STATUS_OK >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1511) > api_rpcTNP: called samr successfully >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 1339 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 02 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0030 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 0000004a >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000010 smb_io_rpc_hdr_resp resp >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 alloc_hint: 00000018 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0016 cancel_ct : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0017 reserved : 00 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1280 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 23 of length 164 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=160 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1344 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 76 (0x4C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 76 (0x4C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29942 (0x74F6) > smb_bcc=93 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=76 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f6 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name lsarpc pnum=74f7 (pipes_open=2) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f6 (pipes_open=2) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 74f6)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 004c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 0000004b >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_req req >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 alloc_hint: 00000034 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0006 opnum : 002d >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1413) > Requested \PIPE\samr >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_request(1418) > Doing \PIPE\samr >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1464) > api_rpcTNP: samr op 0x2d - api_rpcTNP: rpc command: SAMR_UNKNOWN_2D >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_q_unknown_2d >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000004 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0014 num_auths: 00000005 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0018 sid_rev_num: 01 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0019 num_auths : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001a id_auth[0] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001b id_auth[1] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001c id_auth[2] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001d id_auth[3] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001e id_auth[4] : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 001f id_auth[5] : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32s(861) > 0020 sub_auths : 00000015 5efefe90 09936a44 d5fd6411 000007e4 >[2003/07/26 13:53:12, 0] rpc_server/srv_samr_nt.c:_samr_unknown_2d(4278) > _samr_unknown_2d: Not yet implemented. >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_r_unknown_2d >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0000 status: NT_STATUS_NOT_IMPLEMENTED >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1511) > api_rpcTNP: called samr successfully >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 02 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 001c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 0000004b >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000010 smb_io_rpc_hdr_resp resp >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 alloc_hint: 00000004 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0016 cancel_ct : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0017 reserved : 00 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..28] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=84 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1344 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 28 (0x1C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 28 (0x1C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 24 of length 132 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1408 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29942 (0x74F6) > smb_bcc=61 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f6 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name lsarpc pnum=74f7 (pipes_open=2) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f6 (pipes_open=2) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 74f6)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 002c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 0000004c >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_req req >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 alloc_hint: 00000014 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0006 opnum : 0001 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1413) > Requested \PIPE\samr >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_request(1418) > Doing \PIPE\samr >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1464) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_q_close_hnd >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000005 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2003/07/26 13:53:12, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(356) > samr_reply_close_hnd: 356 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_r_close_hnd >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0014 status: NT_STATUS_OK >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1511) > api_rpcTNP: called samr successfully >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 02 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0030 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 0000004c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000010 smb_io_rpc_hdr_resp resp >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 alloc_hint: 00000018 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0016 cancel_ct : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0017 reserved : 00 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1408 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 25 of length 132 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1472 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29942 (0x74F6) > smb_bcc=61 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f6 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name lsarpc pnum=74f7 (pipes_open=2) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f6 (pipes_open=2) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 74f6)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 002c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 0000004d >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_req req >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 alloc_hint: 00000014 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0006 opnum : 0001 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1413) > Requested \PIPE\samr >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_request(1418) > Doing \PIPE\samr >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1464) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_q_close_hnd >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000003 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[1] [000] 00 00 00 00 03 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2003/07/26 13:53:12, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(356) > samr_reply_close_hnd: 356 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_r_close_hnd >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0014 status: NT_STATUS_OK >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1511) > api_rpcTNP: called samr successfully >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 02 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0030 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 0000004d >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000010 smb_io_rpc_hdr_resp resp >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 alloc_hint: 00000018 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0016 cancel_ct : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0017 reserved : 00 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1472 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/07/26 13:53:12, 3] smbd/process.c:process_smb(881) > Transaction 26 of length 132 >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=32771 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1536 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=29942 (0x74F6) > smb_bcc=61 >[2003/07/26 13:53:12, 3] smbd/process.c:switch_message(676) > switch message SMBtrans (pid 26844) >[2003/07/26 13:53:12, 4] smbd/uid.c:change_to_user(122) > change_to_user: Skipping user change - already user >[2003/07/26 13:53:12, 3] smbd/ipc.c:reply_trans(512) > trans <\PIPE\> data=44 params=0 setup=2 >[2003/07/26 13:53:12, 5] smbd/ipc.c:reply_trans(531) > calling named_pipe >[2003/07/26 13:53:12, 3] smbd/ipc.c:named_pipe(326) > named pipe command on <> name >[2003/07/26 13:53:12, 5] smbd/ipc.c:api_fd_reply(267) > api_fd_reply >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1149) > search for pipe pnum=74f6 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name lsarpc pnum=74f7 (pipes_open=2) >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1153) > pipe name samr pnum=74f6 (pipes_open=2) >[2003/07/26 13:53:12, 3] smbd/ipc.c:api_fd_reply(288) > Got API command 0x26 on pipe "samr" (pnum 74f6)000000 smb_io_rpc_hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 002c >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 0000004e >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488) > unmarshall_rpc_header: using little-endian RPC >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr_req req >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 alloc_hint: 00000014 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0004 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0006 opnum : 0001 >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_pipe_request(1413) > Requested \PIPE\samr >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe.c:api_pipe_request(1418) > Doing \PIPE\samr >[2003/07/26 13:53:12, 4] rpc_server/srv_pipe.c:api_rpcTNP(1464) > api_rpcTNP: samr op 0x1 - api_rpcTNP: rpc command: SAMR_CLOSE_HND >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_q_close_hnd >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000004 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 28 dc 22 3f dc 68 00 00 >[2003/07/26 13:53:12, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) > Found policy hnd[0] [000] 00 00 00 00 04 00 00 00 00 00 00 00 28 DC 22 3F ........ ....(Ü"? > [010] DC 68 00 00 Üh.. >[2003/07/26 13:53:12, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) > Closed policy >[2003/07/26 13:53:12, 5] rpc_server/srv_samr_nt.c:_samr_close_hnd(356) > samr_reply_close_hnd: 356 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 samr_io_r_close_hnd >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0000 data1: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0004 data2: 00000000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 data3: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a data4: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8s(721) > 000c data5: 00 00 00 00 00 00 00 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) > 0014 status: NT_STATUS_OK >[2003/07/26 13:53:12, 5] rpc_server/srv_pipe.c:api_rpcTNP(1511) > api_rpcTNP: called samr successfully >[2003/07/26 13:53:12, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) > free_pipe_context: destroying talloc pool of size 0 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000000 smb_io_rpc_hdr hdr >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0000 major : 05 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0001 minor : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0002 pkt_type : 02 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0003 flags : 03 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0004 pack_type0: 10 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0005 pack_type1: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0006 pack_type2: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0007 pack_type3: 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0008 frag_len : 0030 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 000a auth_len : 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 000c call_id : 0000004e >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_debug(81) > 000010 smb_io_rpc_hdr_resp resp >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint32(634) > 0010 alloc_hint: 00000018 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint16(605) > 0014 context_id: 0000 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0016 cancel_ct : 00 >[2003/07/26 13:53:12, 5] rpc_parse/parse_prs.c:prs_uint8(576) > 0017 reserved : 00 >[2003/07/26 13:53:12, 5] smbd/ipc.c:copy_trans_params_and_data(62) > copy_trans_params_and_data: params[0..0] data[0..48] >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(456) >[2003/07/26 13:53:12, 5] lib/util.c:show_msg(466) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=1 > smb_pid=50208 > smb_uid=100 > smb_mid=1536 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2003/07/26 13:54:12, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2003/07/26 13:54:12, 5] auth/auth_util.c:debug_nt_user_token(486) > NT user token: (NULL) >[2003/07/26 13:54:12, 5] auth/auth_util.c:debug_unix_user_token(505) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2003/07/26 13:54:12, 5] smbd/uid.c:change_to_root_user(218) > change_to_root_user: now uid=(0,0) gid=(0,0)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=57">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 252
: 57 |
58
|
292